Menu

just can't get it to work

Help
G
2005-07-19
2013-05-03
  • G

    G - 2005-07-19

    not sure whether this is a bug or I'm doing something wrong but I just can't get snoop to work. Here's what happens:

    ====================================================
    ileonte snoop-cvs # pwd
    /home/gargoylle_ltk/tmp/snoop-cvs

    ileonte snoop-cvs # cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snoop login
    Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/snoop
    CVS password:
    ileonte snoop-cvs # cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snoop co -P snoop
    cvs checkout: Updating snoop
    U snoop/AUTHORS
    U snoop/COPYING
    U snoop/ChangeLog
    U snoop/INSTALL
    U snoop/Makefile.am
    U snoop/NEWS
    U snoop/README
    U snoop/autogen.sh
    U snoop/configure.in
    cvs checkout: Updating snoop/autoconf
    U snoop/autoconf/Makefile.am
    cvs checkout: Updating snoop/kernel
    U snoop/kernel/Makefile.am
    cvs checkout: Updating snoop/kernel/Linux
    U snoop/kernel/Linux/Makefile.am
    cvs checkout: Updating snoop/kernel/Linux/2.6
    U snoop/kernel/Linux/2.6/Makefile.in
    U snoop/kernel/Linux/2.6/snoop.c
    U snoop/kernel/Linux/2.6/snoop.h
    cvs checkout: Updating snoop/src
    U snoop/src/Makefile.am
    U snoop/src/snoop.c

    ileonte snoop-cvs # cd snoop
    ileonte snoop # ./auto
    autoconf/   autogen.sh
    ileonte snoop # ./autogen.sh
    + aclocal -I autoconf
    /usr/share/aclocal/xdelta.m4:7: warning: underquoted definition of AM_PATH_XDELTA
      run info '(automake)Extending aclocal'
      or see http://sources.redhat.com/automake/automake.html#Extending-aclocal
    /usr/share/aclocal/wxwin.m4:36: warning: underquoted definition of AM_OPTIONS_WXCONFIG
    /usr/share/aclocal/wxwin.m4:59: warning: underquoted definition of AM_PATH_WXCONFIG
    /usr/share/aclocal/pth.m4:43: warning: underquoted definition of _AC_PTH_ERROR
    /usr/share/aclocal/pth.m4:54: warning: underquoted definition of _AC_PTH_VERBOSE
    /usr/share/aclocal/pth.m4:60: warning: underquoted definition of AC_CHECK_PTH
    /usr/share/aclocal/libmikmod.m4:11: warning: underquoted definition of AM_PATH_LIBMIKMOD
    /usr/share/aclocal/libmcrypt.m4:17: warning: underquoted definition of AM_PATH_LIBMCRYPT
    /usr/share/aclocal/libfame.m4:6: warning: underquoted definition of AM_PATH_LIBFAME
    /usr/share/aclocal/imlib.m4:9: warning: underquoted definition of AM_PATH_IMLIB
    /usr/share/aclocal/imlib.m4:167: warning: underquoted definition of AM_PATH_GDK_IMLIB
    /usr/share/aclocal/gtk.m4:7: warning: underquoted definition of AM_PATH_GTK
    /usr/share/aclocal/glib.m4:8: warning: underquoted definition of AM_PATH_GLIB
    /usr/share/aclocal/audiofile.m4:12: warning: underquoted definition of AM_PATH_AUDIOFILE
    + autoheader
    + automake --add-missing --copy
    configure.in: installing `autoconf/install-sh'
    configure.in: installing `autoconf/missing'
    configure.in:5: installing `autoconf/config.guess'
    configure.in:5: installing `autoconf/config.sub'
    src/Makefile.am: installing `autoconf/depcomp'
    + autoconf

    ileonte snoop # ./configure
    checking build system type... i686-pc-linux-gnu
    checking host system type... i686-pc-linux-gnu
    checking target system type... i686-pc-linux-gnu
    checking for a BSD-compatible install... /bin/install -c
    checking whether build environment is sane... yes
    checking for gawk... gawk
    checking whether make sets $(MAKE)... yes
    checking OS...  Linux
    checking kernel...  2.6.11-ck8-r1
    checking kernel support...  supported in kernel/Linux/2.6
    checking kernel sources...  found in /lib/modules/2.6.11-ck8-r1/build
    checking for gcc... gcc
    checking for C compiler default output file name... a.out
    checking whether the C compiler works... yes
    checking whether we are cross compiling... no
    checking for suffix of executables...
    checking for suffix of object files... o
    checking whether we are using the GNU C compiler... yes
    checking whether gcc accepts -g... yes
    checking for gcc option to accept ANSI C... none needed
    checking for style of include used by make... GNU
    checking dependency style of gcc... gcc3
    checking for a BSD-compatible install... /bin/install -c
    configure: creating ./config.status
    config.status: creating Makefile
    config.status: creating autoconf/Makefile
    config.status: creating src/Makefile
    config.status: creating kernel/Makefile
    config.status: creating kernel/Linux/Makefile
    config.status: creating kernel/Linux/2.6/Makefile
    config.status: creating config.h
    config.status: executing depfiles commands

    ileonte snoop # make
    make  all-recursive
    make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
    Making all in kernel
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    Making all in Linux
    make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    Making all in 2.6
    make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
    make -C /lib/modules/2.6.11-ck8-r1/build M=/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6 modules
    make[5]: Entering directory `/usr/src/linux-2.6.11-ck8-r1'
      CC [M]  /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.o
      Building modules, stage 2.
      MODPOST
      CC      /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.mod.o
      LD [M]  /home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6/snoop.ko
    make[5]: Leaving directory `/usr/src/linux-2.6.11-ck8-r1'
    make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
    make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[4]: Nothing to be done for `all-am'.
    make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    make[3]: Nothing to be done for `all-am'.
    make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    Making all in src
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
    if gcc -DHAVE_CONFIG_H -I. -I. -I..     -g -O2 -MT snoop.o -MD -MP -MF ".deps/snoop.Tpo" -c -o snoop.o snoop.c; \ then mv -f ".deps/snoop.Tpo" ".deps/snoop.Po"; else rm -f ".deps/snoop.Tpo"; exit 1; fi
    gcc  -g -O2   -o snoop  snoop.o
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
    make[2]: Nothing to be done for `all-am'.
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
    make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'

    ileonte snoop # make install
    Making install in kernel
    make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    Making install in Linux
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    Making install in 2.6
    make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
    install snoop.ko /lib/modules/2.6.11-ck8-r1/kernel/drivers/char
    /sbin/depmod -a
    make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux/2.6'
    make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[4]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[4]: Nothing to be done for `install-exec-am'.
    make[4]: Nothing to be done for `install-data-am'.
    make[4]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel/Linux'
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    make[3]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    make[3]: Nothing to be done for `install-exec-am'.
    make[3]: Nothing to be done for `install-data-am'.
    make[3]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/kernel'
    Making install in src
    make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
    test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
      /bin/install -c 'snoop' '/usr/local/bin/snoop'
    make[2]: Nothing to be done for `install-data-am'.
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
    make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop/src'
    make[1]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
    make[2]: Entering directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
    make[2]: Nothing to be done for `install-exec-am'.
    make[2]: Nothing to be done for `install-data-am'.
    make[2]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'
    make[1]: Leaving directory `/home/gargoylle_ltk/tmp/snoop-cvs/snoop'

    ileonte snoop # modinfo snoop
    filename:       /lib/modules/2.6.11-ck8-r1/kernel/drivers/char/snoop.ko
    author:         Florin Malita <fmalita@gmail.com>
    license:        GPL
    vermagic:       2.6.11-ck8-r1 SMP preempt PENTIUM4 gcc-3.4
    depends:
    parm:           snoop_buffer_size:int
    parm:           snoop_max_open:int
    parm:           snoop_major:int

    ileonte snoop # insmod snoop
    insmod: can't read 'snoop': No such file or directory
    ileonte snoop # modprobe snoop
    ileonte snoop # lsmod
    Module                  Size  Used by
    snoop                   8052  0

    ileonte snoop # ls
    AUTHORS  ChangeLog  Makefile.am  README      autogen.sh      config.h.in    configure     src
    COPYING  INSTALL    Makefile.in  aclocal.m4  autom4te.cache  config.log     configure.in  stamp-h1
    CVS      Makefile   NEWS         autoconf    config.h        config.status  kernel

    ileonte snoop # src/
    .deps/ CVS/   snoop
    ileonte snoop # src/
    .deps/ CVS/   snoop
    ileonte snoop # src/snoop --help
    Usage: src/snoop [OPTION...] FILE...
      OPTIONS:
        -h, --help         display this help message and exit.
        -d, --device=dev   use the specified device node (default: /dev/snoop)
        -r, --read         snoop the read operation.
        -w, --write        snoop the write operation (default).

    ileonte snoop # src/snoop --read /home/gargoylle_ltk/
    Display all 113 possibilities? (y or n)
    ileonte snoop # src/snoop --read /home/gargoylle_ltk/test.
    test.eml  test.zip
    ileonte snoop # src/snoop --read /home/gargoylle_ltk/test.eml
    entering I/O loop -  CTRL-C to stop...
    ---
    read(): Invalid argument
    ileonte snoop # src/snoop --read /home/gargoylle_ltk/test.zip
    entering I/O loop -  CTRL-C to stop...
    ---
    read(): Invalid argument
    ileonte snoop #
    =======================================================

     
    • Florin Malita

      Florin Malita - 2005-07-19

      read(): Invalid argument
      ^^^^^^^^^^
      this means the snoop dev is not attached to any file descriptor. probably nobody has  /home/gargoylle_ltk/test.elm open.

      snoop can only attach to already open FDs, so try attaching to something you know for sure is open.

       
    • G

      G - 2005-07-19

      just checked out snoop on my computer at home. compilation works ok. installation needs a bit of tweeking (as far as I can tell the install script assumes that /lib//modules/${kernel_version}/drivers/char exists and is a directory which is not always true - I for example only have one other module build, the nvidia driver, so no drivers/char for me). anyway, after installing the module and modprobing:

      ltkcentral snoop # lsmod
      Module                  Size  Used by
      snoop                   6772  0
      nvidia               3705348  12
      ltkcentral snoop # src/snoop --read /home/gargoylle_ltk/test.c (the file was opened in mcedit at the time)
      open(): No such file or directory
      ltkcentral snoop # strace src/snoop --read /home/gargoylle_ltk/test.c
      execve("src/snoop", ["src/snoop", "--read", "/home/gargoylle_ltk/test.c"], [/* 59 vars */]) = 0
      uname({sys="Linux", node="ltkcentral", ...}) = 0
      brk(0)                                  = 0x804a000
      access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
      open("/etc/ld.so.cache", O_RDONLY)      = 3
      fstat64(3, {st_mode=S_IFREG|0644, st_size=157854, ...}) = 0
      mmap2(NULL, 157854, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f2d000
      close(3)                                = 0
      open("/lib/libc.so.6", O_RDONLY)        = 3
      read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200P\1"..., 512) = 512
      fstat64(3, {st_mode=S_IFREG|0755, st_size=1236184, ...}) = 0
      mmap2(NULL, 1141948, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e16000
      mmap2(0xb7f27000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x111) = 0xb7f27000
      mmap2(0xb7f2b000, 7356, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f2b000
      close(3)                                = 0
      mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e15000
      mprotect(0xb7f27000, 4096, PROT_READ)   = 0
      set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e15a90, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
      munmap(0xb7f2d000, 157854)              = 0
      open("/dev/urandom", O_RDONLY)          = 3
      read(3, "\'\2017d", 4)                  = 4
      close(3)                                = 0
      open("/dev/snoop", O_RDWR)              = -1 ENOENT (No such file or directory)
      dup(2)                                  = 3
      fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
      brk(0)                                  = 0x804a000
      brk(0x806b000)                          = 0x806b000
      fstat64(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
      mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f53000
      _llseek(3, 0, 0xbfb65760, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
      write(3, "open(): No such file or director"..., 34open(): No such file or directory
      ) = 34
      close(3)                                = 0
      munmap(0xb7f53000, 4096)                = 0
      exit_group(1)                           = ?
      ltkcentral snoop # ls -l /dev/sn*
      total 0
      crw-rw----  1 root audio 116,  0 Jan  1  1970 controlC0
      crw-rw----  1 root audio 116,  4 Jan  1  1970 hwC0D0
      crw-rw----  1 root audio 116,  6 Jan  1  1970 hwC0D2
      crw-rw----  1 root audio 116,  8 Jan  1  1970 midiC0D0
      crw-rw----  1 root audio 116,  9 Jan  1  1970 midiC0D1
      crw-rw----  1 root audio 116, 10 Jan  1  1970 midiC0D2
      crw-rw----  1 root audio 116, 24 Jan  1  1970 pcmC0D0c
      crw-rw----  1 root audio 116, 16 Jan  1  1970 pcmC0D0p
      crw-rw----  1 root audio 116, 25 Jan  1  1970 pcmC0D1c
      crw-rw----  1 root audio 116, 26 Jan  1  1970 pcmC0D2c
      crw-rw----  1 root audio 116, 18 Jan  1  1970 pcmC0D2p
      crw-rw----  1 root audio 116, 19 Jan  1  1970 pcmC0D3p
      crw-rw----  1 root audio 116,  1 Jan  1  1970 seq
      crw-rw----  1 root audio 116, 33 Jan  1  1970 timer
      ltkcentral snoop #

      I would have used mknod but if I'm reading you sources correctly you're using dynamic major number allocation. No errors show up in dmesg

       
    • Florin Malita

      Florin Malita - 2005-07-19

      good point about the module installer, I missed a "-d" switch in 'install ...'.

      what distro is that? doesn't seem to use udev... to create the node manually (after modprobe, also in the README file):

      mknod /dev/snoop c `awk '/ snoop/{print $1}' </proc/devices` 0

      also, mcedit (as most other editors) doesn't keep the file open. use 'lsof' to find some open files.

       
    • G

      G - 2005-07-20

      I use Gentoo on all my machines which in turn uses devfsd. after running mknod and writing a 10-line program that keeps a file open I've finally managed to get it to work.

      as a side note, I think it would be of greater practical utility to be able to watch a file rather than a file descriptor

       
    • Florin Malita

      Florin Malita - 2005-07-20

      agreed, but keep in mind that the original idea was to snoop on the fly some user's tty/pty. the ability to snoop any open file is just an implementation side effect (think of it as a bonus;).

      i'm investigating the permanent "attach-to-inode/filename" feature but there's a lot of usability/polishing work i've got to do first.

       

Log in to post a comment.