Add support for opensnoop and shellsnoop

Submitted by: Daniel O'Connor <doconnor@gsoft.com.au>
svn path=/head/; revision=356502
2024-10-19 19:59:43 +00:00 · 2014-06-04 14:26:33 +00:00 · 2014-06-04 14:26:33 +00:00 · 353b8c5ba6 · 2021-03-31 03:12:20 +00:00
commit 353b8c5ba6
parent df19c79522
4 changed files with 71 additions and 2 deletions
--- a/sysutils/DTraceToolkit/Makefile
+++ b/sysutils/DTraceToolkit/Makefile
@ -3,6 +3,7 @@

 PORTNAME=	DTraceToolkit
 PORTVERSION=	0.99
+PORTREVISION=	1
 CATEGORIES=	sysutils
 MASTER_SITES=	http://www.brendangregg.com/DTraceToolkit/

@ -14,7 +15,7 @@ sh_OLD_CMD=	/usr/bin/sh
 sh_CMD=	${SH}
 SHEBANG_LANG+=	sh

-SHEBANG_FILES=	hotkernel procsystime
+SHEBANG_FILES=	hotkernel procsystime opensnoop Apps/shellsnoop
 NO_BUILD=	YES

 .include <bsd.port.pre.mk>
@ -25,12 +26,14 @@ IGNORE=	needs to have dtrace enabled kernel

 do-install:
 	${MKDIR} ${STAGEDIR}${DATADIR}
-	(cd ${WRKSRC}; ${TAR} cf - . ) | \
+	(cd ${WRKSRC}; ${TAR} --exclude '*.orig' -cf - . ) | \
 		(cd ${STAGEDIR}${DATADIR}/; ${TAR} xvf -)

 post-install:
 	${LN} -fs ${DATADIR}/hotkernel ${STAGEDIR}${PREFIX}/bin/hotkernel
 	${LN} -fs ${DATADIR}/procsystime ${STAGEDIR}${PREFIX}/bin/procsystime
+	${LN} -fs ${DATADIR}/opensnoop ${STAGEDIR}${PREFIX}/bin/opensnoop
+	${LN} -fs ${DATADIR}/Apps/shellsnoop ${STAGEDIR}${PREFIX}/bin/shellsnoop
 	@${CAT} ${PKGMESSAGE}

 .include <bsd.port.post.mk>
--- a/sysutils/DTraceToolkit/files/patch-Apps-shellsnoop
+++ b/sysutils/DTraceToolkit/files/patch-Apps-shellsnoop
@ -0,0 +1,35 @@
+--- Apps/shellsnoop.orig	2014-06-04 09:00:10.000000000 -0400
+++ Apps/shellsnoop	2014-06-04 09:01:29.000000000 -0400
+@@ -140,7 +140,7 @@
+  /*
+   * Remember this PID is a shell child
+   */
+- syscall::exec:entry, syscall::exece:entry
+ syscall::exec:entry
+  /execname == "sh"   || execname == "ksh"  || execname == "csh"  || 
+   execname == "tcsh" || execname == "zsh"  || execname == "bash"/
+  {
+@@ -151,7 +151,7 @@
+ 	OPT_debug == 1 ? printf("PID %d CMD %s started. (%s)\n",
+ 	    pid, execname, stringof(this->parent)) : 1;
+  }
+- syscall::exec:entry, syscall::exece:entry
+ syscall::exec:entry
+  /(OPT_pid == 1 && PID != ppid) || (OPT_uid == 1 && UID != uid)/
+  {
+ 	/* forget if filtered */
+@@ -256,12 +256,12 @@
+  /*
+   *  Cleanup
+   */
+- syscall::rexit:entry
+ syscall::exit:entry
+  {
+ 	child[pid] = 0;
+ 
+ 	/* debug */
+-	this->parent = (char *)curthread->t_procp->p_parent->p_user.u_comm;
+	this->parent = (char *)curthread->td_proc->p_pptr->p_comm;
+ 	OPT_debug == 1 ? printf("PID %d CMD %s exited. (%s)\n",
+ 	 pid, execname, stringof(this->parent)) : 1;
+  }
--- a/sysutils/DTraceToolkit/files/patch-opensnoop
+++ b/sysutils/DTraceToolkit/files/patch-opensnoop
@ -0,0 +1,29 @@
+--- opensnoop.orig	2014-06-04 08:58:11.000000000 -0400
+++ opensnoop	2014-06-04 08:58:42.000000000 -0400
+@@ -189,7 +189,7 @@
+  /*
+   * Print open event
+   */
+- syscall::open:entry, syscall::open64:entry
+ syscall::open:entry
+  {
+ 	/* save pathname */
+ 	self->pathp = arg0;
+@@ -203,7 +203,7 @@
+ 	/* OPT_file is checked on return to ensure pathp is mapped */
+  }
+ 
+- syscall::open:return, syscall::open64:return
+ syscall::open:return
+  /self->ok && (! OPT_failonly || (int)arg0 < 0) && 
+  ((OPT_file == 0) || (OPT_file == 1 && PATHNAME == copyinstr(self->pathp)))/
+  {
+@@ -235,7 +235,7 @@
+  /* 
+   * Cleanup 
+   */
+- syscall::open:return, syscall::open64:return 
+ syscall::open:return
+  /self->ok/
+  {
+ 	self->pathp = 0;
--- a/sysutils/DTraceToolkit/pkg-plist
+++ b/sysutils/DTraceToolkit/pkg-plist
@ -1007,6 +1007,8 @@
 %%DATADIR%%/opensnoop
 bin/procsystime
 bin/hotkernel
+bin/shellsnoop
+bin/opensnoop
@dirrm %%DATADIR%%/Mem
@dirrm %%DATADIR%%/Man/man1m
@dirrm %%DATADIR%%/Man