On Thu, Aug 21, 2008 at 04:24:54PM +0100, Robert Milkowski wrote: > Hello przemolicc, > > Thursday, August 21, 2008, 12:28:10 PM, you wrote: > > ppf> Hello, > > ppf> I have the following directory structure: > ppf> A > ppf> A1 > ppf> A11 > ppf> A12 > ppf> A13 > ppf> A2 > ppf> A21 > ppf> A22 > ppf> A221 > ppf> A222 > ppf> A23 > ppf> B > ppf> ... > > ppf> Can I watch file creations and syscalls like open, close, ... > ppf> related to files existing _below_ e.g. A2 directory ? > ppf> > > When you have a path passed as a string to syscall (like with open()) > then you can use as a predicate something like this: > > syscall::open:entry > /stringof(copyin(arg0,7)) == "/mnt/A2"/ > > > If it is a syscall where you got only fd then even by using self->fd > keep track of it from open to close or use something like: > > /stringof(copyin(fds[arg0].fi_pathname,7)) == "/mnt/A2"
fi_pathname is a kernel string; no copyin necessary. You probably want to use substr() in any case: /substr(fds[arg0].fi_pathname, 0, 7) == "/mnt/A2"/ > Unless some better string manipulation functions were integrated into > dtrace (and probably they were). They were, but I'm not sure how documented they are. There are: basename() dirname() index() rindex() strjoin() strlen() strstr() substr() I highly recommend browsing usr/src/lib/libdtrace/common/dt_open.c. Cheers, - jonathan _______________________________________________ dtrace-discuss mailing list [email protected]
