On Tuesday 16 March 2004 11:39 am, Roman Bogorodskiy wrote:
> Hi,
>
> I hope it's a right place for kernel module programming related
> questions, in another case I'd be glad if you point me to the right
> maillist.
>
> So, my aim is to log every file opening in `/tmp' dir. I've wrote a simple
> "syscall" module which replaces open(2) syscall. My new open(2) looks
>
> like this:
> >---cut 8<---
>
> static int
> new_open(struct proc *p, register struct open_args *uap)
> {
> char name[NAME_MAX];
> size_t size;
>
> if((const void*)copyinstr(uap->path, name,
> NAME_MAX, &size) == (const void*)EFAULT)
> return(EFAULT);
>
> if (name[0] == '/' && name[1] == 't' && name[2] == 'm'
> && name[3] == 'p' && name[4] == '/') {
> printf("open(2): %s pid: %i\n", name, (int)p->p_pid);
> }
>
> return (open(p, uap));
> }
>
> >---cut 9<---<
>
> But instead of a real pid I see something strange in logs, something
> like this:
>
> Mar 16 19:15:44 nov kernel: open(2): /tmp/asfdasfsaf pid: -1002890624
>
> What am I doing wrong?
If this is on current, then the first arg to your syscall should be 'struct
thread *td', and you should try to printf td->td_proc->p_pid to get the pid.
Also, you might consider using strncmp() to make the code a bit easier to
read, i.e.:
if (strncmp(name, "/tmp/", 5) == 0)
printf("open(2): %s by pid %d (%s)\n", name, td->td_proc->p_pid,
td->td_proc->p_comm);
--
John Baldwin <[EMAIL PROTECTED]> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
