System Tap help

System Tap help

[V.Ravikumar]

Hi all,
I'm probing sys_write system call using system tap to get modified file
name along with UID.
Here is code snippet.

probe kernel.function ("vfs_write")
{

        filename = user_string($file->f_dentry->d_name->name)  // for
2.6.18 kernel.
        printf ("%d %s\n",uid,filename)
}
I got sample program to get inode number as below
inode_nr = $file->f_path->dentry->d_inode->i_ino . This I changed to get
file name, I'm getting file name as empty.

With above program i'm getting file name as unknown.
My question is does above code snippet is correct to get file name ? If not
could somebody please let me know the correct implementation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120412/784c4cd4/attachment.html 

System Tap help

[V.Ravikumar]

On Thu, Apr 12, 2012 at 10:38 AM, V.Ravikumar
<ravikumar.vallabhu@gmail.com>wrote:

> Hi all,
> I'm probing sys_write system call using system tap to get modified file
> name along with UID.
> Here is code snippet.
>
> probe kernel.function ("vfs_write")
> {
>
>         filename = user_string($file->f_dentry->d_name->name)  // for
> 2.6.18 kernel.
>         printf ("%d %s\n",uid,filename)
> }
> I got sample program to get inode number as below
> inode_nr = $file->f_path->dentry->d_inode->i_ino . This I changed to get
> file name, I'm getting file name as empty.
>
> With above program i'm getting file name as unknown.
> My question is does above code snippet is correct to get file name ? If
> not could somebody please let me know the correct implementation.
>
>
I got how to get file name properly.

> filename = user_string($file->f_dentry->d_name->name)  // for 2.6.18
  Here I need to use kernel_string instead of user_string

Regards,
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120412/4770e93f/attachment.html