[dtrace-discuss] Re: Re: Re: Re: Re: How to monitor any access to
a specific file using drace
Adam Leventhal
ahl at eng.sun.com
Thu Jan 25 23:51:25 PST 2007
On Thu, Jan 25, 2007 at 10:14:11AM +0100, Michael Schuster wrote:
> David Chen wrote:
> >Hi Mike,
> >Yes I'm using Solaris 10, do you know any other string function to do a
> >"partial match"? I know stardand C library has "strstr" function, is
> >there a way for dtrace script to call a C function?
>
> you can use system() to call a *program*, but not, AFAIK, in a predicate.
> system() doesn't return a value, so that's be problematic in a predicate
> anyway ;-)
There's some confusion here that's worth clearing up. In DTrace when you
trace() something, that datum is recorded to an in-kernel buffer which is
later read and displayed by the user-land client (often dtrace(1M)). The
system action works similarly: a string is traced to the in-kernel buffer
and the client then executes that string rather than simply printing it
to the screen.
This program, for example, will print a bunch of stack traces:
syscall:::entry
{
system("pstack %d", pid);
}
But those stacks will happen well after the event has occurred, whereas the
ustack() action records the stack _at that time_. The scope of what can be
done in "probe context" is limited due to issues of safety, security, and
ubiquity of tracing.
Adam
--
Adam Leventhal, Solaris Kernel Development http://blogs.sun.com/ahl
More information about the dtrace-discuss
mailing list