static char *
strsig2(int sig)
{
char *tmp;
tmp = strsig(sig);
if (tmp == NULL)
asprintf(&tmp, "%d", sig);
return (tmp);
}
int
main(int ac, char **av)
{
struct timespec timediff;
struct sigaction sa;
struct ex_types *funcs;
struct trussinfo *trussinfo;
char *fname;
char *signame;
char **command;
pid_t childpid;
int c, initial_open, status;
fname = NULL;
initial_open = 1;
/* Initialize the trussinfo struct */
trussinfo = (struct trussinfo *)calloc(1, sizeof(struct trussinfo));
if (trussinfo == NULL)
errx(1, "calloc() failed");
trussinfo->outfile = stderr;
trussinfo->strsize = 32;
trussinfo->pr_why = S_NONE;
trussinfo->curthread = NULL;
SLIST_INIT(&trussinfo->threadlist);
while ((c = getopt(ac, av, "p:o:facedDs:S")) != -1) {
switch (c) {
case 'p': /* specified pid */
trussinfo->pid = atoi(optarg);
/* make sure i don't trace me */
if (trussinfo->pid == getpid()) {
fprintf(stderr, "attempt to grab self.\n");
exit(2);
}
break;
case 'f': /* Follow fork()'s */
trussinfo->flags |= FOLLOWFORKS;
break;
case 'a': /* Print execve() argument strings. */
trussinfo->flags |= EXECVEARGS;
break;
case 'c': /* Count number of system calls and time. */
trussinfo->flags |= COUNTONLY;
break;
case 'e': /* Print execve() environment strings. */
trussinfo->flags |= EXECVEENVS;
break;
case 'd': /* Absolute timestamps */
trussinfo->flags |= ABSOLUTETIMESTAMPS;
break;
case 'D': /* Relative timestamps */
trussinfo->flags |= RELATIVETIMESTAMPS;
break;
case 'o': /* Specified output file */
fname = optarg;
break;
case 's': /* Specified string size */
trussinfo->strsize = atoi(optarg);
break;
case 'S': /* Don't trace signals */
trussinfo->flags |= NOSIGS;
break;
default:
usage();
}
}
ac -= optind; av += optind;
if ((trussinfo->pid == 0 && ac == 0) ||
(trussinfo->pid != 0 && ac != 0))
usage();
if (fname != NULL) { /* Use output file */
/*
* Set close-on-exec ('e'), so that the output file is not
* shared with the traced process.
*/
if ((trussinfo->outfile = fopen(fname, "we")) == NULL)
err(1, "cannot open %s", fname);
}
/*
* If truss starts the process itself, it will ignore some signals --
* they should be passed off to the process, which may or may not
* exit. If, however, we are examining an already-running process,
* then we restore the event mask on these same signals.
*/
if (trussinfo->pid == 0) { /* Start a command ourselves */
command = av;
trussinfo->pid = setup_and_wait(command);
signal(SIGINT, SIG_IGN);
signal(SIGTERM, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
} else {
sa.sa_handler = restore_proc;
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
sigaction(SIGINT, &sa, NULL);
sigaction(SIGQUIT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
start_tracing(trussinfo->pid);
}
/*
* At this point, if we started the process, it is stopped waiting to
* be woken up, either in exit() or in execve().
*/
START_TRACE:
funcs = set_etype(trussinfo);
initial_open = 0;
/*
* At this point, it's a simple loop, waiting for the process to
* stop, finding out why, printing out why, and then continuing it.
* All of the grunt work is done in the support routines.
*/
clock_gettime(CLOCK_REALTIME, &trussinfo->start_time);
do {
waitevent(trussinfo);
switch (trussinfo->pr_why) {
case S_SCE:
funcs->enter_syscall(trussinfo, MAXARGS);
clock_gettime(CLOCK_REALTIME,
&trussinfo->curthread->before);
break;
case S_SCX:
clock_gettime(CLOCK_REALTIME,
&trussinfo->curthread->after);
if (trussinfo->curthread->in_fork &&
(trussinfo->flags & FOLLOWFORKS)) {
trussinfo->curthread->in_fork = 0;
childpid = funcs->exit_syscall(trussinfo,
trussinfo->pr_data);
/*
* Fork a new copy of ourself to trace
* the child of the original traced
* process.
*/
if (fork() == 0) {
trussinfo->pid = childpid;
start_tracing(trussinfo->pid);
goto START_TRACE;
}
break;
}
funcs->exit_syscall(trussinfo, MAXARGS);
break;
case S_SIG:
if (trussinfo->flags & NOSIGS)
break;
if (trussinfo->flags & FOLLOWFORKS)
fprintf(trussinfo->outfile, "%5d: ",
trussinfo->pid);
if (trussinfo->flags & ABSOLUTETIMESTAMPS) {
timespecsubt(&trussinfo->curthread->after,
&trussinfo->start_time, &timediff);
fprintf(trussinfo->outfile, "%jd.%09ld ",
(intmax_t)timediff.tv_sec,
timediff.tv_nsec);
}
if (trussinfo->flags & RELATIVETIMESTAMPS) {
timespecsubt(&trussinfo->curthread->after,
&trussinfo->curthread->before, &timediff);
fprintf(trussinfo->outfile, "%jd.%09ld ",
(intmax_t)timediff.tv_sec,
timediff.tv_nsec);
}
signame = strsig(trussinfo->pr_data);
fprintf(trussinfo->outfile,
"SIGNAL %u (%s)\n", trussinfo->pr_data,
signame == NULL ? "?" : signame);
break;
case S_EXIT:
if (trussinfo->flags & COUNTONLY)
break;
if (trussinfo->flags & FOLLOWFORKS)
fprintf(trussinfo->outfile, "%5d: ",
trussinfo->pid);
if (trussinfo->flags & ABSOLUTETIMESTAMPS) {
timespecsubt(&trussinfo->curthread->after,
&trussinfo->start_time, &timediff);
fprintf(trussinfo->outfile, "%jd.%09ld ",
(intmax_t)timediff.tv_sec,
timediff.tv_nsec);
}
if (trussinfo->flags & RELATIVETIMESTAMPS) {
timespecsubt(&trussinfo->curthread->after,
&trussinfo->curthread->before, &timediff);
fprintf(trussinfo->outfile, "%jd.%09ld ",
(intmax_t)timediff.tv_sec,
timediff.tv_nsec);
}
fprintf(trussinfo->outfile,
"process exit, rval = %u\n", trussinfo->pr_data);
break;
default:
break;
}
} while (trussinfo->pr_why != S_EXIT &&
trussinfo->pr_why != S_DETACHED);
if (trussinfo->flags & FOLLOWFORKS) {
do {
childpid = wait(&status);
} while (childpid != -1);
}
if (trussinfo->flags & COUNTONLY)
print_summary(trussinfo);
fflush(trussinfo->outfile);
return (0);
}
char *
print_arg(struct syscall_args *sc, unsigned long *args, long retval,
struct trussinfo *trussinfo)
{
char *tmp;
pid_t pid;
tmp = NULL;
pid = trussinfo->pid;
switch (sc->type & ARG_MASK) {
case Hex:
asprintf(&tmp, "0x%x", (int)args[sc->offset]);
break;
case Octal:
asprintf(&tmp, "0%o", (int)args[sc->offset]);
break;
case Int:
asprintf(&tmp, "%d", (int)args[sc->offset]);
break;
case Name: {
/* NULL-terminated string. */
char *tmp2;
tmp2 = get_string(pid, (void*)args[sc->offset], 0);
asprintf(&tmp, "\"%s\"", tmp2);
free(tmp2);
break;
}
case BinString: {
/* Binary block of data that might have printable characters.
XXX If type|OUT, assume that the length is the syscall's
return value. Otherwise, assume that the length of the block
is in the next syscall argument. */
int max_string = trussinfo->strsize;
char tmp2[max_string+1], *tmp3;
int len;
int truncated = 0;
if (sc->type & OUT)
len = retval;
else
len = args[sc->offset + 1];
/* Don't print more than max_string characters, to avoid word
wrap. If we have to truncate put some ... after the string.
*/
if (len > max_string) {
len = max_string;
truncated = 1;
}
if (len && get_struct(pid, (void*)args[sc->offset], &tmp2, len)
!= -1) {
tmp3 = malloc(len * 4 + 1);
while (len) {
if (strvisx(tmp3, tmp2, len,
VIS_CSTYLE|VIS_TAB|VIS_NL) <= max_string)
break;
len--;
truncated = 1;
};
asprintf(&tmp, "\"%s\"%s", tmp3, truncated ?
"..." : "");
free(tmp3);
} else {
asprintf(&tmp, "0x%lx", args[sc->offset]);
}
break;
}
case StringArray: {
int num, size, i;
char *tmp2;
char *string;
char *strarray[100]; /* XXX This is ugly. */
if (get_struct(pid, (void *)args[sc->offset],
(void *)&strarray, sizeof(strarray)) == -1)
err(1, "get_struct %p", (void *)args[sc->offset]);
num = 0;
size = 0;
/* Find out how large of a buffer we'll need. */
while (strarray[num] != NULL) {
string = get_string(pid, (void*)strarray[num], 0);
size += strlen(string);
free(string);
num++;
}
size += 4 + (num * 4);
tmp = (char *)malloc(size);
tmp2 = tmp;
tmp2 += sprintf(tmp2, " [");
for (i = 0; i < num; i++) {
string = get_string(pid, (void*)strarray[i], 0);
tmp2 += sprintf(tmp2, " \"%s\"%c", string,
(i + 1 == num) ? ' ' : ',');
free(string);
}
tmp2 += sprintf(tmp2, "]");
break;
}
#ifdef __LP64__
case Quad:
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
#else
case Quad: {
unsigned long long ll;
ll = *(unsigned long long *)(args + sc->offset);
asprintf(&tmp, "0x%llx", ll);
break;
}
#endif
case Ptr:
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
case Readlinkres: {
char *tmp2;
if (retval == -1) {
tmp = strdup("");
break;
}
tmp2 = get_string(pid, (void*)args[sc->offset], retval);
asprintf(&tmp, "\"%s\"", tmp2);
free(tmp2);
break;
}
case Ioctl: {
const char *temp = ioctlname(args[sc->offset]);
if (temp)
tmp = strdup(temp);
else {
unsigned long arg = args[sc->offset];
asprintf(&tmp, "0x%lx { IO%s%s 0x%lx('%c'), %lu, %lu }",
arg, arg & IOC_OUT ? "R" : "",
arg & IOC_IN ? "W" : "", IOCGROUP(arg),
isprint(IOCGROUP(arg)) ? (char)IOCGROUP(arg) : '?',
arg & 0xFF, IOCPARM_LEN(arg));
}
break;
}
case Umtx: {
struct umtx umtx;
if (get_struct(pid, (void *)args[sc->offset], &umtx,
sizeof(umtx)) != -1)
asprintf(&tmp, "{ 0x%lx }", (long)umtx.u_owner);
else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Timespec: {
struct timespec ts;
if (get_struct(pid, (void *)args[sc->offset], &ts,
sizeof(ts)) != -1)
asprintf(&tmp, "{%ld.%09ld }", (long)ts.tv_sec,
ts.tv_nsec);
else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Timeval: {
struct timeval tv;
if (get_struct(pid, (void *)args[sc->offset], &tv, sizeof(tv))
!= -1)
asprintf(&tmp, "{%ld.%06ld }", (long)tv.tv_sec,
tv.tv_usec);
else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Timeval2: {
struct timeval tv[2];
if (get_struct(pid, (void *)args[sc->offset], &tv, sizeof(tv))
!= -1)
asprintf(&tmp, "{%ld.%06ld, %ld.%06ld }",
(long)tv[0].tv_sec, tv[0].tv_usec,
(long)tv[1].tv_sec, tv[1].tv_usec);
else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Itimerval: {
struct itimerval itv;
if (get_struct(pid, (void *)args[sc->offset], &itv,
sizeof(itv)) != -1)
asprintf(&tmp, "{%ld.%06ld, %ld.%06ld }",
(long)itv.it_interval.tv_sec,
itv.it_interval.tv_usec,
(long)itv.it_value.tv_sec,
itv.it_value.tv_usec);
else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case LinuxSockArgs:
{
struct linux_socketcall_args largs;
if (get_struct(pid, (void *)args[sc->offset], (void *)&largs,
sizeof(largs)) == -1) {
err(1, "get_struct %p", (void *)args[sc->offset]);
}
const char *what;
char buf[30];
switch (largs.what) {
case LINUX_SOCKET:
what = "LINUX_SOCKET";
break;
case LINUX_BIND:
what = "LINUX_BIND";
break;
case LINUX_CONNECT:
what = "LINUX_CONNECT";
break;
case LINUX_LISTEN:
what = "LINUX_LISTEN";
break;
case LINUX_ACCEPT:
what = "LINUX_ACCEPT";
break;
case LINUX_GETSOCKNAME:
what = "LINUX_GETSOCKNAME";
break;
case LINUX_GETPEERNAME:
what = "LINUX_GETPEERNAME";
break;
case LINUX_SOCKETPAIR:
what = "LINUX_SOCKETPAIR";
break;
case LINUX_SEND:
what = "LINUX_SEND";
break;
case LINUX_RECV:
what = "LINUX_RECV";
break;
case LINUX_SENDTO:
what = "LINUX_SENDTO";
break;
case LINUX_RECVFROM:
what = "LINUX_RECVFROM";
break;
case LINUX_SHUTDOWN:
what = "LINUX_SHUTDOWN";
break;
case LINUX_SETSOCKOPT:
what = "LINUX_SETSOCKOPT";
break;
case LINUX_GETSOCKOPT:
what = "LINUX_GETSOCKOPT";
break;
case LINUX_SENDMSG:
what = "LINUX_SENDMSG";
break;
case LINUX_RECVMSG:
what = "LINUX_RECVMSG";
break;
default:
sprintf(buf, "%d", largs.what);
what = buf;
break;
}
asprintf(&tmp, "(0x%lx)%s, 0x%lx", args[sc->offset], what, (long unsigned int)largs.args);
break;
}
case Pollfd: {
/*
* XXX: A Pollfd argument expects the /next/ syscall argument
* to be the number of fds in the array. This matches the poll
* syscall.
*/
struct pollfd *pfd;
int numfds = args[sc->offset+1];
int bytes = sizeof(struct pollfd) * numfds;
int i, tmpsize, u, used;
const int per_fd = 100;
if ((pfd = malloc(bytes)) == NULL)
err(1, "Cannot malloc %d bytes for pollfd array",
bytes);
if (get_struct(pid, (void *)args[sc->offset], pfd, bytes)
!= -1) {
used = 0;
tmpsize = 1 + per_fd * numfds + 2;
if ((tmp = malloc(tmpsize)) == NULL)
err(1, "Cannot alloc %d bytes for poll output",
tmpsize);
tmp[used++] = '{';
for (i = 0; i < numfds; i++) {
u = snprintf(tmp + used, per_fd, "%s%d/%s",
i > 0 ? " " : "", pfd[i].fd,
xlookup_bits(poll_flags, pfd[i].events));
if (u > 0)
used += u < per_fd ? u : per_fd;
}
tmp[used++] = '}';
tmp[used++] = '\0';
} else {
asprintf(&tmp, "0x%lx", args[sc->offset]);
}
free(pfd);
break;
}
case Fd_set: {
/*
* XXX: A Fd_set argument expects the /first/ syscall argument
* to be the number of fds in the array. This matches the
* select syscall.
*/
fd_set *fds;
int numfds = args[0];
int bytes = _howmany(numfds, _NFDBITS) * _NFDBITS;
int i, tmpsize, u, used;
const int per_fd = 20;
if ((fds = malloc(bytes)) == NULL)
err(1, "Cannot malloc %d bytes for fd_set array",
bytes);
if (get_struct(pid, (void *)args[sc->offset], fds, bytes)
!= -1) {
used = 0;
tmpsize = 1 + numfds * per_fd + 2;
if ((tmp = malloc(tmpsize)) == NULL)
err(1, "Cannot alloc %d bytes for fd_set "
"output", tmpsize);
tmp[used++] = '{';
for (i = 0; i < numfds; i++) {
if (FD_ISSET(i, fds)) {
u = snprintf(tmp + used, per_fd, "%d ",
i);
if (u > 0)
used += u < per_fd ? u : per_fd;
}
}
if (tmp[used-1] == ' ')
used--;
tmp[used++] = '}';
tmp[used++] = '\0';
} else
asprintf(&tmp, "0x%lx", args[sc->offset]);
free(fds);
break;
}
case Signal:
tmp = strsig2(args[sc->offset]);
break;
case Sigset: {
long sig;
sigset_t ss;
int i, used;
char *signame;
sig = args[sc->offset];
if (get_struct(pid, (void *)args[sc->offset], (void *)&ss,
sizeof(ss)) == -1) {
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
tmp = malloc(sys_nsig * 8); /* 7 bytes avg per signal name */
used = 0;
for (i = 1; i < sys_nsig; i++) {
if (sigismember(&ss, i)) {
signame = strsig(i);
used += sprintf(tmp + used, "%s|", signame);
free(signame);
}
}
if (used)
tmp[used-1] = 0;
else
strcpy(tmp, "0x0");
break;
}
case Sigprocmask: {
switch (args[sc->offset]) {
#define S(a) case a: tmp = strdup(#a); break;
S(SIG_BLOCK);
S(SIG_UNBLOCK);
S(SIG_SETMASK);
#undef S
}
if (tmp == NULL)
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Fcntlflag: {
/* XXX output depends on the value of the previous argument */
switch (args[sc->offset-1]) {
case F_SETFD:
tmp = strdup(xlookup_bits(fcntlfd_arg,
args[sc->offset]));
break;
case F_SETFL:
tmp = strdup(xlookup_bits(fcntlfl_arg,
args[sc->offset]));
break;
case F_GETFD:
case F_GETFL:
case F_GETOWN:
tmp = strdup("");
break;
default:
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
break;
}
case Open:
tmp = strdup(xlookup_bits(open_flags, args[sc->offset]));
break;
case Fcntl:
tmp = strdup(xlookup(fcntl_arg, args[sc->offset]));
break;
case Mprot:
tmp = strdup(xlookup_bits(mprot_flags, args[sc->offset]));
break;
case Mmapflags: {
char *base, *alignstr;
int align, flags;
/*
* MAP_ALIGNED can't be handled by xlookup_bits(), so
* generate that string manually and prepend it to the
* string from xlookup_bits(). Have to be careful to
* avoid outputting MAP_ALIGNED|0 if MAP_ALIGNED is
* the only flag.
*/
flags = args[sc->offset] & ~MAP_ALIGNMENT_MASK;
align = args[sc->offset] & MAP_ALIGNMENT_MASK;
if (align != 0) {
if (align == MAP_ALIGNED_SUPER)
alignstr = strdup("MAP_ALIGNED_SUPER");
else
asprintf(&alignstr, "MAP_ALIGNED(%d)",
align >> MAP_ALIGNMENT_SHIFT);
if (flags == 0) {
tmp = alignstr;
break;
}
} else
alignstr = NULL;
base = strdup(xlookup_bits(mmap_flags, flags));
if (alignstr == NULL) {
tmp = base;
break;
}
asprintf(&tmp, "%s|%s", alignstr, base);
free(alignstr);
free(base);
break;
}
case Whence:
tmp = strdup(xlookup(whence_arg, args[sc->offset]));
break;
case Sockdomain:
tmp = strdup(xlookup(sockdomain_arg, args[sc->offset]));
break;
case Socktype:
tmp = strdup(xlookup(socktype_arg, args[sc->offset]));
break;
case Shutdown:
tmp = strdup(xlookup(shutdown_arg, args[sc->offset]));
break;
case Resource:
tmp = strdup(xlookup(resource_arg, args[sc->offset]));
break;
case Pathconf:
tmp = strdup(xlookup(pathconf_arg, args[sc->offset]));
break;
case Rforkflags:
tmp = strdup(xlookup_bits(rfork_flags, args[sc->offset]));
break;
case Sockaddr: {
struct sockaddr_storage ss;
char addr[64];
struct sockaddr_in *lsin;
struct sockaddr_in6 *lsin6;
struct sockaddr_un *sun;
struct sockaddr *sa;
char *p;
u_char *q;
int i;
if (args[sc->offset] == 0) {
asprintf(&tmp, "NULL");
break;
}
/* yuck: get ss_len */
if (get_struct(pid, (void *)args[sc->offset], (void *)&ss,
sizeof(ss.ss_len) + sizeof(ss.ss_family)) == -1)
err(1, "get_struct %p", (void *)args[sc->offset]);
/*
* If ss_len is 0, then try to guess from the sockaddr type.
* AF_UNIX may be initialized incorrectly, so always frob
* it by using the "right" size.
*/
if (ss.ss_len == 0 || ss.ss_family == AF_UNIX) {
switch (ss.ss_family) {
case AF_INET:
ss.ss_len = sizeof(*lsin);
break;
case AF_UNIX:
ss.ss_len = sizeof(*sun);
break;
default:
/* hurrrr */
break;
}
}
if (get_struct(pid, (void *)args[sc->offset], (void *)&ss,
ss.ss_len) == -1) {
err(2, "get_struct %p", (void *)args[sc->offset]);
}
switch (ss.ss_family) {
case AF_INET:
lsin = (struct sockaddr_in *)&ss;
inet_ntop(AF_INET, &lsin->sin_addr, addr, sizeof addr);
asprintf(&tmp, "{ AF_INET %s:%d }", addr,
htons(lsin->sin_port));
break;
case AF_INET6:
lsin6 = (struct sockaddr_in6 *)&ss;
inet_ntop(AF_INET6, &lsin6->sin6_addr, addr,
sizeof addr);
asprintf(&tmp, "{ AF_INET6 [%s]:%d }", addr,
htons(lsin6->sin6_port));
break;
case AF_UNIX:
sun = (struct sockaddr_un *)&ss;
asprintf(&tmp, "{ AF_UNIX \"%s\" }", sun->sun_path);
break;
default:
sa = (struct sockaddr *)&ss;
asprintf(&tmp, "{ sa_len = %d, sa_family = %d, sa_data "
"= {%n%*s } }", (int)sa->sa_len, (int)sa->sa_family,
&i, 6 * (int)(sa->sa_len - ((char *)&sa->sa_data -
(char *)sa)), "");
if (tmp != NULL) {
p = tmp + i;
for (q = (u_char *)&sa->sa_data;
q < (u_char *)sa + sa->sa_len; q++)
p += sprintf(p, " %#02x,", *q);
}
}
break;
}
case Sigaction: {
struct sigaction sa;
char *hand;
const char *h;
if (get_struct(pid, (void *)args[sc->offset], &sa, sizeof(sa))
!= -1) {
asprintf(&hand, "%p", sa.sa_handler);
if (sa.sa_handler == SIG_DFL)
h = "SIG_DFL";
else if (sa.sa_handler == SIG_IGN)
h = "SIG_IGN";
else
h = hand;
asprintf(&tmp, "{ %s %s ss_t }", h,
xlookup_bits(sigaction_flags, sa.sa_flags));
free(hand);
} else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Kevent: {
/*
* XXX XXX: the size of the array is determined by either the
* next syscall argument, or by the syscall returnvalue,
* depending on which argument number we are. This matches the
* kevent syscall, but luckily that's the only syscall that uses
* them.
*/
struct kevent *ke;
int numevents = -1;
int bytes = 0;
int i, tmpsize, u, used;
const int per_ke = 100;
if (sc->offset == 1)
numevents = args[sc->offset+1];
else if (sc->offset == 3 && retval != -1)
numevents = retval;
if (numevents >= 0)
bytes = sizeof(struct kevent) * numevents;
if ((ke = malloc(bytes)) == NULL)
err(1, "Cannot malloc %d bytes for kevent array",
bytes);
if (numevents >= 0 && get_struct(pid, (void *)args[sc->offset],
ke, bytes) != -1) {
used = 0;
tmpsize = 1 + per_ke * numevents + 2;
if ((tmp = malloc(tmpsize)) == NULL)
err(1, "Cannot alloc %d bytes for kevent "
"output", tmpsize);
tmp[used++] = '{';
for (i = 0; i < numevents; i++) {
u = snprintf(tmp + used, per_ke,
"%s%p,%s,%s,%d,%p,%p",
i > 0 ? " " : "",
(void *)ke[i].ident,
xlookup(kevent_filters, ke[i].filter),
xlookup_bits(kevent_flags, ke[i].flags),
ke[i].fflags,
(void *)ke[i].data,
(void *)ke[i].udata);
if (u > 0)
used += u < per_ke ? u : per_ke;
}
tmp[used++] = '}';
tmp[used++] = '\0';
} else {
asprintf(&tmp, "0x%lx", args[sc->offset]);
}
free(ke);
break;
}
case Stat: {
struct stat st;
if (get_struct(pid, (void *)args[sc->offset], &st, sizeof(st))
!= -1) {
char mode[12];
strmode(st.st_mode, mode);
asprintf(&tmp,
"{ mode=%s,inode=%jd,size=%jd,blksize=%ld }", mode,
(intmax_t)st.st_ino, (intmax_t)st.st_size,
(long)st.st_blksize);
} else {
asprintf(&tmp, "0x%lx", args[sc->offset]);
}
break;
}
case Rusage: {
struct rusage ru;
if (get_struct(pid, (void *)args[sc->offset], &ru, sizeof(ru))
!= -1) {
asprintf(&tmp,
"{ u=%ld.%06ld,s=%ld.%06ld,in=%ld,out=%ld }",
(long)ru.ru_utime.tv_sec, ru.ru_utime.tv_usec,
(long)ru.ru_stime.tv_sec, ru.ru_stime.tv_usec,
ru.ru_inblock, ru.ru_oublock);
} else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case Rlimit: {
struct rlimit rl;
if (get_struct(pid, (void *)args[sc->offset], &rl, sizeof(rl))
!= -1) {
asprintf(&tmp, "{ cur=%ju,max=%ju }",
rl.rlim_cur, rl.rlim_max);
} else
asprintf(&tmp, "0x%lx", args[sc->offset]);
break;
}
case ExitStatus: {
char *signame;
int status;
signame = NULL;
if (get_struct(pid, (void *)args[sc->offset], &status,
sizeof(status)) != -1) {
if (WIFCONTINUED(status))
tmp = strdup("{ CONTINUED }");
else if (WIFEXITED(status))
asprintf(&tmp, "{ EXITED,val=%d }",
WEXITSTATUS(status));
else if (WIFSIGNALED(status))
asprintf(&tmp, "{ SIGNALED,sig=%s%s }",
signame = strsig2(WTERMSIG(status)),
WCOREDUMP(status) ? ",cored" : "");
else
asprintf(&tmp, "{ STOPPED,sig=%s }",
signame = strsig2(WTERMSIG(status)));
} else
asprintf(&tmp, "0x%lx", args[sc->offset]);
free(signame);
break;
}
case Waitoptions:
tmp = strdup(xlookup_bits(wait_options, args[sc->offset]));
break;
case Idtype:
tmp = strdup(xlookup(idtype_arg, args[sc->offset]));
break;
case Procctl:
tmp = strdup(xlookup(procctl_arg, args[sc->offset]));
break;
default:
errx(1, "Invalid argument type %d\n", sc->type & ARG_MASK);
}
