1 #!/usr/sbin/dtrace -s
2 /*
3  * This file and its contents are supplied under the terms of the
4  * Common Development and Distribution License ("CDDL"), version 1.0.
5  * You may only use this file in accordance with the terms of version
6  * 1.0 of the CDDL.
7  *
8  * A full copy of the text of the CDDL should have accompanied this
9  * source.  A copy of the CDDL is also available via the Internet at
10  * http://www.illumos.org/license/CDDL.
11  */
12 
13 /*
14  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
15  */
16 
17 /*
18  * User-level dtrace for smbd
19  * Usage: dtrace -s smbd-pipesvc.d -p `pgrep smbd`
20  */
21 
22 #pragma D option flowindent
23 
24 self int trace;
25 self int mask;
26 
27 /*
28  * The pipesvc_worker() function is a good place to start tracing
29  * to watch RPC service actions.  This worker handles all activity
30  * for a given named pipe instance, including the payload from all
31  * SMB read/write requests on this endpoint.
32  */
33 pid$target:*smbd:pipesvc_worker:entry
34 {
35 	self->trace++;
36 }
37 
38 /*
39  * If traced and not masked, print entry/return
40  */
41 pid$target:*smbd::entry,
42 pid$target:libmlsvc.so.1::entry,
43 pid$target:libmlrpc.so.2::entry,
44 pid$target:libsmbns.so.1::entry,
45 pid$target:libsmb.so.1::entry
46 /self->trace > 0 && self->mask == 0/
47 {
48 	printf("\t0x%x", arg0);
49 	printf("\t0x%x", arg1);
50 	printf("\t0x%x", arg2);
51 	printf("\t0x%x", arg3);
52 	printf("\t0x%x", arg4);
53 	printf("\t0x%x", arg5);
54 }
55 
56 /*
57  * Mask (don't print) all function calls below these functions.
58  * These make many boring, repetitive function calls like
59  * smb_mbtowc, smb_msgbuf_has_space, ...
60  *
61  * Also, libmlrpc has rather deep call stacks, particularly under
62  * ndr_encode_decode_common(), so this stops traces below there.
63  * Remove that from the mask actions to see the details.
64  */
65 pid$target::ht_findfirst:entry,
66 pid$target::ht_findnext:entry,
67 pid$target::ndr_encode_decode_common:entry,
68 pid$target::smb_msgbuf_decode:entry,
69 pid$target::smb_msgbuf_encode:entry,
70 pid$target::smb_strlwr:entry,
71 pid$target::smb_strupr:entry,
72 pid$target::smb_wcequiv_strlen:entry
73 {
74 	self->mask++;
75 }
76 
77 /*
78  * Now inverses of above, unwind order.
79  */
80 
81 pid$target::ht_findfirst:return,
82 pid$target::ht_findnext:return,
83 pid$target::ndr_encode_decode_common:return,
84 pid$target::smb_msgbuf_decode:return,
85 pid$target::smb_msgbuf_encode:return,
86 pid$target::smb_strlwr:return,
87 pid$target::smb_strupr:return,
88 pid$target::smb_wcequiv_strlen:return
89 {
90 	self->mask--;
91 }
92 
93 pid$target:*smbd::return,
94 pid$target:libmlsvc.so.1::return,
95 pid$target:libmlrpc.so.2::return,
96 pid$target:libsmbns.so.1::return,
97 pid$target:libsmb.so.1::return
98 /self->trace > 0 && self->mask == 0/
99 {
100 	printf("\t0x%x", arg1);
101 }
102 
103 /*
104  * This function in libmlrpc prints out lots of internal state.
105  * Comment it out if you don't want that noise.
106  */
107 pid$target:libmlrpc.so.2:ndo_trace:entry
108 /self->trace > 0 && self->mask == 0/
109 {
110 	printf("ndo_trace: %s", copyinstr(arg0));
111 }
112 
113 pid$target:*smbd:pipesvc_worker:return
114 {
115 	self->trace--;
116 }
117