|
Home > Archive > Unix Programming > November 2005 > kernel module programming
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
kernel module programming
|
|
| Daniel Rudy 2005-11-23, 7:51 am |
|
I'm trying to write a kernel module to basically just print out data
structures of various syscall messages, but now it seems that I am
stuck. I'm trying to do a proper scan of the getdirentries syscall
(SYS_getdirentries) looking for something to omit, and I can get the
first record, but the next record is null. Why? I'm running FreeBSD
6.0-RELEASE. Oh, and when I was playing with it, I managed to panic the
kernel. Besides, below is the code snippit from my module.
/*
Test 3
Kernel Module Demonstration
*/
/* the hide file routine */
static int hide_file_check(char *filename, int size)
{
/* TODO: this needs much more work */
char hidden[] = "sniffer";
int result;
result = strncmp(filename, hidden, size);
if (result != 0) return(0);
return(1);
}
static int new_getdirentries(struct thread *t, struct getdirentries_args
*uap)
{
unsigned int buffsize;
unsigned int n;
unsigned int r;
int flag;
struct dirent *dirp_start;
struct dirent *dirp_current;
struct dirent *dirp2;
struct dirent *dirp3;
int result;
int status;
/* issue the syscall */
result = getdirentries(t, uap);
printf("getdirentries result %d\n", result);
if (result != 0) return(result);
/* and check the buffer */
dirp_start = (struct dirent *)uap->buf;
if (dirp_start == NULL) return(result);
/* do we have work to do? */
if (dirp_start->d_namlen > 0)
{
/* get our buffer size */
buffsize = uap->count;
/* allocate memory buffer in kernel space */
MALLOC(dirp2, struct dirent *, buffsize, M_DIRP2, M_NOWAIT);
if (dirp2 == NULL) return(result);
/* copy data into kernel space */
copyin(uap->buf, dirp2, buffsize);
/* setup pointers */
dirp_start = dirp2;
dirp_current = dirp_start;
/* set the flag */
flag = 0;
n = buffsize;
r = 0;
printf("buffsize %u; dirent size %d; getdirent %d\n", buffsize,
sizeof(struct dirent),
sizeof(struct getdirentries_args));
/* now walk through the dirent structures and
see if there is something that we need to
hide */
while (flag == 0)
{
/* decrement the used buffer length */
n -= dirp_current->d_reclen;
printf("**BEFORE\n");
printf("n %u; r %u\n", n, r);
printf("name %s; len %hhu; reclen %hu\n", dirp_current->d_name,
dirp_current->d_namlen, dirp_current->d_reclen);
/* check to see if we need to hide something */
status = hide_file_check(dirp_current->d_name,
dirp_current->d_namlen);
printf("stauts %d\n", status);
if (status != 0)
{
/* incrment delete counter */
r += sizeof(struct dirent);
/* set copy from address */
dirp3 = dirp_current + dirp_current->d_reclen;
/* overwrite current data with next data */
bcopy(dirp3, dirp_current, n);
}
else
{
/* set next pointer */
dirp3 = dirp_current + dirp_current->d_reclen;
dirp_current = dirp3;
}
printf("**AFTER\n");
printf("n %u; r %u\n", n, r);
printf("name %s; len %hhu; reclen %hu\n", dirp_current->d_name,
dirp_current->d_namlen, dirp_current->d_reclen);
if (dirp_current->d_namlen == 0) flag = 1;
}
/* copy the memory block back to the user buffer */
copyout(dirp2, uap->buf, buffsize);
/* free kernel buffer space */
FREE(dirp2, M_DIRP2);
}
/* return the function call result */
return(result);
}
dmesg output:
KLM Loaded
getdirentries result 0
buffsize 4096; dirent size 264; getdirent 16
**BEFORE
n 4084; r 0
name .; len 1; reclen 12
stauts 0
**AFTER
n 4084; r 0
name ; len 0; reclen 0
getdirentries result 0
buffsize 4096; dirent size 264; getdirent 16
**BEFORE
n 4084; r 0
name .; len 1; reclen 12
stauts 0
**AFTER
n 4084; r 0
name ; len 0; reclen 0
--
Daniel Rudy
Email address has been base64 encoded to reduce spam
Decode email address using b64decode or uudecode -m
Why geeks like computers: look chat date touch grep make unzip
strip view finger mount fcsk more fcsk yes spray umount sleep
| |
| Rich Teer 2005-11-23, 5:54 pm |
| On Wed, 23 Nov 2005, Daniel Rudy wrote:
> I'm trying to write a kernel module to basically just print out data
> structures of various syscall messages, but now it seems that I am
Why reinvent the wheel? Has the FreeBSD port of DTrace got to a point
where it useful for kernel tracing yet? If so, that's probably your
best option. Apart from migrating to Solaris, that is. :-)
--
Rich Teer, SCNA, SCSA, OpenSolaris CAB member
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-group.com/rich
| |
| Daniel Rudy 2005-11-23, 5:54 pm |
| At about the time of 11/23/2005 9:19 AM, Rich Teer stated the following:
> On Wed, 23 Nov 2005, Daniel Rudy wrote:
>
>
>
>
> Why reinvent the wheel? Has the FreeBSD port of DTrace got to a point
> where it useful for kernel tracing yet? If so, that's probably your
> best option. Apart from migrating to Solaris, that is. :-)
>
DTrace? I haven't heard of it. I know there is a KTrace facility in
FreeBSD though. I'll check out DTrace and see what that's about.
--
Daniel Rudy
Email address has been base64 encoded to reduce spam
Decode email address using b64decode or uudecode -m
Why geeks like computers: look chat date touch grep make unzip
strip view finger mount fcsk more fcsk yes spray umount sleep
| |
| Rich Teer 2005-11-23, 5:54 pm |
| On Wed, 23 Nov 2005, Daniel Rudy wrote:
> DTrace? I haven't heard of it. I know there is a KTrace facility in
DTrace is a feature of Solaris 10 that lets you dynamically trace
the kernel and userland apps and libs.
> FreeBSD though. I'll check out DTrace and see what that's about.
Here's a source of some good info:
http://www.opensolaris.org/os/community/dtrace/
Check out Bryan Cantrill's blog; DTrace is his baby.
--
Rich Teer, SCNA, SCSA, OpenSolaris CAB member
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-group.com/rich
| |
| Daniel Rudy 2005-11-23, 5:54 pm |
| At about the time of 11/23/2005 12:05 PM, Rich Teer stated the following:
> On Wed, 23 Nov 2005, Daniel Rudy wrote:
>
>
>
>
> DTrace is a feature of Solaris 10 that lets you dynamically trace
> the kernel and userland apps and libs.
>
>
>
>
> Here's a source of some good info:
>
> http://www.opensolaris.org/os/community/dtrace/
>
> Check out Bryan Cantrill's blog; DTrace is his baby.
>
I looked at the site, and at Bryan's blog, and even went over to Devon's
blog. It seems to still be in the very early alpha stages. It's not
available in the FreeBSD ports system yet. So I'll hold off on it until
there is an actual entry in the ports collection.
--
Daniel Rudy
Email address has been base64 encoded to reduce spam
Decode email address using b64decode or uudecode -m
Why geeks like computers: look chat date touch grep make unzip
strip view finger mount fcsk more fcsk yes spray umount sleep
| |
| Giorgos Keramidas 2005-11-24, 2:48 am |
| Daniel Rudy <spamthis@spamthis.net> writes:
> At about the time of 11/23/2005 9:19 AM, Rich Teer stated the
>following: > On Wed, 23 Nov 2005, Daniel Rudy wrote: >>I'm trying
>to write a kernel module to basically just print out data
>am > > Why reinvent the wheel? Has the FreeBSD port of DTrace
>got to a point > where it useful for kernel tracing yet? If so,
>that's probably your > best option. Apart from migrating to
>Solaris, that is. :-) DTrace? I haven't heard of it. I know
>there is a KTrace facility in FreeBSD though. I'll check out
>DTrace and see what that's about.
It's Solaris-specific at the moment, as Rich has mentioned.
There is a port to FreeBSD under way, but I'm not sure if it has reached
a stage where it can serve as a debugging tool yet.
- Giorgos
|
|
|
|
|