Gecko [ dataharbor.africa ]

Name	Size	Permission
?;arm	[ DIR ]	drwxr-xr-x
?;arm64	[ DIR ]	drwxr-xr-x
?;i386	[ DIR ]	drwxr-xr-x
?;ia64	[ DIR ]	drwxr-xr-x
?;mips	[ DIR ]	drwxr-xr-x
?;powerpc	[ DIR ]	drwxr-xr-x
?;s390	[ DIR ]	drwxr-xr-x
?;x86_64	[ DIR ]	drwxr-xr-x
atomic.stp	1.53 KB	-rw-r--r--
aux_syscalls.stp	143.78 KB	-rw-r--r--
context-caller.stp	3.07 KB	-rw-r--r--
context-envvar.stp	1.72 KB	-rw-r--r--
context-symbols.stp	11.99 KB	-rw-r--r--
context-unwind.stp	2.81 KB	-rw-r--r--
context.stp	18.57 KB	-rw-r--r--
context.stpm	125 B	-rw-r--r--
conversions-guru.stp	5.74 KB	-rw-r--r--
conversions.stp	15.34 KB	-rw-r--r--
ctime.stp	5.54 KB	-rw-r--r--
dentry.stp	10.11 KB	-rw-r--r--
dev.stp	1.9 KB	-rw-r--r--
endian.stp	602 B	-rw-r--r--
guru-delay.stp	1.2 KB	-rw-r--r--
guru-signal.stp	1.07 KB	-rw-r--r--
inet.stp	1.42 KB	-rw-r--r--
inet.stpm	383 B	-rw-r--r--
inet_sock.stp	1.25 KB	-rw-r--r--
ioblock.stp	15.04 KB	-rw-r--r--
ioscheduler.stp	11.89 KB	-rw-r--r--
ip.stp	5.35 KB	-rw-r--r--
ipmib-filter-default.stp	965 B	-rw-r--r--
ipmib.stp	12.68 KB	-rw-r--r--
irq.stp	5 KB	-rw-r--r--
json.stp	8.98 KB	-rw-r--r--
json.stpm	6.11 KB	-rw-r--r--
kprocess.stp	4.4 KB	-rw-r--r--
kretprobe.stp	2.1 KB	-rw-r--r--
linuxmib-filter-default.stp	876 B	-rw-r--r--
linuxmib.stp	3.63 KB	-rw-r--r--
loadavg.stp	1.95 KB	-rw-r--r--
logging.stp	2.12 KB	-rw-r--r--
memory.stp	18.74 KB	-rw-r--r--
netfilter.stp	35.49 KB	-rw-r--r--
networking.stp	9.37 KB	-rw-r--r--
nfs.stp	38.06 KB	-rw-r--r--
nfs_proc.stp	55.46 KB	-rw-r--r--
nfs_proc.stpm	1.18 KB	-rw-r--r--
nfsd.stp	46.27 KB	-rw-r--r--
nfsderrno.stp	11.7 KB	-rw-r--r--
panic.stp	1.07 KB	-rw-r--r--
perf.stp	5.16 KB	-rw-r--r--
proc_mem.stp	12.05 KB	-rw-r--r--
pstrace.stp	773 B	-rw-r--r--
rcu.stp	928 B	-rw-r--r--
rlimit.stp	1.35 KB	-rw-r--r--
rpc.stp	37.67 KB	-rw-r--r--
scheduler.stp	11.36 KB	-rw-r--r--
scsi.stp	9.47 KB	-rw-r--r--
signal.stp	28.69 KB	-rw-r--r--
socket.stp	34.2 KB	-rw-r--r--
sysc_accept.stp	7.32 KB	-rw-r--r--
sysc_accept4.stp	7.24 KB	-rw-r--r--
sysc_access.stp	2.45 KB	-rw-r--r--
sysc_acct.stp	2.18 KB	-rw-r--r--
sysc_add_key.stp	2.91 KB	-rw-r--r--
sysc_adjtimex.stp	5.28 KB	-rw-r--r--
sysc_alarm.stp	2.52 KB	-rw-r--r--
sysc_bdflush.stp	2.75 KB	-rw-r--r--
sysc_bind.stp	6.43 KB	-rw-r--r--
sysc_bpf.stp	2.33 KB	-rw-r--r--
sysc_brk.stp	2.33 KB	-rw-r--r--
sysc_capget.stp	2.71 KB	-rw-r--r--
sysc_capset.stp	2.71 KB	-rw-r--r--
sysc_chdir.stp	2.23 KB	-rw-r--r--
sysc_chmod.stp	2.51 KB	-rw-r--r--
sysc_chown.stp	3.27 KB	-rw-r--r--
sysc_chown16.stp	2.61 KB	-rw-r--r--
sysc_chroot.stp	2.29 KB	-rw-r--r--
sysc_clock_adjtime.stp	4.72 KB	-rw-r--r--
sysc_clock_getres.stp	3.82 KB	-rw-r--r--
sysc_clock_gettime.stp	3.62 KB	-rw-r--r--
sysc_clock_nanosleep.stp	7.25 KB	-rw-r--r--
sysc_clock_settime.stp	5.02 KB	-rw-r--r--
sysc_clone.stp	6.19 KB	-rw-r--r--
sysc_close.stp	2.47 KB	-rw-r--r--
sysc_connect.stp	6.82 KB	-rw-r--r--
sysc_copy_file_range.stp	3.15 KB	-rw-r--r--
sysc_creat.stp	2.28 KB	-rw-r--r--
sysc_delete_module.stp	2.87 KB	-rw-r--r--
sysc_dup.stp	2.09 KB	-rw-r--r--
sysc_dup2.stp	2.63 KB	-rw-r--r--
sysc_dup3.stp	2.66 KB	-rw-r--r--
sysc_epoll_create.stp	5.29 KB	-rw-r--r--
sysc_epoll_ctl.stp	3.5 KB	-rw-r--r--
sysc_epoll_pwait.stp	3.49 KB	-rw-r--r--
sysc_epoll_wait.stp	4.33 KB	-rw-r--r--
sysc_eventfd.stp	4.86 KB	-rw-r--r--
sysc_execve.stp	6.11 KB	-rw-r--r--
sysc_execveat.stp	6.78 KB	-rw-r--r--
sysc_exit.stp	1.54 KB	-rw-r--r--
sysc_exit_group.stp	1.66 KB	-rw-r--r--
sysc_faccessat.stp	3.2 KB	-rw-r--r--
sysc_fadvise64.stp	7.43 KB	-rw-r--r--
sysc_fallocate.stp	3.29 KB	-rw-r--r--
sysc_fanotify_init.stp	3.02 KB	-rw-r--r--
sysc_fanotify_mark.stp	5.75 KB	-rw-r--r--
sysc_fchdir.stp	2.23 KB	-rw-r--r--
sysc_fchmod.stp	2.52 KB	-rw-r--r--
sysc_fchmodat.stp	3.2 KB	-rw-r--r--
sysc_fchown.stp	3.28 KB	-rw-r--r--
sysc_fchown16.stp	2.59 KB	-rw-r--r--
sysc_fchownat.stp	3.24 KB	-rw-r--r--
sysc_fcntl.stp	4.37 KB	-rw-r--r--
sysc_fdatasync.stp	2.39 KB	-rw-r--r--
sysc_fgetxattr.stp	2.94 KB	-rw-r--r--
sysc_finit_module.stp	2.86 KB	-rw-r--r--
sysc_flistxattr.stp	2.61 KB	-rw-r--r--
sysc_flock.stp	2.28 KB	-rw-r--r--
sysc_fork.stp	2.53 KB	-rw-r--r--
sysc_fremovexattr.stp	2.73 KB	-rw-r--r--
sysc_fsetxattr.stp	3.34 KB	-rw-r--r--
sysc_fstat.stp	5.76 KB	-rw-r--r--
sysc_fstatat.stp	5.21 KB	-rw-r--r--
sysc_fstatfs.stp	2.94 KB	-rw-r--r--
sysc_fstatfs64.stp	2.86 KB	-rw-r--r--
sysc_fsync.stp	2.18 KB	-rw-r--r--
sysc_ftruncate.stp	5.54 KB	-rw-r--r--
sysc_futex.stp	5.11 KB	-rw-r--r--
sysc_futimesat.stp	5.91 KB	-rw-r--r--
sysc_get_mempolicy.stp	4.1 KB	-rw-r--r--
sysc_get_robust_list.stp	4.12 KB	-rw-r--r--
sysc_getcpu.stp	2.63 KB	-rw-r--r--
sysc_getcwd.stp	2.43 KB	-rw-r--r--
sysc_getdents.stp	5.18 KB	-rw-r--r--
sysc_getegid.stp	3.46 KB	-rw-r--r--
sysc_geteuid.stp	3.4 KB	-rw-r--r--
sysc_getgid.stp	3.32 KB	-rw-r--r--
sysc_getgroups.stp	3.91 KB	-rw-r--r--
sysc_gethostname.stp	1.22 KB	-rw-r--r--
sysc_getitimer.stp	4.87 KB	-rw-r--r--
sysc_getpeername.stp	7.01 KB	-rw-r--r--
sysc_getpgid.stp	2.6 KB	-rw-r--r--
sysc_getpgrp.stp	2.04 KB	-rw-r--r--
sysc_getpid.stp	1.98 KB	-rw-r--r--
sysc_getppid.stp	2.06 KB	-rw-r--r--
sysc_getpriority.stp	2.62 KB	-rw-r--r--
sysc_getrandom.stp	2.72 KB	-rw-r--r--
sysc_getresgid.stp	3.73 KB	-rw-r--r--
sysc_getresuid.stp	3.54 KB	-rw-r--r--
sysc_getrlimit.stp	4.08 KB	-rw-r--r--
sysc_getrusage.stp	3.45 KB	-rw-r--r--
sysc_getsid.stp	2.26 KB	-rw-r--r--
sysc_getsockname.stp	7.03 KB	-rw-r--r--
sysc_getsockopt.stp	7.88 KB	-rw-r--r--
sysc_gettid.stp	2.01 KB	-rw-r--r--
sysc_gettimeofday.stp	3.7 KB	-rw-r--r--
sysc_getuid.stp	3.35 KB	-rw-r--r--
sysc_getxattr.stp	3 KB	-rw-r--r--
sysc_init_module.stp	2.76 KB	-rw-r--r--
sysc_inotify_add_watch.stp	3.25 KB	-rw-r--r--
sysc_inotify_init.stp	5.26 KB	-rw-r--r--
sysc_inotify_rm_watch.stp	2.89 KB	-rw-r--r--
sysc_io_cancel.stp	2.85 KB	-rw-r--r--
sysc_io_destroy.stp	2.5 KB	-rw-r--r--
sysc_io_getevents.stp	4.25 KB	-rw-r--r--
sysc_io_setup.stp	3.43 KB	-rw-r--r--
sysc_io_submit.stp	3.46 KB	-rw-r--r--
sysc_ioctl.stp	3.12 KB	-rw-r--r--
sysc_ioperm.stp	2.41 KB	-rw-r--r--
sysc_ioprio_get.stp	2.65 KB	-rw-r--r--
sysc_ioprio_set.stp	2.82 KB	-rw-r--r--
sysc_kcmp.stp	2.51 KB	-rw-r--r--
sysc_kexec_file_load.stp	3.35 KB	-rw-r--r--
sysc_kexec_load.stp	3.96 KB	-rw-r--r--
sysc_keyctl.stp	3.16 KB	-rw-r--r--
sysc_kill.stp	2.25 KB	-rw-r--r--
sysc_lchown.stp	3.34 KB	-rw-r--r--
sysc_lchown16.stp	2.66 KB	-rw-r--r--
sysc_lgetxattr.stp	3.05 KB	-rw-r--r--
sysc_link.stp	2.34 KB	-rw-r--r--
sysc_linkat.stp	3.26 KB	-rw-r--r--
sysc_listen.stp	6.17 KB	-rw-r--r--
sysc_listxattr.stp	2.72 KB	-rw-r--r--
sysc_llistxattr.stp	2.78 KB	-rw-r--r--
sysc_llseek.stp	2.81 KB	-rw-r--r--
sysc_lookup_dcookie.stp	3.39 KB	-rw-r--r--
sysc_lremovexattr.stp	3.11 KB	-rw-r--r--
sysc_lseek.stp	3.98 KB	-rw-r--r--
sysc_lsetxattr.stp	3.22 KB	-rw-r--r--
sysc_lstat.stp	5.91 KB	-rw-r--r--
sysc_madvise.stp	2.55 KB	-rw-r--r--
sysc_mbind.stp	3.69 KB	-rw-r--r--
sysc_membarrier.stp	2.65 KB	-rw-r--r--
sysc_memfd_create.stp	2.77 KB	-rw-r--r--
sysc_migrate_pages.stp	3.83 KB	-rw-r--r--
sysc_mincore.stp	2.47 KB	-rw-r--r--
sysc_mkdir.stp	2.38 KB	-rw-r--r--
sysc_mkdirat.stp	2.92 KB	-rw-r--r--
sysc_mknod.stp	2.45 KB	-rw-r--r--
sysc_mknodat.stp	3.07 KB	-rw-r--r--
sysc_mlock.stp	2.27 KB	-rw-r--r--
sysc_mlock2.stp	2.47 KB	-rw-r--r--
sysc_mlockall.stp	2.46 KB	-rw-r--r--
sysc_mmap2.stp	5.45 KB	-rw-r--r--
sysc_modify_ldt.stp	2.67 KB	-rw-r--r--
sysc_mount.stp	3.53 KB	-rw-r--r--
sysc_move_pages.stp	4.09 KB	-rw-r--r--
sysc_mprotect.stp	2.55 KB	-rw-r--r--
sysc_mq_getsetattr.stp	3.95 KB	-rw-r--r--
sysc_mq_notify.stp	3.51 KB	-rw-r--r--
sysc_mq_open.stp	4.54 KB	-rw-r--r--
sysc_mq_timedreceive.stp	5.18 KB	-rw-r--r--
sysc_mq_timedsend.stp	4.96 KB	-rw-r--r--
sysc_mq_unlink.stp	2.53 KB	-rw-r--r--
sysc_mremap.stp	3.01 KB	-rw-r--r--
sysc_msgctl.stp	7.35 KB	-rw-r--r--
sysc_msgget.stp	3.73 KB	-rw-r--r--
sysc_msgrcv.stp	9.48 KB	-rw-r--r--
sysc_msgsnd.stp	7.81 KB	-rw-r--r--
sysc_msync.stp	2.44 KB	-rw-r--r--
sysc_munlock.stp	2.39 KB	-rw-r--r--
sysc_munlockall.stp	2.29 KB	-rw-r--r--
sysc_munmap.stp	2.35 KB	-rw-r--r--
sysc_name_to_handle_at.stp	3.46 KB	-rw-r--r--
sysc_nanosleep.stp	5.22 KB	-rw-r--r--
sysc_nfsservctl.stp	2.23 KB	-rw-r--r--
sysc_ni_syscall.stp	1.4 KB	-rw-r--r--
sysc_nice.stp	2.15 KB	-rw-r--r--
sysc_open.stp	3.79 KB	-rw-r--r--
sysc_open_by_handle_at.stp	3.8 KB	-rw-r--r--
sysc_openat.stp	3.34 KB	-rw-r--r--
sysc_pause.stp	2.5 KB	-rw-r--r--
sysc_perf_event_open.stp	3.24 KB	-rw-r--r--
sysc_personality.stp	2.74 KB	-rw-r--r--
sysc_pipe.stp	9.86 KB	-rw-r--r--
sysc_pivot_root.stp	2.71 KB	-rw-r--r--
sysc_poll.stp	2.35 KB	-rw-r--r--
sysc_ppoll.stp	5.38 KB	-rw-r--r--
sysc_prctl.stp	2.48 KB	-rw-r--r--
sysc_pread.stp	4.51 KB	-rw-r--r--
sysc_preadv.stp	4.12 KB	-rw-r--r--
sysc_preadv2.stp	4.48 KB	-rw-r--r--
sysc_prlimit64.stp	2.97 KB	-rw-r--r--
sysc_process_vm_readv.stp	4.08 KB	-rw-r--r--
sysc_process_vm_writev.stp	4.13 KB	-rw-r--r--
sysc_pselect6.stp	5.62 KB	-rw-r--r--
sysc_pselect7.stp	3.58 KB	-rw-r--r--
sysc_ptrace.stp	3.18 KB	-rw-r--r--
sysc_pwrite.stp	6.27 KB	-rw-r--r--
sysc_pwritev.stp	4.23 KB	-rw-r--r--
sysc_pwritev2.stp	4.58 KB	-rw-r--r--
sysc_quotactl.stp	4 KB	-rw-r--r--
sysc_read.stp	3.29 KB	-rw-r--r--
sysc_readahead.stp	3.02 KB	-rw-r--r--
sysc_readdir.stp	3.6 KB	-rw-r--r--
sysc_readlink.stp	2.59 KB	-rw-r--r--
sysc_readlinkat.stp	3.24 KB	-rw-r--r--
sysc_readv.stp	3.07 KB	-rw-r--r--
sysc_reboot.stp	2.77 KB	-rw-r--r--
sysc_recv.stp	6.7 KB	-rw-r--r--
sysc_recvfrom.stp	7.82 KB	-rw-r--r--
sysc_recvmmsg.stp	5.84 KB	-rw-r--r--
sysc_recvmsg.stp	10.35 KB	-rw-r--r--
sysc_remap_file_pages.stp	3.37 KB	-rw-r--r--
sysc_removexattr.stp	2.75 KB	-rw-r--r--
sysc_rename.stp	2.48 KB	-rw-r--r--
sysc_renameat.stp	3.3 KB	-rw-r--r--
sysc_renameat2.stp	3.61 KB	-rw-r--r--
sysc_request_key.stp	3.23 KB	-rw-r--r--
sysc_restart_syscall.stp	2.5 KB	-rw-r--r--
sysc_rmdir.stp	2.25 KB	-rw-r--r--
sysc_rt_sigaction.stp	6.2 KB	-rw-r--r--
sysc_rt_sigpending.stp	4.35 KB	-rw-r--r--
sysc_rt_sigprocmask.stp	7.87 KB	-rw-r--r--
sysc_rt_sigqueueinfo.stp	4.26 KB	-rw-r--r--
sysc_rt_sigreturn.stp	1.6 KB	-rw-r--r--
sysc_rt_sigsuspend.stp	3.45 KB	-rw-r--r--
sysc_rt_sigtimedwait.stp	5.08 KB	-rw-r--r--
sysc_rt_tgsigqueueinfo.stp	3.92 KB	-rw-r--r--
sysc_sched_get_priority_max.st...	3.26 KB	-rw-r--r--
sysc_sched_get_priority_min.st...	3.26 KB	-rw-r--r--
sysc_sched_getaffinity.stp	3.62 KB	-rw-r--r--
sysc_sched_getattr.stp	3.05 KB	-rw-r--r--
sysc_sched_getparam.stp	2.84 KB	-rw-r--r--
sysc_sched_getscheduler.stp	2.94 KB	-rw-r--r--
sysc_sched_rr_get_interval.stp	4.41 KB	-rw-r--r--
sysc_sched_setaffinity.stp	3.49 KB	-rw-r--r--
sysc_sched_setattr.stp	2.98 KB	-rw-r--r--
sysc_sched_setparam.stp	2.83 KB	-rw-r--r--
sysc_sched_setscheduler.stp	3.2 KB	-rw-r--r--
sysc_sched_yield.stp	2.26 KB	-rw-r--r--
sysc_seccomp.stp	2.76 KB	-rw-r--r--
sysc_select.stp	5.55 KB	-rw-r--r--
sysc_semctl.stp	7.22 KB	-rw-r--r--
sysc_semget.stp	3.79 KB	-rw-r--r--
sysc_semop.stp	4.73 KB	-rw-r--r--
sysc_semtimedop.stp	8.8 KB	-rw-r--r--
sysc_send.stp	6.81 KB	-rw-r--r--
sysc_sendfile.stp	4.38 KB	-rw-r--r--
sysc_sendmmsg.stp	8.61 KB	-rw-r--r--
sysc_sendmsg.stp	11.48 KB	-rw-r--r--
sysc_sendto.stp	7.66 KB	-rw-r--r--
sysc_set_mempolicy.stp	3.69 KB	-rw-r--r--
sysc_set_robust_list.stp	3.92 KB	-rw-r--r--
sysc_set_tid_address.stp	2.83 KB	-rw-r--r--
sysc_setdomainname.stp	3.04 KB	-rw-r--r--
sysc_setfsgid.stp	4.43 KB	-rw-r--r--
sysc_setfsuid.stp	4.48 KB	-rw-r--r--
sysc_setgid.stp	4.23 KB	-rw-r--r--
sysc_setgroups.stp	4.1 KB	-rw-r--r--
sysc_sethostname.stp	2.72 KB	-rw-r--r--
sysc_setitimer.stp	5.61 KB	-rw-r--r--
sysc_setns.stp	2.34 KB	-rw-r--r--
sysc_setpgid.stp	2.41 KB	-rw-r--r--
sysc_setpriority.stp	2.79 KB	-rw-r--r--
sysc_setregid.stp	5.84 KB	-rw-r--r--
sysc_setresgid.stp	6.12 KB	-rw-r--r--
sysc_setresuid.stp	6.13 KB	-rw-r--r--
sysc_setreuid.stp	5.84 KB	-rw-r--r--
sysc_setrlimit.stp	3.61 KB	-rw-r--r--
sysc_setsid.stp	2.05 KB	-rw-r--r--
sysc_setsockopt.stp	7.77 KB	-rw-r--r--
sysc_settimeofday.stp	6.01 KB	-rw-r--r--
sysc_setuid.stp	4.23 KB	-rw-r--r--
sysc_setxattr.stp	3.12 KB	-rw-r--r--
sysc_sgetmask.stp	2.12 KB	-rw-r--r--
sysc_shmat.stp	5.88 KB	-rw-r--r--
sysc_shmctl.stp	7.23 KB	-rw-r--r--
sysc_shmdt.stp	3.36 KB	-rw-r--r--
sysc_shmget.stp	3.7 KB	-rw-r--r--
sysc_shutdown.stp	6.46 KB	-rw-r--r--
sysc_sigaction.stp	5.2 KB	-rw-r--r--
sysc_sigaltstack.stp	3.83 KB	-rw-r--r--
sysc_signal.stp	2.5 KB	-rw-r--r--
sysc_signalfd.stp	11.53 KB	-rw-r--r--
sysc_sigpending.stp	3.19 KB	-rw-r--r--
sysc_sigprocmask.stp	3.69 KB	-rw-r--r--
sysc_sigreturn.stp	1.43 KB	-rw-r--r--
sysc_sigsuspend.stp	4.22 KB	-rw-r--r--
sysc_socket.stp	6.92 KB	-rw-r--r--
sysc_socketpair.stp	7.68 KB	-rw-r--r--
sysc_splice.stp	2.78 KB	-rw-r--r--
sysc_ssetmask.stp	2.49 KB	-rw-r--r--
sysc_stat.stp	5.91 KB	-rw-r--r--
sysc_statfs.stp	3.02 KB	-rw-r--r--
sysc_statfs64.stp	2.93 KB	-rw-r--r--
sysc_statx.stp	3.4 KB	-rw-r--r--
sysc_stime.stp	2.76 KB	-rw-r--r--
sysc_swapoff.stp	2.41 KB	-rw-r--r--
sysc_swapon.stp	2.6 KB	-rw-r--r--
sysc_symlink.stp	2.52 KB	-rw-r--r--
sysc_symlinkat.stp	3.28 KB	-rw-r--r--
sysc_sync.stp	1.88 KB	-rw-r--r--
sysc_sync_file_range.stp	4.76 KB	-rw-r--r--
sysc_syncfs.stp	2.27 KB	-rw-r--r--
sysc_sysctl.stp	2.78 KB	-rw-r--r--
sysc_sysfs.stp	3.22 KB	-rw-r--r--
sysc_sysinfo.stp	2.95 KB	-rw-r--r--
sysc_syslog.stp	2.41 KB	-rw-r--r--
sysc_tee.stp	2.3 KB	-rw-r--r--
sysc_tgkill.stp	2.48 KB	-rw-r--r--
sysc_time.stp	3.18 KB	-rw-r--r--
sysc_timer_create.stp	4.39 KB	-rw-r--r--
sysc_timer_delete.stp	2.61 KB	-rw-r--r--
sysc_timer_getoverrun.stp	2.86 KB	-rw-r--r--
sysc_timer_gettime.stp	4.15 KB	-rw-r--r--
sysc_timer_settime.stp	5.33 KB	-rw-r--r--
sysc_timerfd.stp	1.79 KB	-rw-r--r--
sysc_timerfd_create.stp	2.99 KB	-rw-r--r--
sysc_timerfd_gettime.stp	3.79 KB	-rw-r--r--
sysc_timerfd_settime.stp	4.71 KB	-rw-r--r--
sysc_times.stp	2.84 KB	-rw-r--r--
sysc_tkill.stp	2.35 KB	-rw-r--r--
sysc_truncate.stp	5.25 KB	-rw-r--r--
sysc_tux.stp	1.04 KB	-rw-r--r--
sysc_umask.stp	2.22 KB	-rw-r--r--
sysc_umount.stp	4.5 KB	-rw-r--r--
sysc_uname.stp	4.77 KB	-rw-r--r--
sysc_unlink.stp	2.38 KB	-rw-r--r--
sysc_unlinkat.stp	2.79 KB	-rw-r--r--
sysc_unshare.stp	2.48 KB	-rw-r--r--
sysc_uselib.stp	2.39 KB	-rw-r--r--
sysc_userfaultfd.stp	2.68 KB	-rw-r--r--
sysc_ustat.stp	4.77 KB	-rw-r--r--
sysc_utime.stp	5.37 KB	-rw-r--r--
sysc_utimensat.stp	6.16 KB	-rw-r--r--
sysc_utimes.stp	5.29 KB	-rw-r--r--
sysc_vfork.stp	1.98 KB	-rw-r--r--
sysc_vhangup.stp	2.08 KB	-rw-r--r--
sysc_vmsplice.stp	5.56 KB	-rw-r--r--
sysc_wait4.stp	4.55 KB	-rw-r--r--
sysc_waitid.stp	3.68 KB	-rw-r--r--
sysc_waitpid.stp	3.02 KB	-rw-r--r--
sysc_write.stp	3.5 KB	-rw-r--r--
sysc_writev.stp	3.22 KB	-rw-r--r--
syscall_any.stp	1.52 KB	-rw-r--r--
syscall_table.stp	1.44 KB	-rw-r--r--
syscalls.stpm	13.78 KB	-rw-r--r--
syscalls_cfg_trunc.stp	111 B	-rw-r--r--
target_set.stp	1.73 KB	-rw-r--r--
task.stp	22.21 KB	-rw-r--r--
task.stpm	253 B	-rw-r--r--
task_ancestry.stp	1.58 KB	-rw-r--r--
task_time.stp	7.68 KB	-rw-r--r--
tcp.stp	22.11 KB	-rw-r--r--
tcpmib-filter-default.stp	885 B	-rw-r--r--
tcpmib.stp	10.57 KB	-rw-r--r--
timestamp.stp	1.72 KB	-rw-r--r--
timestamp_gtod.stp	1.59 KB	-rw-r--r--
timestamp_monotonic.stp	5.46 KB	-rw-r--r--
tty.stp	7.18 KB	-rw-r--r--
tzinfo.stp	803 B	-rw-r--r--
ucontext-symbols.stp	8.63 KB	-rw-r--r--
ucontext-unwind.stp	3.64 KB	-rw-r--r--
ucontext.stp	2.18 KB	-rw-r--r--
udp.stp	5.95 KB	-rw-r--r--
utrace.stp	1.33 KB	-rw-r--r--
vfs.stp	32.43 KB	-rw-r--r--

Code Editor : netfilter.stp

/* netfilter.stp - netfilter hook tapset
 *
 * Copyright (C) 2012, 2017-2018 Red Hat Inc.
 * <tapsetdescription>
 * This family of probe points provides a simple way to examine network traffic using the netfilter hooks mechanism.
 * </tapsetdescription>
 */

// See the BZ1546179 block comment in tapset/linux/networking.stp for
// an explanation of the try/catch statements around sk_buff structure
// accesses.

/* The below functionality is mostly inspired by tcp.stp and networking.stp. */

%{
#include <linux/in.h>
#include <linux/skbuff.h>
#include <linux/netfilter_arp.h>
#include <linux/if_arp.h>
#include <net/ipv6.h>
#include <net/llc_pdu.h>
#include <linux/llc.h>
%}

# XXX: IPPROTO_* and NF_* constants should be secure globals -- needs PR10607
  # ... currently we use a hideous copypasta hack which defines them as
  # locals in each probe alias. Blegh

@__private30 function __mac_addr_to_string:string(addr:long) {
         return sprintf("%02x:%02x:%02x:%02x:%02x:%02x",
                        kernel_char(addr)&255, kernel_char(addr+1)&255,
                        kernel_char(addr+2)&255, kernel_char(addr+3)&255,
                        kernel_char(addr+4)&255, kernel_char(addr+5)&255)
}

@__private30 function __get_mac_addr:string(addr:long) {
         return __mac_addr_to_string(@cast(addr, "struct net_device", "kernel<linux/netdevice.h>")->dev_addr)
}

@__private30 function __get_skb_arphdr:long(addr:long)
{
        // The method is exactly the same as for an IP header:
        return __get_skb_iphdr(addr)
}

/* returns the bridge header for kernel >= 2.6.21 */
@__private30 function __get_skb_brhdr_new:long(skb:long)
%{ /* pure */
    struct sk_buff *skb;
    skb = (struct sk_buff *)(uintptr_t)STAP_ARG_skb;
    /* as done by skb_network_header() */
    #ifdef NET_SKBUFF_DATA_USES_OFFSET
        STAP_RETVALUE = (long)(kread(&(skb->head)) + kread(&(skb->network_header)) + sizeof(struct llc_pdu_un));
    #else
        STAP_RETVALUE = (long)(kread(&(skb->network_header)) + sizeof(struct llc_pdu_un));
    #endif
    CATCH_DEREF_FAULT();
%}

/* returns the bridge header for a given sk_buff structure */
@__private30 function __get_skb_brhdr:long(skb:long)
{
%( kernel_v < "2.6.21" %?
	brhdr = @cast(skb, "sk_buff")->mac->raw + %{ /* pure */ sizeof(struct llc_pdu_un) %}
	return brhdr
%:
	return __get_skb_brhdr_new(skb)
%)
}

/* returns llc_pdu_un for a given sk_buff structure */
@__private30 function __get_skb_llc:long(skb:long)
%{ /* pure */
    struct sk_buff *skb;
    skb = (struct sk_buff *)(uintptr_t)STAP_ARG_skb;
    /* as done by skb_network_header() */
    #ifdef NET_SKBUFF_DATA_USES_OFFSET
        STAP_RETVALUE = (long)(kread(&(skb->head)) + kread(&(skb->network_header)));
    #else
        STAP_RETVALUE = (long)kread(&(skb->network_header));
    #endif
    CATCH_DEREF_FAULT();
%}

@__private30 function __ip6_skb_proto:long(addr:long)
%{ /* pure */
   struct sk_buff *skb = (struct sk_buff *)(uintptr_t)STAP_ARG_addr;
   struct ipv6hdr *hdr;
   u8 nexthdr;

/* We call deref() here to ensure the memory at the skb location
    * is valid to read, to avoid potential kernel panic calling ipv6_hdr(). */
   (void)kderef_buffer(NULL, skb, sizeof(struct sk_buff));
   hdr = ipv6_hdr(skb);
   nexthdr = kread(&(hdr->nexthdr));

if (ipv6_ext_hdr(nexthdr)) {
#if LINUX_VERSION_CODE < KERNEL_VERSION(3,3,0)
     long result = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);     
#else
     __be16 frag_offp;
     int extoff = (u8 *)(hdr + 1) - kread(&(skb->data));
     long result = ipv6_skip_exthdr(skb, extoff, &nexthdr, &frag_offp);
#endif
     STAP_RETVALUE = result < 0 ? 0 : result;
   } else {
     STAP_RETVALUE = 0;
   }
   CATCH_DEREF_FAULT();
%}

private function __skb_nonlinear:long(addr:long)
%{ /* pure */
  struct sk_buff *skb = (struct sk_buff *)(uintptr_t)STAP_ARG_addr;
  STAP_RETVALUE = skb_is_nonlinear(skb);
%}

private function __skb_shinfo:long(addr:long)
%{ /* pure */
  struct sk_buff *skb = (struct sk_buff *)(uintptr_t)STAP_ARG_addr;
  STAP_RETVALUE = (uintptr_t)skb_end_pointer(skb);
%}

private function __skb_frag_size:long(addr:long, frag:long)
%{ /* pure */
  struct skb_shared_info *skb_shr = (struct skb_shared_info *)(uintptr_t)STAP_ARG_addr;
  skb_frag_t skb_frag = skb_shr->frags[STAP_ARG_frag];
  STAP_RETVALUE = skb_frag.size;
%}

private function __skb_frag_data_addr:long(addr:long, frag:long)
%{ /* pure */
  struct skb_shared_info *skb_shr = (struct skb_shared_info *)(uintptr_t)STAP_ARG_addr;
  const skb_frag_t *skb_frag = &skb_shr->frags[STAP_ARG_frag];
  STAP_RETVALUE = (uintptr_t)skb_frag_address_safe(skb_frag);
%}

private function __buffer_data:string(skb:long, str:long)
{
  length = @cast(skb, "struct sk_buff", "kernel<linux/skbuff.h>")->len
  data_length = @cast(skb, "struct sk_buff", "kernel<linux/skbuff.h>")->data_len
  skb_data = @cast(skb, "struct sk_buff", "kernel<linux/skbuff.h>")->data
  headlen = length - data_length /* skb_headlen() */
  data = ""
  if (str) {
    data = kernel_buffer_quoted(skb_data, headlen)
  } else {
    data = sprintf("%.*M", headlen, skb_data)
  }

if (__skb_nonlinear(skb)) {
    shinfo = __skb_shinfo(skb)
    nr_frags = @cast(shinfo, "struct skb_shared_info",
                     "kernel<linux/skbuff.h>")->nr_frags
    for (i = 0; i < nr_frags; i++) {
      frag_size = __skb_frag_size(shinfo, i)
      frag_data_addr = __skb_frag_data_addr(shinfo, i)
      if (str) {
        data .= kernel_buffer_quoted(frag_data_addr, frag_size)
      } else {
        data .= sprintf("%.*M", frag_size, frag_data_addr)
      }
    }
  }
  return data
}

@define netfilter_common_setup(pf_name) %(
        pf = @pf_name

/* XXX not relevant for netfilter.arp & netfilter.bridge probes */
        ipproto_tcp = @const("IPPROTO_TCP")
        ipproto_udp = @const("IPPROTO_UDP")

/* from include/linux/netfilter.h: */
        nf_drop = 0
        nf_accept = 1
        nf_stolen = 2
        nf_queue = 3
        nf_repeat = 4
        nf_stop = 5

indev = & @cast($in, "struct net_device", "kernel<linux/netdevice.h>")
        outdev = & @cast($out, "struct net_device", "kernel<linux/netdevice.h>")
        indev_name = kernel_string(indev->name, "")
        outdev_name = kernel_string(outdev->name, "")

if (indev) {
           indev_mac_len = indev->addr_len
           in_mac = __get_mac_addr(indev)
        }
        if (outdev) {
           outdev_mac_len = outdev->addr_len
           out_mac = __get_mac_addr(outdev)
        }

try {
	   length = @cast($skb, "struct sk_buff", "kernel<linux/skbuff.h>")->len
	} catch { }
	try { data_hex = __buffer_data($skb, 0) } catch { }
	try { data_str = __buffer_data($skb, 1) } catch { }
%)

@define netfilter_ip4_setup %(
        family = @const("AF_INET")
	try {
           iphdr = __get_skb_iphdr($skb)
           saddr = format_ipaddr(__ip_skb_saddr(iphdr), @const("AF_INET"))
           daddr = format_ipaddr(__ip_skb_daddr(iphdr), @const("AF_INET"))
           protocol = __ip_skb_proto(iphdr)
	} catch { }

/* udphdr is in the same place where tcphdr would have been */
           udphdr = & @cast(tcphdr, "udphdr", "kernel<linux/udp.h>")
           if (protocol == ipproto_udp) {
              dport = ntohs(udphdr->dest)
              sport = ntohs(udphdr->source)
           }
	} catch { }
%)

@define netfilter_ip6_setup %(
        family = @const("AF_INET6")
	try {
           iphdr = &@cast(__get_skb_iphdr($skb), "ipv6hdr", "kernel<linux/ipv6.h>")
           saddr = format_ipaddr(&iphdr->saddr, @const("AF_INET6"))
           daddr = format_ipaddr(&iphdr->daddr, @const("AF_INET6"))
           protocol = __ip6_skb_proto($skb)
	} catch { }

try {
           tcphdr = __get_skb_tcphdr($skb)
           if (protocol == ipproto_tcp) {
              dport = __tcp_skb_dport(tcphdr)
              sport = __tcp_skb_sport(tcphdr)
              urg = __tcp_skb_urg(tcphdr)
              ack = __tcp_skb_ack(tcphdr)
              psh = __tcp_skb_psh(tcphdr)
              rst = __tcp_skb_rst(tcphdr)
              syn = __tcp_skb_syn(tcphdr)
              fin = __tcp_skb_fin(tcphdr)
           }
   
           /* udphdr is in the same place where tcphdr would have been */
           udphdr = & @cast(tcphdr, "udphdr", "kernel<linux/udp.h>")
           if (protocol == ipproto_udp) {
              dport = ntohs(udphdr->dest)
              sport = ntohs(udphdr->source)
           }        
	} catch { }
%)

/**
 * probe netfilter.ip.pre_routing - Called before an IP packet is routed
 * @pf: Protocol family - either 'ipv4' or 'ipv6'
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.pre_routing = netfilter.ipv4.pre_routing,
        netfilter.ipv6.pre_routing
{
}

probe netfilter.ipv4.pre_routing
        = netfilter.hook("NF_INET_PRE_ROUTING").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.pre_routing
        = netfilter.hook("NF_IP6_PRE_ROUTING").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.local_in - Called on an incoming IP packet addressed to the local computer
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.local_in = netfilter.ipv4.local_in,
        netfilter.ipv6.local_in
{
}

probe netfilter.ipv4.local_in
        = netfilter.hook("NF_INET_LOCAL_IN").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.local_in
        = netfilter.hook("NF_IP6_LOCAL_IN").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.forward - Called on an incoming IP packet addressed to some other computer
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.forward = netfilter.ipv4.forward,
        netfilter.ipv6.forward
{
}

probe netfilter.ipv4.forward
        = netfilter.hook("NF_INET_FORWARD").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.forward
        = netfilter.hook("NF_IP6_FORWARD").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.local_out - Called on an outgoing IP packet
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.local_out = netfilter.ipv4.local_out,
        netfilter.ipv6.local_out
{
}

probe netfilter.ipv4.local_out
        = netfilter.hook("NF_INET_LOCAL_OUT").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.local_out
        = netfilter.hook("NF_IP6_LOCAL_OUT").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.post_routing - Called immediately before an outgoing IP packet leaves the computer
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.post_routing = netfilter.ipv4.post_routing,
        netfilter.ipv6.local_out
{
}

probe netfilter.ipv4.post_routing
        = netfilter.hook("NF_INET_POST_ROUTING").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.post_routing
        = netfilter.hook("NF_IP6_POST_ROUTING").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

@define netfilter_arp_setup %(
# XXX: include functionality to parse ARP packet contents
	try {
           arphdr = & @cast(__get_skb_arphdr($skb), "struct arphdr", "kernel<linux/if_arp.h>")
           family = @const("NF_ARP") // from linux/netfilter_arp.h
           ar_hrd = ntohs(arphdr->ar_hrd)
           ar_pro = ntohs(arphdr->ar_pro)
           ar_hln = arphdr->ar_hln
           ar_pln = arphdr->ar_pln
           ar_op = ntohs(arphdr->ar_op)
	} catch { }

ar_data = arphdr + 8
        if (ar_hrd == 0x001 && ar_pro == 0x800) {
           /* additional info available for most common (Ethernet+IP) case: */
           ar_sha = __mac_addr_to_string(ar_data)
           ar_sip = format_ipaddr(kernel_int(ar_data + 6), @const("AF_INET"))
           ar_tha = __mac_addr_to_string(ar_data + 10)
           ar_tip =  format_ipaddr(kernel_int(ar_data + 16), @const("AF_INET"))
        }
        /* XXX support for additional cases? */
%)

/**
 * probe netfilter.arp.in -- Called for each incoming ARP packet
 * @pf: Protocol family -- always "arp"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @arphdr: Address of ARP header
 * @ar_hrd: Format of hardware address
 * @ar_pro: Format of protocol address
 * @ar_hln: Length of hardware address
 * @ar_pln: Length of protocol address
 * @ar_op: ARP opcode (command)
 * @ar_data: Address of ARP packet data region (after the header)
 * @ar_sha: Ethernet+IP only (ar_pro==0x800): source hardware (MAC) address 
 * @ar_sip: Ethernet+IP only (ar_pro==0x800): source IP address
 * @ar_tha: Ethernet+IP only (ar_pro==0x800): target hardware (MAC) address
 * @ar_tip: Ethernet+IP only (ar_pro==0x800): target IP address
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.arp.in = netfilter.hook("NF_ARP_IN").pf("NFPROTO_ARP")
{
        @netfilter_common_setup("arp")
        @netfilter_arp_setup
}

/**
 * probe netfilter.arp.out -- Called for each outgoing ARP packet
 * @pf: Protocol family -- always "arp"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @arphdr: Address of ARP header
 * @ar_hrd: Format of hardware address
 * @ar_pro: Format of protocol address
 * @ar_hln: Length of hardware address
 * @ar_pln: Length of protocol address
 * @ar_op: ARP opcode (command)
 * @ar_data: Address of ARP packet data region (after the header)
 * @ar_sha: Ethernet+IP only (ar_pro==0x800): source hardware (MAC) address 
 * @ar_sip: Ethernet+IP only (ar_pro==0x800): source IP address
 * @ar_tha: Ethernet+IP only (ar_pro==0x800): target hardware (MAC) address
 * @ar_tip: Ethernet+IP only (ar_pro==0x800): target IP address
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.arp.out = netfilter.hook("NF_ARP_OUT").pf("NFPROTO_ARP")
{
        @netfilter_common_setup("arp")
        @netfilter_arp_setup
}

/**
 * probe netfilter.arp.forward -- Called for each ARP packet to be forwarded
 * @pf: Protocol family -- always "arp"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @arphdr: Address of ARP header
 * @ar_hrd: Format of hardware address
 * @ar_pro: Format of protocol address
 * @ar_hln: Length of hardware address
 * @ar_pln: Length of protocol address
 * @ar_op: ARP opcode (command)
 * @ar_data: Address of ARP packet data region (after the header)
 * @ar_sha: Ethernet+IP only (ar_pro==0x800): source hardware (MAC) address 
 * @ar_sip: Ethernet+IP only (ar_pro==0x800): source IP address
 * @ar_tha: Ethernet+IP only (ar_pro==0x800): target hardware (MAC) address
 * @ar_tip: Ethernet+IP only (ar_pro==0x800): target IP address
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.arp.forward = netfilter.hook("NF_ARP_FORWARD").pf("NFPROTO_ARP")
{
        @netfilter_common_setup("arp")
        @netfilter_arp_setup
}

@define netfilter_bridge_setup %(
	try {
           llcpdu = &@cast(__get_skb_llc($skb), "struct llc_pdu_un",
			   "kernel<net/llc_pdu.h>")
           brhdr = __get_skb_brhdr($skb)
	} catch { }
        llcproto_stp = @const("LLC_SAP_BSPAN") // from linux/llc.h

if (llcpdu->dsap == llcproto_stp && llcpdu->ssap == llcproto_stp) {
            protocol = llcproto_stp
            br_prid = ntohs(kernel_short(brhdr))
            br_vid = kernel_char(brhdr + 2)
            br_type = kernel_char(brhdr + 3)
            br_flags = kernel_char(brhdr + 4)
            br_rid = kernel_long(brhdr + 5)
            br_rmac = __mac_addr_to_string(brhdr + 7)
            br_cost = ntohl(kernel_int(brhdr + 13))
            br_bid = kernel_long(brhdr + 17)
            br_mac = __mac_addr_to_string(brhdr + 19)
            br_poid = ntohs(kernel_short(brhdr + 25))
            br_msg = ntohs(kernel_short(brhdr + 27))
            br_max = ntohs(kernel_short(brhdr + 29))
            br_htime = ntohs(kernel_short(brhdr + 31))
            br_fd = ntohs(kernel_short(brhdr + 33))
        }
%)

/**
 * probe netfilter.bridge.pre_routing -- Called before a bridging packet is routed
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.pre_routing
        = netfilter.hook("NF_BR_PRE_ROUTING").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.local_in - Called on a bridging packet destined for the local computer
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.local_in
        = netfilter.hook("NF_BR_LOCAL_IN").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.forward - Called on an incoming bridging packet destined for some other computer
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.forward
        = netfilter.hook("NF_BR_FORWARD").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.local_out - Called on a bridging packet coming from a local process
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.local_out
        = netfilter.hook("NF_BR_LOCAL_OUT").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.post_routing -- Called before a bridging packet hits the wire
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.post_routing
        = netfilter.hook("NF_BR_POST_ROUTING").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

${this.title}

Code Editor : netfilter.stp