>From 159dcf882dc54d4f1e00c68087c216257f767a9c Thu, 30 Jan 2014 18:09:29 +0100
From: pombredanne <pombreda...@nexb.com>
Date: Thu, 30 Jan 2014 14:37:23 +0100
Subject: [PATCH] Add support to decode sockets descriptor 'paths' for
network calls.
* pathtrace.c: Add decoding for network-related file descriptors to
pathtrace_match with an fdmatch call for allTRACE_NETWORK calls that
have sockfd as arg[0]. No decoding for socket and socketpair calls that
take no descriptors.
* net.c: Add printing of decoded socket descriptors for syscalls that
have such desc as arg[0] instead of printing a bare int.
* tests/net-fd: New test file to test proper decoding of sockfd's.
* tests/Makefile.am (TESTS): Add net-fd to test suite.
diff --git a/net.c b/net.c
index ea785b3..2625149 100644
--- a/net.c
+++ b/net.c
@@ -1651,7 +1651,8 @@
sys_bind(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printsock(tcp, tcp->u_arg[1], tcp->u_arg[2]);
tprintf(", %lu", tcp->u_arg[2]);
}
@@ -1668,7 +1669,9 @@
sys_listen(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, %lu", tcp->u_arg[0], tcp->u_arg[1]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
+ tprintf("%lu", tcp->u_arg[1]);
}
return 0;
}
@@ -1677,7 +1680,8 @@
do_accept(struct tcb *tcp, int flags_arg)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
return 0;
}
if (!tcp->u_arg[2])
@@ -1717,7 +1721,8 @@
sys_send(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
tprintf(", %lu, ", tcp->u_arg[2]);
/* flags */
@@ -1730,7 +1735,8 @@
sys_sendto(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
tprintf(", %lu, ", tcp->u_arg[2]);
/* flags */
@@ -1750,7 +1756,8 @@
sys_sendmsg(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printmsghdr(tcp, tcp->u_arg[1], (unsigned long) -1L);
/* flags */
tprints(", ");
@@ -1764,7 +1771,8 @@
{
if (entering(tcp)) {
/* sockfd */
- tprintf("%d, ", (int) tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
if (!verbose(tcp)) {
tprintf("%#lx, %u, ",
tcp->u_arg[1], (unsigned int) tcp->u_arg[2]);
@@ -1783,7 +1791,8 @@
sys_recv(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
} else {
if (syserror(tcp))
tprintf("%#lx", tcp->u_arg[1]);
@@ -1802,7 +1811,8 @@
int fromlen;
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
} else {
if (syserror(tcp)) {
tprintf("%#lx, %lu, %lu, %#lx, %#lx",
@@ -1846,7 +1856,8 @@
sys_recvmsg(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
} else {
if (syserror(tcp) || !verbose(tcp))
tprintf("%#lx", tcp->u_arg[1]);
@@ -1866,7 +1877,8 @@
static char str[5 + TIMESPEC_TEXT_BUFSIZE];
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
if (verbose(tcp)) {
sprint_timespec(str, tcp, tcp->u_arg[4]);
/* Abusing tcp->auxstr as temp storage.
@@ -1916,7 +1928,8 @@
sys_shutdown(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printxval(shutdown_modes, tcp->u_arg[1], "SHUT_???");
}
return 0;
@@ -2017,7 +2030,8 @@
sys_getsockopt(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printxval(socketlayers, tcp->u_arg[1], "SOL_???");
tprints(", ");
switch (tcp->u_arg[1]) {
@@ -2283,7 +2297,8 @@
sys_setsockopt(struct tcb *tcp)
{
if (entering(tcp)) {
- tprintf("%ld, ", tcp->u_arg[0]);
+ printfd(tcp, tcp->u_arg[0]);
+ tprints(", ");
printsockopt(tcp, tcp->u_arg[1], tcp->u_arg[2],
tcp->u_arg[3], tcp->u_arg[4]);
tprintf(", %lu", tcp->u_arg[4]);
diff --git a/pathtrace.c b/pathtrace.c
index 03f6681..1e57b48 100644
--- a/pathtrace.c
+++ b/pathtrace.c
@@ -158,7 +158,7 @@
s = tcp->s_ent;
- if (!(s->sys_flags & (TRACE_FILE | TRACE_DESC)))
+ if (!(s->sys_flags & (TRACE_FILE | TRACE_DESC | TRACE_NETWORK)))
return 0;
/*
@@ -339,11 +339,13 @@
s->sys_func == sys_timerfd_settime ||
s->sys_func == sys_timerfd_gettime ||
s->sys_func == sys_epoll_create ||
+ s->sys_func == sys_socket ||
+ s->sys_func == sys_socketpair ||
strcmp(s->sys_name, "fanotify_init") == 0)
{
/*
- * These have TRACE_FILE or TRACE_DESCRIPTOR set, but they
- * don't have any file descriptor or path args to test.
+ * These have TRACE_FILE or TRACE_DESCRIPTOR or TRACE_NETWORK set,
+ * but they don't have any file descriptor or path args to test.
*/
return 0;
}
@@ -359,5 +361,8 @@
if (s->sys_flags & TRACE_DESC)
return fdmatch(tcp, tcp->u_arg[0]);
+ if (s->sys_flags & TRACE_NETWORK)
+ return fdmatch(tcp, tcp->u_arg[0]);
+
return 0;
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d8262f0..89bc3eb 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -5,7 +5,7 @@
check_PROGRAMS = net-accept-connect set_ptracer_any sigaction
TESTS = ptrace_setoptions strace-f qual_syscall sigaction.sh stat net \
- detach-sleeping detach-stopped detach-running
+ detach-sleeping detach-stopped detach-running net-fd
LOG_COMPILER = $(srcdir)/run.sh
diff --git a/tests/net-fd b/tests/net-fd
new file mode 100644
index 0000000..1be5b77
--- /dev/null
+++ b/tests/net-fd
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# Check how network syscalls are traced when decoding socket descriptors
+
+. "${srcdir=.}/init.sh"
+
+check_prog grep
+check_prog rm
+
+rm -f $LOG.*
+
+./net-accept-connect ||
+ fail_ 'net-accept-connect failed'
+
+# using -y to test socket descriptors 'paths' decoding
+args="-tt -ff -y -o $LOG -enetwork ./net-accept-connect"
+$STRACE $args ||
+ fail_ "strace $args failed"
+
+"$srcdir"/../strace-log-merge $LOG > $LOG || {
+ cat $LOG
+ fail_ 'strace-log-merge failed'
+}
+
+rm -f $LOG.*
+
+grep_log()
+{
+ local syscall="$1"; shift
+ local prefix='[1-9][0-9]* +[0-9]+:[0-9]+:[0-9]+\.[0-9]+ +'
+
+ LC_ALL=C grep -E -x "$prefix$syscall$@" $LOG > /dev/null || {
+ cat $LOG
+ fail_ "strace -enetwork failed to trace \"$syscall\" properly"
+ }
+}
+grep_log bind '\(0<socket:\[[0-9]+\]>,
\{sa_family=AF_(LOCAL|UNIX|FILE), sun_path="local-stream"\}, 15\) +=
0'
+grep_log listen '\(0<socket:\[[0-9]+\]>, 5\) += 0'
+grep_log getsockname '\(0<socket:\[[0-9]+\]>,
\{sa_family=AF_(LOCAL|UNIX|FILE), sun_path="local-stream"\}, \[15\]\)
+= 0'
+grep_log accept '\(0<socket:\[[0-9]+\]>,
\{sa_family=AF_(LOCAL|UNIX|FILE), NULL\}, \[2\]\) += 1'
+grep_log connect '\(1<socket:\[[0-9]+\]>,
\{sa_family=AF_(LOCAL|UNIX|FILE), sun_path="local-stream"\}, 15\) +=
0'
+
+exit 0
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Strace-devel mailing list
Strace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/strace-devel
