1ed81dd52SAlek Pinchuk #!/usr/sbin/dtrace -s 2ed81dd52SAlek Pinchuk /* 3ed81dd52SAlek Pinchuk * This file and its contents are supplied under the terms of the 4ed81dd52SAlek Pinchuk * Common Development and Distribution License ("CDDL"), version 1.0. 5ed81dd52SAlek Pinchuk * You may only use this file in accordance with the terms of version 6ed81dd52SAlek Pinchuk * 1.0 of the CDDL. 7ed81dd52SAlek Pinchuk * 8ed81dd52SAlek Pinchuk * A full copy of the text of the CDDL should have accompanied this 9ed81dd52SAlek Pinchuk * source. A copy of the CDDL is also available via the Internet at 10ed81dd52SAlek Pinchuk * http://www.illumos.org/license/CDDL. 11ed81dd52SAlek Pinchuk */ 12ed81dd52SAlek Pinchuk 13ed81dd52SAlek Pinchuk /* 14*d1855c81SGordon Ross * Copyright 2018 Nexenta Systems, Inc. All rights reserved. 15ed81dd52SAlek Pinchuk */ 16ed81dd52SAlek Pinchuk 17ed81dd52SAlek Pinchuk /* 18ed81dd52SAlek Pinchuk * User-level dtrace for smbd 19ed81dd52SAlek Pinchuk * Usage: dtrace -s smbd-pipesvc.d -p `pgrep smbd` 20ed81dd52SAlek Pinchuk */ 21ed81dd52SAlek Pinchuk 22ed81dd52SAlek Pinchuk #pragma D option flowindent 23ed81dd52SAlek Pinchuk 24ed81dd52SAlek Pinchuk self int trace; 25ed81dd52SAlek Pinchuk self int mask; 26ed81dd52SAlek Pinchuk 27ed81dd52SAlek Pinchuk /* 28*d1855c81SGordon Ross * The pipesvc_worker() function is a good place to start tracing 29ed81dd52SAlek Pinchuk * to watch RPC service actions. This worker handles all activity 30ed81dd52SAlek Pinchuk * for a given named pipe instance, including the payload from all 31ed81dd52SAlek Pinchuk * SMB read/write requests on this endpoint. 32ed81dd52SAlek Pinchuk */ 33ed81dd52SAlek Pinchuk pid$target:*smbd:pipesvc_worker:entry 34ed81dd52SAlek Pinchuk { 35ed81dd52SAlek Pinchuk self->trace++; 36ed81dd52SAlek Pinchuk } 37ed81dd52SAlek Pinchuk 38ed81dd52SAlek Pinchuk /* 39ed81dd52SAlek Pinchuk * If traced and not masked, print entry/return 40ed81dd52SAlek Pinchuk */ 41ed81dd52SAlek Pinchuk pid$target:*smbd::entry, 42ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::entry, 43*d1855c81SGordon Ross pid$target:libmlrpc.so.2::entry, 44ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::entry, 45ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::entry 46ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 47ed81dd52SAlek Pinchuk { 48ed81dd52SAlek Pinchuk printf("\t0x%x", arg0); 49ed81dd52SAlek Pinchuk printf("\t0x%x", arg1); 50ed81dd52SAlek Pinchuk printf("\t0x%x", arg2); 51ed81dd52SAlek Pinchuk printf("\t0x%x", arg3); 52ed81dd52SAlek Pinchuk printf("\t0x%x", arg4); 53ed81dd52SAlek Pinchuk printf("\t0x%x", arg5); 54ed81dd52SAlek Pinchuk } 55ed81dd52SAlek Pinchuk 56ed81dd52SAlek Pinchuk /* 57ed81dd52SAlek Pinchuk * Mask (don't print) all function calls below these functions. 58ed81dd52SAlek Pinchuk * These make many boring, repetitive function calls like 59ed81dd52SAlek Pinchuk * smb_mbtowc, smb_msgbuf_has_space, ... 60ed81dd52SAlek Pinchuk * 61ed81dd52SAlek Pinchuk * Also, libmlrpc has rather deep call stacks, particularly under 62ed81dd52SAlek Pinchuk * ndr_encode_decode_common(), so this stops traces below there. 63ed81dd52SAlek Pinchuk * Remove that from the mask actions to see the details. 64ed81dd52SAlek Pinchuk */ 65ed81dd52SAlek Pinchuk pid$target::ht_findfirst:entry, 66ed81dd52SAlek Pinchuk pid$target::ht_findnext:entry, 67ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:entry, 68ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:entry, 69ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:entry, 70ed81dd52SAlek Pinchuk pid$target::smb_strlwr:entry, 71ed81dd52SAlek Pinchuk pid$target::smb_strupr:entry, 72ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:entry 73ed81dd52SAlek Pinchuk { 74ed81dd52SAlek Pinchuk self->mask++; 75ed81dd52SAlek Pinchuk } 76ed81dd52SAlek Pinchuk 77ed81dd52SAlek Pinchuk /* 78ed81dd52SAlek Pinchuk * Now inverses of above, unwind order. 79ed81dd52SAlek Pinchuk */ 80ed81dd52SAlek Pinchuk 81ed81dd52SAlek Pinchuk pid$target::ht_findfirst:return, 82ed81dd52SAlek Pinchuk pid$target::ht_findnext:return, 83ed81dd52SAlek Pinchuk pid$target::ndr_encode_decode_common:return, 84ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_decode:return, 85ed81dd52SAlek Pinchuk pid$target::smb_msgbuf_encode:return, 86ed81dd52SAlek Pinchuk pid$target::smb_strlwr:return, 87ed81dd52SAlek Pinchuk pid$target::smb_strupr:return, 88ed81dd52SAlek Pinchuk pid$target::smb_wcequiv_strlen:return 89ed81dd52SAlek Pinchuk { 90ed81dd52SAlek Pinchuk self->mask--; 91ed81dd52SAlek Pinchuk } 92ed81dd52SAlek Pinchuk 93ed81dd52SAlek Pinchuk pid$target:*smbd::return, 94ed81dd52SAlek Pinchuk pid$target:libmlsvc.so.1::return, 95*d1855c81SGordon Ross pid$target:libmlrpc.so.2::return, 96ed81dd52SAlek Pinchuk pid$target:libsmbns.so.1::return, 97ed81dd52SAlek Pinchuk pid$target:libsmb.so.1::return 98ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 99ed81dd52SAlek Pinchuk { 100ed81dd52SAlek Pinchuk printf("\t0x%x", arg1); 101ed81dd52SAlek Pinchuk } 102ed81dd52SAlek Pinchuk 103ed81dd52SAlek Pinchuk /* 104ed81dd52SAlek Pinchuk * This function in libmlrpc prints out lots of internal state. 105ed81dd52SAlek Pinchuk * Comment it out if you don't want that noise. 106ed81dd52SAlek Pinchuk */ 107*d1855c81SGordon Ross pid$target:libmlrpc.so.2:ndo_trace:entry 108ed81dd52SAlek Pinchuk /self->trace > 0 && self->mask == 0/ 109ed81dd52SAlek Pinchuk { 110ed81dd52SAlek Pinchuk printf("ndo_trace: %s", copyinstr(arg0)); 111ed81dd52SAlek Pinchuk } 112ed81dd52SAlek Pinchuk 113ed81dd52SAlek Pinchuk pid$target:*smbd:pipesvc_worker:return 114ed81dd52SAlek Pinchuk { 115ed81dd52SAlek Pinchuk self->trace--; 116ed81dd52SAlek Pinchuk } 117