Working on -e trace

haris iqbal haris.phnx at gmail.com
Thu Feb 11 15:34:56 UTC 2016 

On Thu, Feb 11, 2016 at 4:11 PM, Gabriel Laskar <gabriel at lse.epita.fr> wrote:
> On Thu, 11 Feb 2016 10:47:22 +0530
> haris iqbal <haris.phnx at gmail.com> wrote:
>
>> Hello,
>>
>> I have understood a fair amount of working, how -e trace=option works.
>>
>> Through the init() --> qualify()
>>
>>     for (p = strtok(copy, ","); p; p = strtok(NULL, ",")) {
>>         int n;
>>         if (opt->bitflag == QUAL_TRACE && (n = lookup_class(p)) > 0) {
>>             unsigned pers;
>>             for (pers = 0; pers < SUPPORTED_PERSONALITIES; pers++) {
>>                 for (i = 0; i < nsyscall_vec[pers]; i++)
>>                     if (sysent_vec[pers][i].sys_flags & n)
>>                         qualify_one(i, opt->bitflag, not, pers);
>>             }
>>             continue;
>>         }
>>
>> This piece of code is doing the magic. Now the lookupclass() uses the
>> bit set by the macros which is used to set the bits in qual_vec.
>> through qualify_one().
>>
>> Although I am not understanding how the macros
>>
>> TRACE_FILE, TRACE_IPC, TRACE_NETWORK, etc which corresponds to the
>> bits 001, 002, 004, work and set the particular system call bit in
>> qual_vec. I mean what will be the bit if I want to add TRACE_OPEN_LIKE
>> or something like that.
>>
>> Btw, I am still trying to understand how qual_vec is used to trace
>> only particular system calls. May be the knowledge will help me
>> contribute more.
>
> You need to add another TRACE_* macro to defs.h, you should just find a
> bit that is not used.

Yup, got that. I can use the bit 0400 for any new one.

>
> After that, you need to add in syscall.c the short name for your macro,
> and use it in all the syscallent.h files.

Yes, in addition to the short name, I also need to add to the switch()
case in lookupclass() for the new category.

And the part of adding to syscallent.h file, I understood. But man
there are too many files. ;)

>
>> A Note. I saw at many critical places you are using wait4() system
>> call to wait for the process. I read it is obsolete. Should we worry
>> about it and think of changing it to waitpid() and getrusage() at
>> places.
>
> Imho this is not necessary, wait4() is will stay in the kernel anyway.
>
> --
> Gabriel Laskar

Another thing. If I did not miss any step above then I can start thinking
about the new category to be added.

-- 

With regards,

Md Haris Iqbal,
Placement Coordinator, MTech IT
NITK Surathkal,
Contact: +91 8861996962

More information about the Strace-devel mailing list