-
Notifications
You must be signed in to change notification settings - Fork 133
/
rwsnoop
executable file
·234 lines (214 loc) · 5.58 KB
/
rwsnoop
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
#!/usr/bin/ksh
#
# rwsnoop - snoop read/write events.
# Written using DTrace (Solaris 10 3/05).
#
# This is measuring reads and writes at the application level. This matches
# the syscalls read, write, pread and pwrite.
#
# $Id: rwsnoop 3 2007-08-01 10:50:08Z brendan $
#
# USAGE: rwsnoop [-jPtvZ] [-n name] [-p pid]
#
# rwsnoop # default output
#
# -j # print project ID
# -P # print parent process ID
# -t # print timestamp, us
# -v # print time, string
# -Z # print zone ID
# -n name # this process name only
# -p PID # this PID only
# eg,
# rwsnoop -Z # print zone ID
# rwsnoop -n bash # monitor processes named "bash"
# rwsnoop > out.txt # recommended
#
# NOTE:
# rwsnoop usually prints plenty of output, which itself will cause
# more output. It can be better to redirect the output of rwsnoop
# to a file to prevent this.
#
# FIELDS:
# TIME Timestamp, us
# TIMESTR Time, string
# ZONE Zone ID
# PROJ Project ID
# UID User ID
# PID Process ID
# PPID Parent Process ID
# CMD Process name
# D Direction, Read or Write
# BYTES Total bytes during sample, -1 for error
# FILE Filename, if file based
#
# Reads and writes that are not file based, for example with sockets, will
# print "<unknown>" as the filename.
#
# SEE ALSO: rwtop
#
# COPYRIGHT: Copyright (c) 2005 Brendan Gregg.
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at Docs/cddl1.txt
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# CDDL HEADER END
#
# TODO:
# Track readv and writev.
#
# Author: Brendan Gregg [Sydney, Australia]
#
# 24-Jul-2005 Brendan Gregg Created this.
# 17-Sep-2005 " " Increased switchrate.
# 17-Sep-2005 " " Last update.
#
##############################
# --- Process Arguments ---
#
### default variables
opt_name=0; opt_pid=0; opt_proj=0; opt_zone=0; opt_time=0; opt_timestr=0
opt_bytes=1; filter=0; pname=.; pid=0; opt_ppid=0
### process options
while getopts n:Pp:jtvZ name
do
case $name in
n) opt_name=1; pname=$OPTARG ;;
p) opt_pid=1; pid=$OPTARG ;;
P) opt_ppid=1 ;;
j) opt_proj=1 ;;
t) opt_time=1 ;;
v) opt_timestr=1 ;;
Z) opt_zone=1 ;;
h|?) cat <<-END >&2
USAGE: rwsnoop [-jPtvZ] [-n name] [-p pid]
-j # print project ID
-P # print parent process ID
-t # print timestamp, us
-v # print time, string
-Z # print zone ID
-n name # this process name only
-p PID # this PID only
eg,
rwsnoop # default output
rwsnoop -Z # print zone ID
rwsnoop -n bash # monitor processes named "bash"
END
exit 1
esac
done
shift $(( $OPTIND - 1 ))
### option logic
if (( opt_name || opt_pid )); then
filter=1
fi
#################################
# --- Main Program, DTrace ---
#
/usr/sbin/dtrace -n '
/*
* Command line arguments
*/
inline int OPT_proj = '$opt_proj';
inline int OPT_zone = '$opt_zone';
inline int OPT_bytes = '$opt_bytes';
inline int OPT_name = '$opt_name';
inline int OPT_ppid = '$opt_ppid';
inline int OPT_pid = '$opt_pid';
inline int OPT_time = '$opt_time';
inline int OPT_timestr = '$opt_timestr';
inline int FILTER = '$filter';
inline int PID = '$pid';
inline string NAME = "'$pname'";
#pragma D option quiet
#pragma D option switchrate=10hz
/*
* Print header
*/
dtrace:::BEGIN
{
/* print header */
OPT_time ? printf("%-14s ", "TIME") : 1;
OPT_timestr ? printf("%-20s ", "TIMESTR") : 1;
OPT_proj ? printf("%5s ", "PROJ") : 1;
OPT_zone ? printf("%5s ", "ZONE") : 1;
OPT_ppid ? printf("%6s ", "PPID") : 1;
printf("%5s %6s %-12s %1s %7s %s\n",
"UID", "PID", "CMD", "D", "BYTES", "FILE");
}
/*
* Check event is being traced
*/
syscall::*read:entry,
syscall::*write:entry
/pid != $pid/
{
/* default is to trace unless filtering, */
self->ok = FILTER ? 0 : 1;
/* check each filter, */
(OPT_name == 1 && NAME == execname)? self->ok = 1 : 1;
(OPT_pid == 1 && PID == pid) ? self->ok = 1 : 1;
/* save file descriptor */
self->fd = self->ok ? arg0 : 0;
}
/*
* Save read details
*/
syscall::*read:return
/self->ok/
{
self->rw = "R";
self->size = arg0;
}
/*
* Save write details
*/
syscall::*write:entry
/self->ok/
{
self->rw = "W";
self->size = arg2;
}
/*
* Process event
*/
syscall::*read:return,
syscall::*write:entry
/self->ok/
{
/*
* Fetch filename
*/
this->filistp = curthread->t_procp->p_user.u_finfo.fi_list;
this->ufentryp = (uf_entry_t *)((uint64_t)this->filistp +
(uint64_t)self->fd * (uint64_t)sizeof(uf_entry_t));
this->filep = this->ufentryp->uf_file;
this->vnodep = this->filep != 0 ? this->filep->f_vnode : 0;
self->vpath = this->vnodep ? (this->vnodep->v_path != 0 ?
cleanpath(this->vnodep->v_path) : "<unknown>") : "<unknown>";
/*
* Print details
*/
OPT_time ? printf("%-14d ", timestamp / 1000) : 1;
OPT_timestr ? printf("%-20Y ", walltimestamp) : 1;
OPT_proj ? printf("%5d ", curpsinfo->pr_projid) : 1;
OPT_zone ? printf("%5d ", curpsinfo->pr_zoneid) : 1;
OPT_ppid ? printf("%6d ", ppid) : 1;
printf("%5d %6d %-12.12s %1s %7d %s\n",
uid, pid, execname, self->rw, (int)self->size, self->vpath);
self->ok = 0;
self->fd = 0;
self->rw = 0;
self->size = 0;
self->vpath = 0;
}
'