ileonte snoop-cvs # cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snoop login
Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/snoop
CVS password:
ileonte snoop-cvs # cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snoop co -P snoop
cvs checkout: Updating snoop
U snoop/AUTHORS
U snoop/COPYING
U snoop/ChangeLog
U snoop/INSTALL
U snoop/Makefile.am
U snoop/NEWS
U snoop/README
U snoop/autogen.sh
U snoop/configure.in
cvs checkout: Updating snoop/autoconf
U snoop/autoconf/Makefile.am
cvs checkout: Updating snoop/kernel
U snoop/kernel/Makefile.am
cvs checkout: Updating snoop/kernel/Linux
U snoop/kernel/Linux/Makefile.am
cvs checkout: Updating snoop/kernel/Linux/2.6
U snoop/kernel/Linux/2.6/Makefile.in
U snoop/kernel/Linux/2.6/snoop.c
U snoop/kernel/Linux/2.6/snoop.h
cvs checkout: Updating snoop/src
U snoop/src/Makefile.am
U snoop/src/snoop.c
ileonte snoop-cvs # cd snoop
ileonte snoop # ./auto
autoconf/ autogen.sh
ileonte snoop # ./autogen.sh
+ aclocal -I autoconf
/usr/share/aclocal/xdelta.m4:7: warning: underquoted definition of AM_PATH_XDELTA
run info '(automake)Extending aclocal'
or see http://sources.redhat.com/automake/automake.html#Extending-aclocal
/usr/share/aclocal/wxwin.m4:36: warning: underquoted definition of AM_OPTIONS_WXCONFIG
/usr/share/aclocal/wxwin.m4:59: warning: underquoted definition of AM_PATH_WXCONFIG
/usr/share/aclocal/pth.m4:43: warning: underquoted definition of _AC_PTH_ERROR
/usr/share/aclocal/pth.m4:54: warning: underquoted definition of _AC_PTH_VERBOSE
/usr/share/aclocal/pth.m4:60: warning: underquoted definition of AC_CHECK_PTH
/usr/share/aclocal/libmikmod.m4:11: warning: underquoted definition of AM_PATH_LIBMIKMOD
/usr/share/aclocal/libmcrypt.m4:17: warning: underquoted definition of AM_PATH_LIBMCRYPT
/usr/share/aclocal/libfame.m4:6: warning: underquoted definition of AM_PATH_LIBFAME
/usr/share/aclocal/imlib.m4:9: warning: underquoted definition of AM_PATH_IMLIB
/usr/share/aclocal/imlib.m4:167: warning: underquoted definition of AM_PATH_GDK_IMLIB
/usr/share/aclocal/gtk.m4:7: warning: underquoted definition of AM_PATH_GTK
/usr/share/aclocal/glib.m4:8: warning: underquoted definition of AM_PATH_GLIB
/usr/share/aclocal/audiofile.m4:12: warning: underquoted definition of AM_PATH_AUDIOFILE
+ autoheader
+ automake --add-missing --copy
configure.in: installing `autoconf/install-sh'
configure.in: installing `autoconf/missing'
configure.in:5: installing `autoconf/config.guess'
configure.in:5: installing `autoconf/config.sub'
src/Makefile.am: installing `autoconf/depcomp'
+ autoconf
ileonte snoop # ./configure
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking OS... Linux
checking kernel... 2.6.11-ck8-r1
checking kernel support... supported in kernel/Linux/2.6
checking kernel sources... found in /lib/modules/2.6.11-ck8-r1/build
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for a BSD-compatible install... /bin/install -c
configure: creating ./config.status
config.status: creating Makefile
config.status: creating autoconf/Makefile
config.status: creating src/Makefile
config.status: creating kernel/Makefile
config.status: creating kernel/Linux/Makefile
config.status: creating kernel/Linux/2.6/Makefile
config.status: creating config.h
config.status: executing depfiles commands
ileonte snoop # make
make all-recursive
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
Making all in kernel
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making all in Linux
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
Making all in 2.6
make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
make -C /lib/modules/2.6.11-ck8-r1/build M=/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6 modules
make[5]: Entering directory `/usr/src/linux-2.6.11-ck8-r1'
CC [M] /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.o
Building modules, stage 2.
MODPOST
CC /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.mod.o
LD [M] /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.ko
make[5]: Leaving directory `/usr/src/linux-2.6.11-ck8-r1'
make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[4]: Nothing to be done for `all-am'.
make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[3]: Nothing to be done for `all-am'.
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making all in src
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -MT snoop.o -MD -MP -MF ".deps/snoop.Tpo" -c -o snoop.o snoop.c; \
then mv -f ".deps/snoop.Tpo" ".deps/snoop.Po"; else rm -f ".deps/snoop.Tpo"; exit 1; fi
gcc -g -O2 -o snoop snoop.o
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[2]: Nothing to be done for `all-am'.
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
ileonte snoop # make install
Making install in kernel
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making install in Linux
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
Making install in 2.6
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
install snoop.ko /lib/modules/2.6.11-ck8-r1/kernel/drivers/char
/sbin/depmod -a
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making install in src
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
/bin/install -c 'snoop' '/usr/local/bin/snoop'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
read(): Invalid argument
^^^^^^^^^^
this means the snoop dev is not attached to any file descriptor. probably nobody has /home/gargoylle_ltk/test.elm open.
snoop can only attach to already open FDs, so try attaching to something you know for sure is open.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
just checked out snoop on my computer at home. compilation works ok. installation needs a bit of tweeking (as far as I can tell the install script assumes that /lib//modules/${kernel_version}/drivers/char exists and is a directory which is not always true - I for example only have one other module build, the nvidia driver, so no drivers/char for me). anyway, after installing the module and modprobing:
I use Gentoo on all my machines which in turn uses devfsd. after running mknod and writing a 10-line program that keeps a file open I've finally managed to get it to work.
as a side note, I think it would be of greater practical utility to be able to watch a file rather than a file descriptor
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
agreed, but keep in mind that the original idea was to snoop on the fly some user's tty/pty. the ability to snoop any open file is just an implementation side effect (think of it as a bonus;).
i'm investigating the permanent "attach-to-inode/filename" feature but there's a lot of usability/polishing work i've got to do first.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
not sure whether this is a bug or I'm doing something wrong but I just can't get snoop to work. Here's what happens:
====================================================
ileonte snoop-cvs # pwd
/home/gargoylle_ltk/tmp/snoop-cvs
ileonte snoop-cvs # cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snoop login
Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/snoop
CVS password:
ileonte snoop-cvs # cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snoop co -P snoop
cvs checkout: Updating snoop
U snoop/AUTHORS
U snoop/COPYING
U snoop/ChangeLog
U snoop/INSTALL
U snoop/Makefile.am
U snoop/NEWS
U snoop/README
U snoop/autogen.sh
U snoop/configure.in
cvs checkout: Updating snoop/autoconf
U snoop/autoconf/Makefile.am
cvs checkout: Updating snoop/kernel
U snoop/kernel/Makefile.am
cvs checkout: Updating snoop/kernel/Linux
U snoop/kernel/Linux/Makefile.am
cvs checkout: Updating snoop/kernel/Linux/2.6
U snoop/kernel/Linux/2.6/Makefile.in
U snoop/kernel/Linux/2.6/snoop.c
U snoop/kernel/Linux/2.6/snoop.h
cvs checkout: Updating snoop/src
U snoop/src/Makefile.am
U snoop/src/snoop.c
ileonte snoop-cvs # cd snoop
ileonte snoop # ./auto
autoconf/ autogen.sh
ileonte snoop # ./autogen.sh
+ aclocal -I autoconf
/usr/share/aclocal/xdelta.m4:7: warning: underquoted definition of AM_PATH_XDELTA
run info '(automake)Extending aclocal'
or see http://sources.redhat.com/automake/automake.html#Extending-aclocal
/usr/share/aclocal/wxwin.m4:36: warning: underquoted definition of AM_OPTIONS_WXCONFIG
/usr/share/aclocal/wxwin.m4:59: warning: underquoted definition of AM_PATH_WXCONFIG
/usr/share/aclocal/pth.m4:43: warning: underquoted definition of _AC_PTH_ERROR
/usr/share/aclocal/pth.m4:54: warning: underquoted definition of _AC_PTH_VERBOSE
/usr/share/aclocal/pth.m4:60: warning: underquoted definition of AC_CHECK_PTH
/usr/share/aclocal/libmikmod.m4:11: warning: underquoted definition of AM_PATH_LIBMIKMOD
/usr/share/aclocal/libmcrypt.m4:17: warning: underquoted definition of AM_PATH_LIBMCRYPT
/usr/share/aclocal/libfame.m4:6: warning: underquoted definition of AM_PATH_LIBFAME
/usr/share/aclocal/imlib.m4:9: warning: underquoted definition of AM_PATH_IMLIB
/usr/share/aclocal/imlib.m4:167: warning: underquoted definition of AM_PATH_GDK_IMLIB
/usr/share/aclocal/gtk.m4:7: warning: underquoted definition of AM_PATH_GTK
/usr/share/aclocal/glib.m4:8: warning: underquoted definition of AM_PATH_GLIB
/usr/share/aclocal/audiofile.m4:12: warning: underquoted definition of AM_PATH_AUDIOFILE
+ autoheader
+ automake --add-missing --copy
configure.in: installing `autoconf/install-sh'
configure.in: installing `autoconf/missing'
configure.in:5: installing `autoconf/config.guess'
configure.in:5: installing `autoconf/config.sub'
src/Makefile.am: installing `autoconf/depcomp'
+ autoconf
ileonte snoop # ./configure
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking OS... Linux
checking kernel... 2.6.11-ck8-r1
checking kernel support... supported in kernel/Linux/2.6
checking kernel sources... found in /lib/modules/2.6.11-ck8-r1/build
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for a BSD-compatible install... /bin/install -c
configure: creating ./config.status
config.status: creating Makefile
config.status: creating autoconf/Makefile
config.status: creating src/Makefile
config.status: creating kernel/Makefile
config.status: creating kernel/Linux/Makefile
config.status: creating kernel/Linux/2.6/Makefile
config.status: creating config.h
config.status: executing depfiles commands
ileonte snoop # make
make all-recursive
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
Making all in kernel
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making all in Linux
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
Making all in 2.6
make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
make -C /lib/modules/2.6.11-ck8-r1/build M=/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6 modules
make[5]: Entering directory `/usr/src/linux-2.6.11-ck8-r1'
CC [M] /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.o
Building modules, stage 2.
MODPOST
CC /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.mod.o
LD [M] /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.ko
make[5]: Leaving directory `/usr/src/linux-2.6.11-ck8-r1'
make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[4]: Nothing to be done for `all-am'.
make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[3]: Nothing to be done for `all-am'.
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making all in src
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -MT snoop.o -MD -MP -MF ".deps/snoop.Tpo" -c -o snoop.o snoop.c; \ then mv -f ".deps/snoop.Tpo" ".deps/snoop.Po"; else rm -f ".deps/snoop.Tpo"; exit 1; fi
gcc -g -O2 -o snoop snoop.o
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[2]: Nothing to be done for `all-am'.
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
ileonte snoop # make install
Making install in kernel
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making install in Linux
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
Making install in 2.6
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
install snoop.ko /lib/modules/2.6.11-ck8-r1/kernel/drivers/char
/sbin/depmod -a
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[4]: Nothing to be done for `install-exec-am'.
make[4]: Nothing to be done for `install-data-am'.
make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
Making install in src
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
/bin/install -c 'snoop' '/usr/local/bin/snoop'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
ileonte snoop # modinfo snoop
filename: /lib/modules/2.6.11-ck8-r1/kernel/drivers/char/snoop.ko
author: Florin Malita <fmalita@gmail.com>
license: GPL
vermagic: 2.6.11-ck8-r1 SMP preempt PENTIUM4 gcc-3.4
depends:
parm: snoop_buffer_size:int
parm: snoop_max_open:int
parm: snoop_major:int
ileonte snoop # insmod snoop
insmod: can't read 'snoop': No such file or directory
ileonte snoop # modprobe snoop
ileonte snoop # lsmod
Module Size Used by
snoop 8052 0
ileonte snoop # ls
AUTHORS ChangeLog Makefile.am README autogen.sh config.h.in configure src
COPYING INSTALL Makefile.in aclocal.m4 autom4te.cache config.log configure.in stamp-h1
CVS Makefile NEWS autoconf config.h config.status kernel
ileonte snoop # src/
.deps/ CVS/ snoop
ileonte snoop # src/
.deps/ CVS/ snoop
ileonte snoop # src/snoop --help
Usage: src/snoop [OPTION...] FILE...
OPTIONS:
-h, --help display this help message and exit.
-d, --device=dev use the specified device node (default: /dev/snoop)
-r, --read snoop the read operation.
-w, --write snoop the write operation (default).
ileonte snoop # src/snoop --read /home/gargoylle_ltk/
Display all 113 possibilities? (y or n)
ileonte snoop # src/snoop --read /home/gargoylle_ltk/test.
test.eml test.zip
ileonte snoop # src/snoop --read /home/gargoylle_ltk/test.eml
entering I/O loop - CTRL-C to stop...
---
read(): Invalid argument
ileonte snoop # src/snoop --read /home/gargoylle_ltk/test.zip
entering I/O loop - CTRL-C to stop...
---
read(): Invalid argument
ileonte snoop #
=======================================================
read(): Invalid argument
^^^^^^^^^^
this means the snoop dev is not attached to any file descriptor. probably nobody has /home/gargoylle_ltk/test.elm open.
snoop can only attach to already open FDs, so try attaching to something you know for sure is open.
just checked out snoop on my computer at home. compilation works ok. installation needs a bit of tweeking (as far as I can tell the install script assumes that /lib//modules/${kernel_version}/drivers/char exists and is a directory which is not always true - I for example only have one other module build, the nvidia driver, so no drivers/char for me). anyway, after installing the module and modprobing:
ltkcentral snoop # lsmod
Module Size Used by
snoop 6772 0
nvidia 3705348 12
ltkcentral snoop # src/snoop --read /home/gargoylle_ltk/test.c (the file was opened in mcedit at the time)
open(): No such file or directory
ltkcentral snoop # strace src/snoop --read /home/gargoylle_ltk/test.c
execve("src/snoop", ["src/snoop", "--read", "/home/gargoylle_ltk/test.c"], [/* 59 vars */]) = 0
uname({sys="Linux", node="ltkcentral", ...}) = 0
brk(0) = 0x804a000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=157854, ...}) = 0
mmap2(NULL, 157854, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f2d000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200P\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1236184, ...}) = 0
mmap2(NULL, 1141948, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e16000
mmap2(0xb7f27000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x111) = 0xb7f27000
mmap2(0xb7f2b000, 7356, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f2b000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e15000
mprotect(0xb7f27000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e15a90, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7f2d000, 157854) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "\'\2017d", 4) = 4
close(3) = 0
open("/dev/snoop", O_RDWR) = -1 ENOENT (No such file or directory)
dup(2) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
brk(0) = 0x804a000
brk(0x806b000) = 0x806b000
fstat64(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f53000
_llseek(3, 0, 0xbfb65760, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(3, "open(): No such file or director"..., 34open(): No such file or directory
) = 34
close(3) = 0
munmap(0xb7f53000, 4096) = 0
exit_group(1) = ?
ltkcentral snoop # ls -l /dev/sn*
total 0
crw-rw---- 1 root audio 116, 0 Jan 1 1970 controlC0
crw-rw---- 1 root audio 116, 4 Jan 1 1970 hwC0D0
crw-rw---- 1 root audio 116, 6 Jan 1 1970 hwC0D2
crw-rw---- 1 root audio 116, 8 Jan 1 1970 midiC0D0
crw-rw---- 1 root audio 116, 9 Jan 1 1970 midiC0D1
crw-rw---- 1 root audio 116, 10 Jan 1 1970 midiC0D2
crw-rw---- 1 root audio 116, 24 Jan 1 1970 pcmC0D0c
crw-rw---- 1 root audio 116, 16 Jan 1 1970 pcmC0D0p
crw-rw---- 1 root audio 116, 25 Jan 1 1970 pcmC0D1c
crw-rw---- 1 root audio 116, 26 Jan 1 1970 pcmC0D2c
crw-rw---- 1 root audio 116, 18 Jan 1 1970 pcmC0D2p
crw-rw---- 1 root audio 116, 19 Jan 1 1970 pcmC0D3p
crw-rw---- 1 root audio 116, 1 Jan 1 1970 seq
crw-rw---- 1 root audio 116, 33 Jan 1 1970 timer
ltkcentral snoop #
I would have used mknod but if I'm reading you sources correctly you're using dynamic major number allocation. No errors show up in dmesg
good point about the module installer, I missed a "-d" switch in 'install ...'.
what distro is that? doesn't seem to use udev... to create the node manually (after modprobe, also in the README file):
mknod /dev/snoop c `awk '/ snoop/{print $1}' </proc/devices` 0
also, mcedit (as most other editors) doesn't keep the file open. use 'lsof' to find some open files.
I use Gentoo on all my machines which in turn uses devfsd. after running mknod and writing a 10-line program that keeps a file open I've finally managed to get it to work.
as a side note, I think it would be of greater practical utility to be able to watch a file rather than a file descriptor
agreed, but keep in mind that the original idea was to snoop on the fly some user's tty/pty. the ability to snoop any open file is just an implementation side effect (think of it as a bonus;).
i'm investigating the permanent "attach-to-inode/filename" feature but there's a lot of usability/polishing work i've got to do first.