Dlib Tracer

Wed May 22 19:38:59 1996
Yasushi Saito

Overview

Dlib tracer is an add-on extension to the Dlib service. It peeks at all the system call events destined to the dlib, and it logs the arguments passed to each of them. Then, it sends out the log to a specified machine using the UDP protocol.

This extension is created primarily to demonstrate the flexible systemcall emulation service structure, so it won't serve any practical purpose now.

It's interesting to compare this service with trace command supported in some UNIXes(e.g., Sun OS). rest under construction.

Design and Implementation

The tracer is an extension, and it is invoked in reponse to the MachineTrap.Syscall event. Dlib extension itself and the tracer are both dispatched for a single system call event. The tracer is invoked first(by specifying Dispatcher.Opt.First to Dispatcher.Install). It records the register packet, and passes the control to the next event handler, which is usually the Dlib extension.

When the log becomes full, it is output to a remote host using the UDP protocol. The name of the remote host is specified by the tracer shell command described later.

Actually, the log is managed in circular bounded-buffer style you may see in any textbook. There are fixed number(5) of logs, and the tracer and UDP sender act as the producer and the consumer, respectively.

Using the service

First you have to load the extension. Assuming you've done script -b, all you have to do is 
!>nanny touch tracer
The tracer installs a shell command tracer when it's loaded. All the functions of the tracer can be controlled via this command.
tracer on host
This command installs the tracer, and sets the remote host to be host.
tracer fancy host
This is same as tracer on, except that the tracer uses fancy logging format. Fancy logging format records each system call name(instead of system call number), and for arguments that are supposed to be a text type, it records the text pointed to by the register instead of register value itself. Of course, all these fanciness makes logging very slow.
tracer fake host
This is same as tracer on, except that the tracer doesn't output any packets to the network. This sounds meaningless, but it serves as a basepoint for performance comparison.
tracer off
Uninstalls the tracer handler from the systemcall event.

Remaining Issues

yasushi@cs.washington.edu