summaryrefslogtreecommitdiff
path: root/share/dtrace/watch_kill
diff options
context:
space:
mode:
Diffstat (limited to 'share/dtrace/watch_kill')
-rwxr-xr-xshare/dtrace/watch_kill232
1 files changed, 232 insertions, 0 deletions
diff --git a/share/dtrace/watch_kill b/share/dtrace/watch_kill
new file mode 100755
index 000000000000..b7a06f9a129f
--- /dev/null
+++ b/share/dtrace/watch_kill
@@ -0,0 +1,232 @@
+#!/usr/sbin/dtrace -s
+/* -
+ * Copyright (c) 2014-2015 Devin Teske <dteske@FreeBSD.org>
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Title: dtrace(1) script to log process(es) entering syscall::kill $
+ * $FreeBSD$
+ */
+
+#pragma D option quiet
+#pragma D option dynvarsize=16m
+#pragma D option switchrate=10hz
+
+/*********************************************************/
+
+syscall::execve:entry /* probe ID 1 */
+{
+ this->caller_execname = execname;
+}
+
+/*********************************************************/
+
+syscall::kill:entry /* probe ID 2 */
+{
+ this->pid_to_kill = (pid_t)arg0;
+ this->kill_signal = (int)arg1;
+
+ /*
+ * Examine process, parent process, and grandparent process details
+ */
+
+ /******************* CURPROC *******************/
+
+ this->proc = curthread->td_proc;
+ this->pid0 = this->proc->p_pid;
+ this->uid0 = this->proc->p_ucred->cr_uid;
+ this->gid0 = this->proc->p_ucred->cr_rgid;
+ this->p_args = this->proc->p_args;
+ this->ar_length = this->p_args ? this->p_args->ar_length : 0;
+ this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
+
+ this->arg0_0 = this->ar_length > 0 ?
+ this->ar_args : stringof(this->proc->p_comm);
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg0_1 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg0_2 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg0_3 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg0_4 = this->ar_length > 0 ? "..." : "";
+
+ /******************* PPARENT *******************/
+
+ this->proc = this->proc->p_pptr;
+ this->pid1 = this->proc->p_pid;
+ this->uid1 = this->proc->p_ucred->cr_uid;
+ this->gid1 = this->proc->p_ucred->cr_rgid;
+ this->p_args = this->proc ? this->proc->p_args : 0;
+ this->ar_length = this->p_args ? this->p_args->ar_length : 0;
+ this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
+
+ this->arg1_0 = this->ar_length > 0 ?
+ this->ar_args : stringof(this->proc->p_comm);
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg1_1 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg1_2 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg1_3 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg1_4 = this->ar_length > 0 ? "..." : "";
+
+ /******************* GPARENT *******************/
+
+ this->proc = this->proc->p_pptr;
+ this->pid2 = this->proc->p_pid;
+ this->uid2 = this->proc->p_ucred->cr_uid;
+ this->gid2 = this->proc->p_ucred->cr_rgid;
+ this->p_args = this->proc ? this->proc->p_args : 0;
+ this->ar_length = this->p_args ? this->p_args->ar_length : 0;
+ this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
+
+ this->arg2_0 = this->ar_length > 0 ?
+ this->ar_args : stringof(this->proc->p_comm);
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg2_1 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg2_2 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg2_3 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg2_4 = this->ar_length > 0 ? "..." : "";
+
+ /******************* APARENT *******************/
+
+ this->proc = this->proc->p_pptr;
+ this->pid3 = this->proc->p_pid;
+ this->uid3 = this->proc->p_ucred->cr_uid;
+ this->gid3 = this->proc->p_ucred->cr_rgid;
+ this->p_args = this->proc ? this->proc->p_args : 0;
+ this->ar_length = this->p_args ? this->p_args->ar_length : 0;
+ this->ar_args = (char *)(this->p_args ? this->p_args->ar_args : 0);
+
+ this->arg3_0 = this->ar_length > 0 ?
+ this->ar_args : stringof(this->proc->p_comm);
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg3_1 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg3_2 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg3_3 = this->ar_length > 0 ? this->ar_args : "";
+ this->len = this->ar_length > 0 ? strlen(this->ar_args) + 1 : 0;
+ this->ar_args += this->len;
+ this->ar_length -= this->len;
+
+ this->arg3_4 = this->ar_length > 0 ? "..." : "";
+
+ /***********************************************/
+
+ /*
+ * Print process, parent, and grandparent details
+ */
+
+ printf("%Y %s[%d]: ", timestamp + 1406598400000000000,
+ this->caller_execname, this->pid1);
+ printf("%s", this->arg0_0);
+ printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
+ printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
+ printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
+ printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
+ printf(" (sending signal %u to pid %u)",
+ this->kill_signal, this->pid_to_kill);
+ printf("\n");
+
+ printf(" -+= %05d %d.%d %s",
+ this->pid3, this->uid3, this->gid3, this->arg3_0);
+ printf("%s%s", this->arg3_1 != "" ? " " : "", this->arg3_1);
+ printf("%s%s", this->arg3_2 != "" ? " " : "", this->arg3_2);
+ printf("%s%s", this->arg3_3 != "" ? " " : "", this->arg3_3);
+ printf("%s%s", this->arg3_4 != "" ? " " : "", this->arg3_4);
+ printf("%s", this->arg3_0 != "" ? "\n" : "");
+
+ printf(" \-+= %05d %d.%d %s",
+ this->pid2, this->uid2, this->gid2, this->arg2_0);
+ printf("%s%s", this->arg2_1 != "" ? " " : "", this->arg2_1);
+ printf("%s%s", this->arg2_2 != "" ? " " : "", this->arg2_2);
+ printf("%s%s", this->arg2_3 != "" ? " " : "", this->arg2_3);
+ printf("%s%s", this->arg2_4 != "" ? " " : "", this->arg2_4);
+ printf("%s", this->arg2_0 != "" ? "\n" : "");
+
+ printf(" \-+= %05d %d.%d %s",
+ this->pid1, this->uid1, this->gid1, this->arg1_0);
+ printf("%s%s", this->arg1_1 != "" ? " " : "", this->arg1_1);
+ printf("%s%s", this->arg1_2 != "" ? " " : "", this->arg1_2);
+ printf("%s%s", this->arg1_3 != "" ? " " : "", this->arg1_3);
+ printf("%s%s", this->arg1_4 != "" ? " " : "", this->arg1_4);
+ printf("%s", this->arg1_0 != "" ? "\n" : "");
+
+ printf(" \-+= %05d %d.%d %s",
+ this->pid0, this->uid0, this->gid0, this->arg0_0);
+ printf("%s%s", this->arg0_1 != "" ? " " : "", this->arg0_1);
+ printf("%s%s", this->arg0_2 != "" ? " " : "", this->arg0_2);
+ printf("%s%s", this->arg0_3 != "" ? " " : "", this->arg0_3);
+ printf("%s%s", this->arg0_4 != "" ? " " : "", this->arg0_4);
+ printf("%s", this->arg0_0 != "" ? "\n" : "");
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 19:42:21 +0000