Re: Efficient way to determine when a child process forks or calls exec
On Wed, May 19, 2010 at 4:51 PM, Alfred Perlstein alf...@freebsd.org wrote: * Dan McNulty dkmcnu...@gmail.com [100519 07:13] wrote: Thanks for all the great suggestions! It looks like the kevent system call is the closest to what I need. However, I didn't mention this, but I would like the process being traced to be stopped on entrance to fork, exec, etc. This would be similar to Linux's ptrace interface which sends a SIGTRAP to the traced process on exec, fork, etc. From what I could tell so far, kevent doesn't provide this functionality. Am I missing something? Is there a way to get kevent to stop the process when events occur? Not that I know of off the top of my head. Although if you want to contrib the code I can help get it in. :) -Alfred Unfortunately, writing a patch for the FreeBSD kernel may be beyond the scope of my current work. Although I wouldn't mind working on it in my spare time outside of my job. Maybe in some free time this summer. I think the ideal fix for my problem would be to implement a mechanism similar to the Linux ptrace interface that sends a SIGTRAP for events such as fork, exec, thread create, etc. Maybe I will poke around in the FreeBSD kernel source and see what I can figure out. Thanks for the help! -Dan Thanks again for your help, -Dan On Tue, May 18, 2010 at 2:40 AM, Alfred Perlstein alf...@freebsd.org wrote: * Dan McNulty dkmcnu...@gmail.com [100517 08:02] wrote: Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! kevent has some hooks, have you looked at that? -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Efficient way to determine when a child process forks or calls exec
Thanks for all the great suggestions! It looks like the kevent system call is the closest to what I need. However, I didn't mention this, but I would like the process being traced to be stopped on entrance to fork, exec, etc. This would be similar to Linux's ptrace interface which sends a SIGTRAP to the traced process on exec, fork, etc. From what I could tell so far, kevent doesn't provide this functionality. Am I missing something? Is there a way to get kevent to stop the process when events occur? Thanks again for your help, -Dan On Tue, May 18, 2010 at 2:40 AM, Alfred Perlstein alf...@freebsd.org wrote: * Dan McNulty dkmcnu...@gmail.com [100517 08:02] wrote: Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! kevent has some hooks, have you looked at that? -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Efficient way to determine when a child process forks or calls exec
* Dan McNulty dkmcnu...@gmail.com [100519 07:13] wrote: Thanks for all the great suggestions! It looks like the kevent system call is the closest to what I need. However, I didn't mention this, but I would like the process being traced to be stopped on entrance to fork, exec, etc. This would be similar to Linux's ptrace interface which sends a SIGTRAP to the traced process on exec, fork, etc. From what I could tell so far, kevent doesn't provide this functionality. Am I missing something? Is there a way to get kevent to stop the process when events occur? Not that I know of off the top of my head. Although if you want to contrib the code I can help get it in. :) -Alfred Thanks again for your help, -Dan On Tue, May 18, 2010 at 2:40 AM, Alfred Perlstein alf...@freebsd.org wrote: * Dan McNulty dkmcnu...@gmail.com [100517 08:02] wrote: Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! kevent has some hooks, have you looked at that? -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Efficient way to determine when a child process forks or calls exec
* Dan McNulty dkmcnu...@gmail.com [100517 08:02] wrote: Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! kevent has some hooks, have you looked at that? -- - Alfred Perlstein .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 .- FreeBSD committer ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Efficient way to determine when a child process forks or calls exec
Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! -Dan ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Efficient way to determine when a child process forks or calls exec
On 05/17/2010 10:33, Dan McNulty wrote: Hi all, I have been experimenting with ptrace to determine when a child process forks or calls exec. Particularly, I have explored tracing every system call entry and exit similar to what the truss utility does, and for my case, the performance impact of tracing every system call is too great. Is there a more efficient way than tracing every system call entry and exit to determine when a child process forks, calls exec, or creates a new LWP? Thanks a lot for your help! -Dan Not sure if this is exactly what your looking for but have you looked into possibly using the audit system for tracking these things ? In its own way its really efficient and the utilities that are provided (auditreduce) you might just find a easier way to get the information your looking for. Regards, -- jhell ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: Efficient way to determine when a child process forks or calls exec
- Original Message
From: Dan McNulty dkmcnu...@gmail.com
To: freebsd-hackers@freebsd.org
Sent: Mon, May 17, 2010 11:33:31 AM
Subject: Efficient way to determine when a child process forks or calls exec
Hi all,
I have been experimenting with ptrace to determine when a
child process forks or calls exec. Particularly, I have explored
tracing every system call entry and exit similar to what the truss
utility does, and for my case, the performance impact of tracing every
system call is too great.
Is there a more efficient way than tracing
every system call entry and exit to determine when a child process forks,
calls exec, or creates a new LWP?
You can do that very easily with DTrace's syscall provider
#!/usr/sbin/dtrace -s
syscall::fork:entry
{
self-traceme=1;
}
syscall::exec*:entry
/self-traceme/
{
printf(pid %d has called %s\n, pid, probefunc);
self-traceme=0;
}
Hope that helps
}
Thanks a lot for your
help!
-Dan
___
ymailto=mailto:freebsd-hackers@freebsd.org;
href=mailto:freebsd-hackers@freebsd.org;freebsd-hackers@freebsd.org
mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To
unsubscribe, send any mail to
ymailto=mailto:freebsd-hackers-unsubscr...@freebsd.org;
href=mailto:freebsd-hackers-unsubscr...@freebsd.org;freebsd-hackers-unsubscr...@freebsd.org
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
