Hello, This message describes new filtering architecture. Please, review it and give me feedback.
Filtering language. The format of new filtering expression is: action(expr [, argument1=value1[,argument2=value2]...) where action is equal with 'qualifier', expr is boolean expression with pcap-filter[1] syntax with strace primitives and optional arguments are action-specific. Expression primitives. *syscall set_of_syscalls *class syscall_class *regex /regex *path path *fd set_of_fds *signal set_of_signals caller pid callnum [<=, >=] number command cmd ... Primitives marked with * are already supported by strace for some qualifiers. Filtering architecture. The new entry point of filtering is filter_main() in trace_syscall_entering after getting arguments of syscall. It runs every filter action and set tcp->qual_flg value. Filter actions have boolean expression and filters attached to it. Each filter type processes one expression primitive. Filter action runs every attached filter with current tcp and passes results to boolean expression and applies if it is true. This architecture allows independent implementation of filters or expressions and encapsulates filtering mechanism parts. [1]http://www.tcpdump.org/manpages/pcap-filter.7.html
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Strace-devel mailing list Strace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/strace-devel