Skip to content

Instantly share code, notes, and snippets.

@robbmanes

robbmanes/watch-unix-socket.stp

Last active October 17, 2024 07:43
Show Gist options
  • Save robbmanes/47b902512dbcaa9c068e4ed9b5a3bc72 to your computer and use it in GitHub Desktop.
Save robbmanes/47b902512dbcaa9c068e4ed9b5a3bc72 to your computer and use it in GitHub Desktop.
Download ZIP
Systemtap script to watch UNIX socket input
Raw
watch-unix-socket.stp
/*
* watch_unix_socket.stp
*
* This is a simply more modern version of the script found here:
* https://sourceware.org/systemtap/wiki/WSunixSockets
*
* The first argument is the location of the file descriptor for a UNIX socket.
* To find this address, for example, for the Docker socket run:
*
* # lsof 2>&1 | awk '/docker.sock/ {print $7}' | grep -v '0t0' | sort -u
* 0xffff8ed0b4eb1800
*
* And use that address to run this systemtap script:
*
* # stap watch_unix_socket.stp 0xffff8ed0b4eb1800
*/
probe begin {
printf("Watching input into socket 0x%x...\n", $1);
}
probe kernel.function("unix_stream_sendmsg") {
if ($sock->sk != $1) {
printf("%d %s is accessing %p\n", pid(), execname(), $sock->sk);
printf("====================\n");
len = 0
for (i = 0; i < $msg->msg_iovlen; i++) {
len += $msg->msg_iov[i]->iov_len;
}
printf("%d [", len);
for (i = 0; i < $msg->msg_iovlen; i++) {
printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
}
printf("] [");
for (i = 0; i < $msg->msg_iovlen; i++) {
printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
}
printf("]\n\n");
}
}
@pereyra-m
Copy link

Hi!

I'm testing it on a CentOS 8 (4.18.0-305.10.2.el8_4.x86_64), but I got this errors.
It may be related to https://stackoverflow.com/questions/57388814/error-struct-msghdr-has-no-member-named-msg-iov
Thanks!

[root@localhost vagrant]# stap -v watch-unix-socket.stp 0xffff914ebb73c000
Pass 1: parsed user script and 482 library scripts using 246440virt/88468res/12304shr/75684data kb, in 180usr/30sys/210real ms.
semantic error: unable to find member 'msg_iovlen' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_namelen, msg_name, msg_control, msg_controllen, msg_flags): operator '->' at watch-unix-socket.stp:28:23
        source: 		for (i = 0; i < $msg->msg_iovlen; i++) {
                		                    ^

semantic error: unable to find member 'msg_iovlen' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_namelen, msg_name, msg_control, msg_controllen, msg_flags): operator '->' at :28:23
        source: 		for (i = 0; i < $msg->msg_iovlen; i++) {
                		                    ^

semantic error: unable to find member 'msg_iov' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_name, msg_flags, msg_control, msg_namelen, msg_controllen): operator '->' at :29:15
        source: 			len += $msg->msg_iov[i]->iov_len;
                			           ^

semantic error: unable to find member 'msg_iovlen' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_namelen, msg_name, msg_control, msg_controllen, msg_flags): operator '->' at :33:23
        source: 		for (i = 0; i < $msg->msg_iovlen; i++) {
                		                    ^

semantic error: unable to find member 'msg_iov' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_name, msg_flags, msg_control, msg_namelen, msg_controllen): operator '->' at :34:35
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                               ^

semantic error: unresolved type : identifier '$msg' at :34:31
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                           ^

semantic error: unable to find member 'msg_iov' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_name, msg_flags, msg_control, msg_namelen, msg_controllen): operator '->' at :34:63
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                                                           ^

semantic error: unresolved type : identifier '$msg' at :34:59
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                                                       ^

semantic error: unable to find member 'msg_iovlen' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_namelen, msg_name, msg_control, msg_controllen, msg_flags): operator '->' at :38:23
        source: 		for (i = 0; i < $msg->msg_iovlen; i++) {
                		                    ^

semantic error: unable to find member 'msg_iov' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_name, msg_flags, msg_control, msg_namelen, msg_controllen): operator '->' at :39:35
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                               ^

semantic error: unresolved type : identifier '$msg' at :39:31
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                           ^

semantic error: unable to find member 'msg_iov' for struct msghdr (alternatives: msg_iocb, msg_iter, msg_name, msg_flags, msg_control, msg_namelen, msg_controllen): operator '->' at :39:63
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                                                           ^

semantic error: unresolved type : identifier '$msg' at :39:59
        source: 			printf("%s", user_string_n($msg->msg_iov[i]->iov_base, $msg->msg_iov[i]->iov_len));
                			                                                       ^

Pass 2: analyzed script: 2 probes, 5 functions, 1 embed, 0 globals using 308600virt/151556res/13460shr/137844data kb, in 1250usr/210sys/1633real ms.
Pass 2: analysis failed.  [man error::pass2]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment