On 8/30/07, Jon Haslam <[EMAIL PROTECTED]> wrote:
>
> Hi Martin,
>
> > I'm using a fbt probe where I get a system call id as an argument, how
> do I look up the name of it? At the moment I'm post-processing the output
> using /etc/name/to_sysnum but that doesn't feel right :)
>
> This may not be quite what you want for your particular issue but
> a way to answer the initial question is to use the sysent[] array
> to extract this information. An example using post_syscall():
>
>
> fbt::post_syscall:entry
> {
> this->call = curthread->t_sysnum;
>
> this->addr = (struct sysent *)((char *)&`sysent +
> this->call * sizeof(struct sysent));
>
> @calls[this->addr->sy_callc] = count();
Note that this will *NOT* work on system calls which have active
syscall:::{entry,return} probes enabled; you'll just get
dtrace_syscall_syscall for them as long as the probes are enabled.
You *could* probably just do:
@calls[`systrace_sysent[curthread->t_sysnum].stsy_underlying] = count();
to get a reliable function pointer. This is, of course, not a documented
interface; caveat emptor.
In either case, you'll be getting the underlying C function name, not the
syscall name, so there will be slight mismatches ("rexit" instead of "exit",
for example). There's also a 32-bit v.s. 64-bit issue under the covers
here.
Cheers,
- jonathan
_______________________________________________
dtrace-discuss mailing list
[email protected]
