2 * Copryight 1997 Sean Eric Fagan
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Sean Eric Fagan
15 * 4. Neither the name of the author may be used to endorse or promote
16 * products derived from this software without specific prior written
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 static const char rcsid[] =
38 * This file has routines used to print out system calls and their
43 #include <sys/types.h>
44 #include <sys/ptrace.h>
45 #include <sys/socket.h>
48 #include <netinet/in.h>
49 #include <arpa/inet.h>
50 #include <sys/ioccom.h>
51 #include <machine/atomic.h>
54 #include <sys/event.h>
56 #include <sys/resource.h>
76 * This should probably be in its own file, sorted alphabetically.
79 struct syscall syscalls[] = {
81 { { Int, 0 } , { Fcntl, 1 }, { Fcntlflag | OUT, 2 }}},
83 { { Name, 0 } , { Readlinkres | OUT, 1 }, { Int, 2 }}},
86 { { Int, 0 }, {Quad, 2 }, { Whence, 3 }}},
88 { { Int, 0 }, {Quad, 2 }, { Whence, 4 }}},
90 { "linux_lseek", 2, 3,
91 { { Int, 0 }, {Int, 1 }, { Whence, 2 }}},
94 { { Ptr, 0 }, {Int, 1}, {Mprot, 2}, {Mmapflags, 3}, {Int, 4}, {Quad, 5}}},
96 { { Ptr, 0 }, {Int, 1}, {Mprot, 2}, {Mmapflags, 3}, {Int, 4}, {Quad, 6}}},
99 { { Ptr, 0 }, {Int, 1}, {Mprot, 2}}},
101 { { Name | IN, 0} , { Open, 1}, {Octal, 2}}},
103 { { Name, 0} , {Octal, 1}}},
104 { "linux_open", 1, 3,
105 { { Name, 0 }, { Hex, 1}, { Octal, 2 }}},
109 { { Name, 0 }, { Name, 1 }}},
117 { { Name, 0 }, { Octal, 1 }, { Int, 3 }}},
119 { { Name, 0 }, { Octal, 1 }}},
121 { { Name, 0 }, { Int, 1 }, { Int, 2 }}},
123 { { Name, 0 }, { Name, 1 }, { Int, 2 }, { Ptr, 3 }}},
125 { { Name, 0 }, { Int, 2 }}},
127 { { Int, 0}, { Stat | OUT , 1 }}},
129 { { Name | IN, 0 }, { Stat | OUT, 1 }}},
131 { { Name | IN, 0 }, { Stat | OUT, 1 }}},
132 { "linux_newstat", 1, 2,
133 { { Name | IN, 0 }, { Ptr | OUT, 1 }}},
134 { "linux_newfstat", 1, 2,
135 { { Int, 0 }, { Ptr | OUT, 1 }}},
137 { { Int, 0 }, { BinString | IN, 1 }, { Int, 2 }}},
139 { { Int, 0 }, { Ioctl, 1 }, { Hex, 2 }}},
140 { "break", 1, 1, { { Hex, 0 }}},
141 { "exit", 0, 1, { { Hex, 0 }}},
142 { "access", 1, 2, { { Name | IN, 0 }, { Int, 1 }}},
144 { { Signal, 0 }, { Sigaction | IN, 1 }, { Sigaction | OUT, 2 }}},
146 { { Int, 0 }, { Sockaddr | OUT, 1 }, { Ptr | OUT, 2 } } },
148 { { Int, 0 }, { Sockaddr | IN, 1 }, { Int, 2 } } },
150 { { Int, 0 }, { Sockaddr | IN, 1 }, { Int, 2 } } },
151 { "getpeername", 1, 3,
152 { { Int, 0 }, { Sockaddr | OUT, 1 }, { Ptr | OUT, 2 } } },
153 { "getsockname", 1, 3,
154 { { Int, 0 }, { Sockaddr | OUT, 1 }, { Ptr | OUT, 2 } } },
156 { { Int, 0 }, { BinString | OUT, 1 }, { Int, 2 }, { Hex, 3 }, { Sockaddr | OUT, 4 }, { Ptr | OUT, 5 } } },
158 { { Int, 0 }, { BinString | IN, 1 }, { Int, 2 }, { Hex, 3 }, { Sockaddr | IN, 4 }, { Ptr | IN, 5 } } },
160 { { Name | IN, 0 }, { StringArray | IN, 1 }, { StringArray | IN, 2 } } },
161 { "linux_execve", 1, 3,
162 { { Name | IN, 0 }, { StringArray | IN, 1 }, { StringArray | IN, 2 } } },
163 { "kldload", 0, 1, { { Name | IN, 0 }}},
164 { "kldunload", 0, 1, { { Int, 0 }}},
165 { "kldfind", 0, 1, { { Name | IN, 0 }}},
166 { "kldnext", 0, 1, { { Int, 0 }}},
167 { "kldstat", 0, 2, { { Int, 0 }, { Ptr, 1 }}},
168 { "kldfirstmod", 0, 1, { { Int, 0 }}},
169 { "nanosleep", 0, 1, { { Timespec, 0 }}},
170 { "select", 1, 5, { { Int, 0 }, { Fd_set, 1 }, { Fd_set, 2 }, { Fd_set, 3 }, { Timeval, 4 }}},
171 { "poll", 1, 3, { { Pollfd, 0 }, { Int, 1 }, { Int, 2 }}},
172 { "gettimeofday", 1, 2, { { Timeval | OUT, 0 }, { Ptr, 1 }}},
173 { "clock_gettime", 1, 2, { { Int, 0 }, { Timespec | OUT, 1 }}},
174 { "getitimer", 1, 2, { { Int, 0 }, { Itimerval | OUT, 2 }}},
175 { "setitimer", 1, 3, { { Int, 0 }, { Itimerval, 1} , { Itimerval | OUT, 2 }}},
176 { "kse_release", 0, 1, { { Timespec, 0 }}},
177 { "kevent", 0, 6, { { Int, 0 }, { Kevent, 1 }, { Int, 2 }, { Kevent | OUT, 3 }, { Int, 4 }, { Timespec, 5 }}},
178 { "_umtx_lock", 0, 1, { { Umtx, 0 }}},
179 { "_umtx_unlock", 0, 1, { { Umtx, 0 }}},
180 { "sigprocmask", 0, 3, { { Sigprocmask, 0 }, { Sigset, 1 }, { Sigset | OUT, 2 }}},
181 { "unmount", 1, 2, { { Name, 0 }, { Int, 1 }}},
182 { "socket", 1, 3, { { Sockdomain, 0}, { Socktype, 1}, {Int, 2 }}},
183 { "getrusage", 1, 2, { { Int, 0 }, { Rusage | OUT, 1 }}},
184 { "__getcwd", 1, 2, { { Name | OUT, 0}, { Int, 1 }}},
185 { "shutdown", 1, 2, { { Int, 0}, { Shutdown, 1}}},
186 { "getrlimit", 1, 2, { { Resource, 0}, {Rlimit | OUT, 1}}},
187 { "setrlimit", 1, 2, { { Resource, 0}, {Rlimit | IN, 1}}},
189 { { Name | IN, 0 }, { Timeval2 | IN, 1 }}},
191 { { Name | IN, 0 }, { Timeval2 | IN, 1 }}},
193 { { Int, 0 }, { Timeval | IN, 1 }}},
195 { { Name | IN, 0 }, { Hex, 1 }}},
197 { { Name | IN, 0 }, { Hex, 1 }}},
199 { { Name | IN, 0 }, { Pathconf, 1 }}},
201 { { Name | IN, 0 }, { Int | IN, 1 }, { Quad | IN, 2 }}},
203 { { Int | IN, 0 }, { Int | IN, 1 }, { Quad | IN, 2 }}},
205 { { Int | IN, 0 }, { Signal | IN, 1}}},
207 { { Ptr, 0 }, { Int, 1 }}},
209 { { Int, 0}, { BinString | OUT, 1}, { Int, 2}}},
211 { { Name , 0} , { Name, 1}}},
213 { { Name , 0} , { Name, 1}}},
214 { 0, 0, 0, { { 0, 0 }}},
217 /* Xlat idea taken from strace */
223 #define X(a) { a, #a },
224 #define XEND { 0, NULL }
226 static struct xlat kevent_filters[] = {
227 X(EVFILT_READ) X(EVFILT_WRITE) X(EVFILT_AIO) X(EVFILT_VNODE)
228 X(EVFILT_PROC) X(EVFILT_SIGNAL) X(EVFILT_TIMER)
229 X(EVFILT_NETDEV) X(EVFILT_FS) X(EVFILT_READ) XEND
232 static struct xlat kevent_flags[] = {
233 X(EV_ADD) X(EV_DELETE) X(EV_ENABLE) X(EV_DISABLE) X(EV_ONESHOT)
234 X(EV_CLEAR) X(EV_FLAG1) X(EV_ERROR) X(EV_EOF) XEND
237 struct xlat poll_flags[] = {
238 X(POLLSTANDARD) X(POLLIN) X(POLLPRI) X(POLLOUT) X(POLLERR)
239 X(POLLHUP) X(POLLNVAL) X(POLLRDNORM) X(POLLRDBAND)
240 X(POLLWRBAND) X(POLLINIGNEOF) XEND
243 static struct xlat mmap_flags[] = {
244 X(MAP_SHARED) X(MAP_PRIVATE) X(MAP_FIXED) X(MAP_RENAME)
245 X(MAP_NORESERVE) X(MAP_RESERVED0080) X(MAP_RESERVED0100)
246 X(MAP_HASSEMAPHORE) X(MAP_STACK) X(MAP_NOSYNC) X(MAP_ANON)
250 static struct xlat mprot_flags[] = {
251 X(PROT_NONE) X(PROT_READ) X(PROT_WRITE) X(PROT_EXEC) XEND
254 static struct xlat whence_arg[] = {
255 X(SEEK_SET) X(SEEK_CUR) X(SEEK_END) XEND
258 static struct xlat sigaction_flags[] = {
259 X(SA_ONSTACK) X(SA_RESTART) X(SA_RESETHAND) X(SA_NOCLDSTOP)
260 X(SA_NODEFER) X(SA_NOCLDWAIT) X(SA_SIGINFO) XEND
263 static struct xlat fcntl_arg[] = {
264 X(F_DUPFD) X(F_GETFD) X(F_SETFD) X(F_GETFL) X(F_SETFL)
265 X(F_GETOWN) X(F_SETOWN) X(F_GETLK) X(F_SETLK) X(F_SETLKW) XEND
268 static struct xlat fcntlfd_arg[] = {
272 static struct xlat fcntlfl_arg[] = {
273 X(O_APPEND) X(O_ASYNC) X(O_FSYNC) X(O_NONBLOCK) X(O_NOFOLLOW)
277 static struct xlat sockdomain_arg[] = {
278 X(PF_UNSPEC) X(PF_LOCAL) X(PF_UNIX) X(PF_INET) X(PF_IMPLINK)
279 X(PF_PUP) X(PF_CHAOS) X(PF_NETBIOS) X(PF_ISO) X(PF_OSI)
280 X(PF_ECMA) X(PF_DATAKIT) X(PF_CCITT) X(PF_SNA) X(PF_DECnet)
281 X(PF_DLI) X(PF_LAT) X(PF_HYLINK) X(PF_APPLETALK) X(PF_ROUTE)
282 X(PF_LINK) X(PF_XTP) X(PF_COIP) X(PF_CNT) X(PF_SIP) X(PF_IPX)
283 X(PF_RTIP) X(PF_PIP) X(PF_ISDN) X(PF_KEY) X(PF_INET6)
284 X(PF_NATM) X(PF_ATM) X(PF_NETGRAPH) X(PF_SLOW) X(PF_SCLUSTER)
285 X(PF_ARP) X(PF_BLUETOOTH) XEND
288 static struct xlat socktype_arg[] = {
289 X(SOCK_STREAM) X(SOCK_DGRAM) X(SOCK_RAW) X(SOCK_RDM)
290 X(SOCK_SEQPACKET) XEND
293 static struct xlat open_flags[] = {
294 X(O_RDONLY) X(O_WRONLY) X(O_RDWR) X(O_ACCMODE) X(O_NONBLOCK)
295 X(O_APPEND) X(O_SHLOCK) X(O_EXLOCK) X(O_ASYNC) X(O_FSYNC)
296 X(O_NOFOLLOW) X(O_CREAT) X(O_TRUNC) X(O_EXCL) X(O_NOCTTY)
300 static struct xlat shutdown_arg[] = {
301 X(SHUT_RD) X(SHUT_WR) X(SHUT_RDWR) XEND
304 static struct xlat resource_arg[] = {
305 X(RLIMIT_CPU) X(RLIMIT_FSIZE) X(RLIMIT_DATA) X(RLIMIT_STACK)
306 X(RLIMIT_CORE) X(RLIMIT_RSS) X(RLIMIT_MEMLOCK) X(RLIMIT_NPROC)
307 X(RLIMIT_NOFILE) X(RLIMIT_SBSIZE) X(RLIMIT_VMEM) XEND
310 static struct xlat pathconf_arg[] = {
311 X(_PC_LINK_MAX) X(_PC_MAX_CANON) X(_PC_MAX_INPUT)
312 X(_PC_NAME_MAX) X(_PC_PATH_MAX) X(_PC_PIPE_BUF)
313 X(_PC_CHOWN_RESTRICTED) X(_PC_NO_TRUNC) X(_PC_VDISABLE)
314 X(_PC_ASYNC_IO) X(_PC_PRIO_IO) X(_PC_SYNC_IO)
315 X(_PC_ALLOC_SIZE_MIN) X(_PC_FILESIZEBITS)
316 X(_PC_REC_INCR_XFER_SIZE) X(_PC_REC_MAX_XFER_SIZE)
317 X(_PC_REC_MIN_XFER_SIZE) X(_PC_REC_XFER_ALIGN)
318 X(_PC_SYMLINK_MAX) X(_PC_ACL_EXTENDED) X(_PC_ACL_PATH_MAX)
319 X(_PC_CAP_PRESENT) X(_PC_INF_PRESENT) X(_PC_MAC_PRESENT)
326 /* Searches an xlat array for a value, and returns it if found. Otherwise
327 return a string representation. */
329 *lookup(struct xlat *xlat, int val, int base)
332 for (; xlat->str != NULL; xlat++)
333 if (xlat->val == val)
337 sprintf(tmp, "0%o", val);
340 sprintf(tmp, "0x%x", val);
343 sprintf(tmp, "%u", val);
346 errx(1,"Unknown lookup base");
353 xlookup(struct xlat *xlat, int val)
355 return lookup(xlat, val, 16);
358 /* Searches an xlat array containing bitfield values. Remaining bits
359 set after removing the known ones are printed at the end:
362 *xlookup_bits(struct xlat *xlat, int val)
364 static char str[512];
368 for (; xlat->str != NULL; xlat++)
370 if ((xlat->val & rem) == xlat->val)
372 /* don't print the "all-bits-zero" string unless all
373 bits are really zero */
374 if (xlat->val == 0 && val != 0)
376 len += sprintf(str + len, "%s|", xlat->str);
380 /* if we have leftover bits or didn't match anything */
382 len += sprintf(str + len, "0x%x", rem);
383 if (len && str[len - 1] == '|')
390 * If/when the list gets big, it might be desirable to do it
391 * as a hash table or binary search.
395 get_syscall(const char *name) {
396 struct syscall *sc = syscalls;
401 if (!strcmp(name, sc->name))
411 * Copy a fixed amount of bytes from the process.
415 get_struct(int pid, void *offset, void *buf, int len) {
416 struct ptrace_io_desc iorequest;
418 iorequest.piod_op = PIOD_READ_D;
419 iorequest.piod_offs = offset;
420 iorequest.piod_addr = buf;
421 iorequest.piod_len = len;
422 if (ptrace(PT_IO, pid, (caddr_t)&iorequest, 0) < 0)
428 #define BLOCKSIZE 1024
431 * Copy a string from the process. Note that it is
432 * expected to be a C string, but if max is set, it will
433 * only get that much.
437 get_string(pid_t pid, void *offset, int max) {
439 struct ptrace_io_desc iorequest;
444 totalsize = size = max ? (max + 1) : BLOCKSIZE;
445 buf = malloc(totalsize);
449 diff = totalsize - size;
450 iorequest.piod_op = PIOD_READ_D;
451 iorequest.piod_offs = (char *)offset + diff;
452 iorequest.piod_addr = buf + diff;
453 iorequest.piod_len = size;
454 if (ptrace(PT_IO, pid, (caddr_t)&iorequest, 0) < 0) {
458 for (i = 0 ; i < size; i++) {
459 if (buf[diff + i] == '\0')
462 if (totalsize < MAXSIZE - BLOCKSIZE && max == 0) {
463 totalsize += BLOCKSIZE;
464 buf = realloc(buf, totalsize);
468 buf[totalsize] = '\0';
477 * Converts a syscall argument into a string. Said string is
478 * allocated via malloc(), so needs to be free()'d. The file
479 * descriptor is for the process' memory (via /proc), and is used
480 * to get any data (where the argument is a pointer). sc is
481 * a pointer to the syscall description (see above); args is
482 * an array of all of the system call arguments.
486 print_arg(struct syscall_args *sc, unsigned long *args, long retval, struct trussinfo *trussinfo) {
488 int pid = trussinfo->pid;
489 switch (sc->type & ARG_MASK) {
491 asprintf(&tmp, "0x%lx", args[sc->offset]);
494 asprintf(&tmp, "0%lo", args[sc->offset]);
497 asprintf(&tmp, "%ld", args[sc->offset]);
501 /* NULL-terminated string. */
503 tmp2 = get_string(pid, (void*)args[sc->offset], 0);
504 asprintf(&tmp, "\"%s\"", tmp2);
510 /* Binary block of data that might have printable characters.
511 XXX If type|OUT, assume that the length is the syscall's
512 return value. Otherwise, assume that the length of the block
513 is in the next syscall argument. */
514 int max_string = trussinfo->strsize;
515 char tmp2[max_string+1], *tmp3;
522 len = args[sc->offset + 1];
524 /* Don't print more than max_string characters, to avoid word
525 wrap. If we have to truncate put some ... after the string.
527 if (len > max_string) {
531 if (len && get_struct(pid, (void*)args[sc->offset], &tmp2, len) != -1) {
532 tmp3 = malloc(len * 4 + 1);
534 if (strvisx(tmp3, tmp2, len, VIS_CSTYLE|VIS_TAB|VIS_NL) <= max_string)
539 asprintf(&tmp, "\"%s\"%s", tmp3, truncated?"...":"");
542 asprintf(&tmp, "0x%lx", args[sc->offset]);
550 char *strarray[100]; /* XXX This is ugly. */
552 if (get_struct(pid, (void *)args[sc->offset], (void *)&strarray,
553 sizeof(strarray)) == -1) {
554 err(1, "get_struct %p", (void *)args[sc->offset]);
559 /* Find out how large of a buffer we'll need. */
560 while (strarray[num] != NULL) {
561 string = get_string(pid, (void*)strarray[num], 0);
562 size += strlen(string);
566 size += 4 + (num * 4);
567 tmp = (char *)malloc(size);
570 tmp2 += sprintf(tmp2, " [");
571 for (i = 0; i < num; i++) {
572 string = get_string(pid, (void*)strarray[i], 0);
573 tmp2 += sprintf(tmp2, " \"%s\"%c", string, (i+1 == num) ? ' ' : ',');
576 tmp2 += sprintf(tmp2, "]");
581 asprintf(&tmp, "0x%lx", args[sc->offset]);
586 unsigned long long ll;
587 ll = *(unsigned long long *)(args + sc->offset);
588 asprintf(&tmp, "0x%llx", ll);
593 asprintf(&tmp, "0x%lx", args[sc->offset]);
602 tmp2 = get_string(pid, (void*)args[sc->offset], retval);
603 asprintf(&tmp, "\"%s\"", tmp2);
609 const char *temp = ioctlname(args[sc->offset]);
614 unsigned long arg = args[sc->offset];
615 asprintf(&tmp, "0x%lx { IO%s%s 0x%lx('%c'), %lu, %lu}", arg,
616 arg&IOC_OUT?"R":"", arg&IOC_IN?"W":"",
617 IOCGROUP(arg), isprint(IOCGROUP(arg))?(char)IOCGROUP(arg):'?',
618 arg & 0xFF, IOCPARM_LEN(arg));
625 if (get_struct(pid, (void *)args[sc->offset], &umtx, sizeof(umtx)) != -1)
626 asprintf(&tmp, "{0x%lx}", (long)umtx.u_owner);
628 asprintf(&tmp, "0x%lx", args[sc->offset]);
634 if (get_struct(pid, (void *)args[sc->offset], &ts, sizeof(ts)) != -1)
635 asprintf(&tmp, "{%ld.%09ld}", (long)ts.tv_sec, ts.tv_nsec);
637 asprintf(&tmp, "0x%lx", args[sc->offset]);
643 if (get_struct(pid, (void *)args[sc->offset], &tv, sizeof(tv)) != -1)
644 asprintf(&tmp, "{%ld.%06ld}", (long)tv.tv_sec, tv.tv_usec);
646 asprintf(&tmp, "0x%lx", args[sc->offset]);
651 struct timeval tv[2];
652 if (get_struct(pid, (void *)args[sc->offset], &tv, sizeof(tv)) != -1)
653 asprintf(&tmp, "{%ld.%06ld, %ld.%06ld}",
654 (long)tv[0].tv_sec, tv[0].tv_usec,
655 (long)tv[1].tv_sec, tv[1].tv_usec);
657 asprintf(&tmp, "0x%lx", args[sc->offset]);
662 struct itimerval itv;
663 if (get_struct(pid, (void *)args[sc->offset], &itv, sizeof(itv)) != -1)
664 asprintf(&tmp, "{%ld.%06ld, %ld.%06ld}",
665 (long)itv.it_interval.tv_sec,
666 itv.it_interval.tv_usec,
667 (long)itv.it_value.tv_sec,
668 itv.it_value.tv_usec);
670 asprintf(&tmp, "0x%lx", args[sc->offset]);
676 * XXX: A Pollfd argument expects the /next/ syscall argument to be
677 * the number of fds in the array. This matches the poll syscall.
680 int numfds = args[sc->offset+1];
681 int bytes = sizeof(struct pollfd) * numfds;
682 int i, tmpsize, u, used;
683 const int per_fd = 100;
685 if ((pfd = malloc(bytes)) == NULL)
686 err(1, "Cannot malloc %d bytes for pollfd array", bytes);
687 if (get_struct(pid, (void *)args[sc->offset], pfd, bytes) != -1) {
690 tmpsize = 1 + per_fd * numfds + 2;
691 if ((tmp = malloc(tmpsize)) == NULL)
692 err(1, "Cannot alloc %d bytes for poll output", tmpsize);
695 for (i = 0; i < numfds; i++) {
697 u = snprintf(tmp + used, per_fd,
701 xlookup_bits(poll_flags, pfd[i].events) );
703 used += u < per_fd ? u : per_fd;
708 asprintf(&tmp, "0x%lx", args[sc->offset]);
715 * XXX: A Fd_set argument expects the /first/ syscall argument to be
716 * the number of fds in the array. This matches the select syscall.
719 int numfds = args[0];
720 int bytes = _howmany(numfds, _NFDBITS) * _NFDBITS;
721 int i, tmpsize, u, used;
722 const int per_fd = 20;
724 if ((fds = malloc(bytes)) == NULL)
725 err(1, "Cannot malloc %d bytes for fd_set array", bytes);
726 if (get_struct(pid, (void *)args[sc->offset], fds, bytes) != -1) {
728 tmpsize = 1 + numfds * per_fd + 2;
729 if ((tmp = malloc(tmpsize)) == NULL)
730 err(1, "Cannot alloc %d bytes for fd_set output", tmpsize);
733 for (i = 0; i < numfds; i++) {
734 if (FD_ISSET(i, fds)) {
735 u = snprintf(tmp + used, per_fd, "%d ", i);
737 used += u < per_fd ? u : per_fd;
740 if (tmp[used-1] == ' ')
745 asprintf(&tmp, "0x%lx", args[sc->offset]);
753 sig = args[sc->offset];
756 asprintf(&tmp, "%ld", sig);
765 sig = args[sc->offset];
766 if (get_struct(pid, (void *)args[sc->offset], (void *)&ss,
769 asprintf(&tmp, "0x%lx", args[sc->offset]);
772 tmp = malloc(sys_nsig * 8); /* 7 bytes avg per signal name */
774 for (i = 1; i < sys_nsig; i++)
776 if (sigismember(&ss, i))
778 used += sprintf(tmp + used, "%s|", strsig(i));
789 switch (args[sc->offset]) {
790 #define S(a) case a: tmp = strdup(#a); break;
797 asprintf(&tmp, "0x%lx", args[sc->offset]);
803 /* XXX output depends on the value of the previous argument */
804 switch (args[sc->offset-1]) {
806 tmp = strdup(xlookup_bits(fcntlfd_arg, args[sc->offset]));
809 tmp = strdup(xlookup_bits(fcntlfl_arg, args[sc->offset]));
817 asprintf(&tmp, "0x%lx", args[sc->offset]);
823 tmp = strdup(xlookup_bits(open_flags, args[sc->offset]));
826 tmp = strdup(xlookup(fcntl_arg, args[sc->offset]));
829 tmp = strdup(xlookup_bits(mprot_flags, args[sc->offset]));
832 tmp = strdup(xlookup_bits(mmap_flags, args[sc->offset]));
835 tmp = strdup(xlookup(whence_arg, args[sc->offset]));
838 tmp = strdup(xlookup(sockdomain_arg, args[sc->offset]));
841 tmp = strdup(xlookup(socktype_arg, args[sc->offset]));
844 tmp = strdup(xlookup(shutdown_arg, args[sc->offset]));
847 tmp = strdup(xlookup(resource_arg, args[sc->offset]));
850 tmp = strdup(xlookup(pathconf_arg, args[sc->offset]));
854 struct sockaddr_storage ss;
856 struct sockaddr_in *lsin;
857 struct sockaddr_in6 *lsin6;
858 struct sockaddr_un *sun;
864 if (args[sc->offset] == 0) {
865 asprintf(&tmp, "NULL");
869 /* yuck: get ss_len */
870 if (get_struct(pid, (void *)args[sc->offset], (void *)&ss,
871 sizeof(ss.ss_len) + sizeof(ss.ss_family)) == -1)
872 err(1, "get_struct %p", (void *)args[sc->offset]);
874 * If ss_len is 0, then try to guess from the sockaddr type.
875 * AF_UNIX may be initialized incorrectly, so always frob
876 * it by using the "right" size.
878 if (ss.ss_len == 0 || ss.ss_family == AF_UNIX) {
879 switch (ss.ss_family) {
881 ss.ss_len = sizeof(*lsin);
884 ss.ss_len = sizeof(*sun);
891 if (get_struct(pid, (void *)args[sc->offset], (void *)&ss, ss.ss_len)
893 err(2, "get_struct %p", (void *)args[sc->offset]);
896 switch (ss.ss_family) {
898 lsin = (struct sockaddr_in *)&ss;
899 inet_ntop(AF_INET, &lsin->sin_addr, addr, sizeof addr);
900 asprintf(&tmp, "{ AF_INET %s:%d }", addr, htons(lsin->sin_port));
903 lsin6 = (struct sockaddr_in6 *)&ss;
904 inet_ntop(AF_INET6, &lsin6->sin6_addr, addr, sizeof addr);
905 asprintf(&tmp, "{ AF_INET6 [%s]:%d }", addr, htons(lsin6->sin6_port));
908 sun = (struct sockaddr_un *)&ss;
909 asprintf(&tmp, "{ AF_UNIX \"%s\" }", sun->sun_path);
912 sa = (struct sockaddr *)&ss;
913 asprintf(&tmp, "{ sa_len = %d, sa_family = %d, sa_data = {%n%*s } }",
914 (int)sa->sa_len, (int)sa->sa_family, &i,
915 6 * (int)(sa->sa_len - ((char *)&sa->sa_data - (char *)sa)), "");
918 for (q = (u_char *)&sa->sa_data; q < (u_char *)sa + sa->sa_len; q++)
919 p += sprintf(p, " %#02x,", *q);
930 if (get_struct(pid, (void *)args[sc->offset], &sa, sizeof(sa)) != -1) {
932 asprintf(&hand, "%p", sa.sa_handler);
933 if (sa.sa_handler == SIG_DFL)
935 else if (sa.sa_handler == SIG_IGN)
940 asprintf(&tmp, "{ %s %s ss_t }",
942 xlookup_bits(sigaction_flags, sa.sa_flags));
945 asprintf(&tmp, "0x%lx", args[sc->offset]);
952 * XXX XXX: the size of the array is determined by either the
953 * next syscall argument, or by the syscall returnvalue,
954 * depending on which argument number we are. This matches the
955 * kevent syscall, but luckily that's the only syscall that uses
961 int i, tmpsize, u, used;
962 const int per_ke = 100;
965 numevents = args[sc->offset+1];
966 else if (sc->offset == 3 && retval != -1)
970 bytes = sizeof(struct kevent) * numevents;
971 if ((ke = malloc(bytes)) == NULL)
972 err(1, "Cannot malloc %d bytes for kevent array", bytes);
973 if (numevents >= 0 && get_struct(pid, (void *)args[sc->offset], ke, bytes) != -1) {
975 tmpsize = 1 + per_ke * numevents + 2;
976 if ((tmp = malloc(tmpsize)) == NULL)
977 err(1, "Cannot alloc %d bytes for kevent output", tmpsize);
980 for (i = 0; i < numevents; i++) {
981 u = snprintf(tmp + used, per_ke,
982 "%s%p,%s,%s,%d,%p,%p",
985 xlookup(kevent_filters, ke[i].filter),
986 xlookup_bits(kevent_flags, ke[i].flags),
989 (void *)ke[i].udata);
991 used += u < per_ke ? u : per_ke;
996 asprintf(&tmp, "0x%lx", args[sc->offset]);
1003 if (get_struct(pid, (void *)args[sc->offset], &st, sizeof(st)) != -1) {
1005 strmode(st.st_mode, mode);
1006 asprintf(&tmp, "{mode=%s,inode=%jd,size=%jd,blksize=%ld}",
1008 (intmax_t)st.st_ino,(intmax_t)st.st_size,(long)st.st_blksize);
1010 asprintf(&tmp, "0x%lx", args[sc->offset]);
1016 if (get_struct(pid, (void *)args[sc->offset], &ru, sizeof(ru)) != -1)
1017 asprintf(&tmp, "{u=%ld.%06ld,s=%ld.%06ld,in=%ld,out=%ld}",
1018 (long)ru.ru_utime.tv_sec, ru.ru_utime.tv_usec,
1019 (long)ru.ru_stime.tv_sec, ru.ru_stime.tv_usec,
1020 ru.ru_inblock, ru.ru_oublock);
1022 asprintf(&tmp, "0x%lx", args[sc->offset]);
1028 if (get_struct(pid, (void *)args[sc->offset], &rl, sizeof(rl)) != -1)
1029 asprintf(&tmp, "{cur=%ju,max=%ju}",
1030 rl.rlim_cur, rl.rlim_max);
1032 asprintf(&tmp, "0x%lx", args[sc->offset]);
1036 errx(1, "Invalid argument type %d\n", sc->type & ARG_MASK);
1044 * Print (to outfile) the system call and its arguments. Note that
1045 * nargs is the number of arguments (not the number of words; this is
1046 * potentially confusing, I know).
1050 print_syscall(struct trussinfo *trussinfo, const char *name, int nargs, char **s_args) {
1053 struct timespec timediff;
1055 if (trussinfo->flags & FOLLOWFORKS)
1056 len += fprintf(trussinfo->outfile, "%5d: ", trussinfo->pid);
1058 if (name != NULL && (!strcmp(name, "execve") || !strcmp(name, "exit"))) {
1059 clock_gettime(CLOCK_REALTIME, &trussinfo->after);
1062 if (trussinfo->flags & ABSOLUTETIMESTAMPS) {
1063 timespecsubt(&trussinfo->after, &trussinfo->start_time, &timediff);
1064 len += fprintf(trussinfo->outfile, "%ld.%09ld ",
1065 (long)timediff.tv_sec, timediff.tv_nsec);
1068 if (trussinfo->flags & RELATIVETIMESTAMPS) {
1069 timespecsubt(&trussinfo->after, &trussinfo->before, &timediff);
1070 len += fprintf(trussinfo->outfile, "%ld.%09ld ",
1071 (long)timediff.tv_sec, timediff.tv_nsec);
1074 len += fprintf(trussinfo->outfile, "%s(", name);
1076 for (i = 0; i < nargs; i++) {
1078 len += fprintf(trussinfo->outfile, "%s", s_args[i]);
1080 len += fprintf(trussinfo->outfile, "<missing argument>");
1081 len += fprintf(trussinfo->outfile, "%s", i < (nargs - 1) ? "," : "");
1083 len += fprintf(trussinfo->outfile, ")");
1084 for (i = 0; i < 6 - (len / 8); i++)
1085 fprintf(trussinfo->outfile, "\t");
1089 print_syscall_ret(struct trussinfo *trussinfo, const char *name, int nargs,
1090 char **s_args, int errorp, long retval)
1092 print_syscall(trussinfo, name, nargs, s_args);
1093 fflush(trussinfo->outfile);
1095 fprintf(trussinfo->outfile, " ERR#%ld '%s'\n", retval, strerror(retval));
1097 fprintf(trussinfo->outfile, " = %ld (0x%lx)\n", retval, retval);