All releases of system call tracker

  •  06 Feb 2003 01:36
Avatar

    Release Notes: This release adds support for matching and logging the current working directory, so that you can know if 'open("passwd", ...)' relates to '/etc/passwd' rather than '/home/joe/tmp/passwd'." It also contains a bugfix when detecting whether the kernel modules are loaded in the user space libraries, and a fix for sctrace where sctracing a program with command line arguments could fail to find the program to trace.

    •  28 Jan 2003 13:37
    Avatar

      Release Notes: This release includes support for matching against void pointers (addresses) and re-enables support for tracking the shmat and msgrcv calls. sctrace now supports strace's 'follow forks' mode, and tracking was implemented for the last two remaining syscalls, sys_vfork and sys_bdflush. The userspace tools now behave sensibly when the kernel modules aren't loaded and complain. The '-h' and '--help' command line flags for sct_logctrl were added. This release also includes assorted other bugfixes for kernel modules, so an upgrade is recommended.

      •  23 Nov 2002 20:30
      Avatar

        Release Notes: This release contains support for multiple readers of the log device. It is now possible to have two (or more) different log device readers. Each log device reader can set its own log device parameter, such as the log format and the log buffer size. See sct_logctrl(1) and sctlog(1) for further details. This release disables support for the 'shmat', 'semctl', and 'msgrecv' system calls (muxed functions of the sys_ipc system call, to be precise). This will be fixed and included in the next release.

        •  13 Sep 2002 20:11
        Avatar

          Release Notes: This release contains complete autotools support for the entire syscalltrack system: kernel modules, libraries, and applications. It also contains support for 'kill process' and 'suspend process' actions. Now you can set rules to kill any process that matches a rule, or to suspend it. This release also contains two major bugfixes, one for an SMP race and the other for the bdflush() system call, and many more supported system calls. Upgrading is recommended.

          •  31 Aug 2002 22:26
          Avatar

            Release Notes: The major change in this release is the addition of support for over 100 system calls. It includes infrastructure support for 64 bit system call parameters, such as long long and loff_t. This release also fixes bugs in various areas. Most notable are the bugfixes to the syscall data file parser (which is used by sctrace and sct_config), and to sctrace and the logging mechanism. This release has been extensively tested on 2.4 kernels. It should work on 2.5 kernels. It does not work on 2.2 kernels, due to technical difficulties.

            •  01 Aug 2002 20:40
            Avatar

              Release Notes: This release adds sctrace, an experimental strace(1) compatible tool. It also adds an experimental logging device file, /dev/sct_log, so system call invocations are logged either to syslog or directly to the device file. It includes bugfixes in the automatic code generated for system call stubs and in the kernel module reference counting code when deleting a single rule, and adds support for all the IPC system calls and for execve(!), and a few other syscalls. Last but certainly not least, this release adds man pages.

              •  23 Jun 2002 05:10
              Avatar

                Release Notes: This release supports many new system calls, including but not limited to exit(1), fork(2), read(3), and write(4). It fixes a bug when evaluating a buffer node and a bug with pattern matching on a buffer node, as well as a bug when matching for a constant [filter_expression {1}] to eturn true, as it should, instead of false, as it did. It also fixes several in-kernel memory leaks and erroneous kernel string handling.

                •  01 Jun 2002 22:57
                Avatar

                  Release Notes: 'get rule count' and 'get rules' were added to the sct_ctrl_lib API. 'get rule count' will return the number of currently registered rules, while 'get rules' will return a linked list of the before and after rules for each system call. Support was added for constants when specifying matching rules, for example, O_RDONLY, O_EXCL, and friends for open(2). Support was added for octal/hex numbers in filter expressions. Assorted internal cleanups, code refactoring, bugfixes, and memory leak plugs were done.

                  •  25 Feb 2002 07:57
                  Avatar

                    Release Notes: This release includes a type-cast for 'struct' syscall parameters (useful for socket calls), 'fail syscall' actions, convenience-macros in rule config files, experimental device-driver control support, 'log_format' definition per rule, and some new syscalls (waitpid, close, creat). Major bugfixes include fixes for white-space parsing in 'sct_config', a small memory leak when deserializing 'log' actions, and a bug in the kernel module that could leave dangling function pointers in case a user cleared only the 'before' function pointer.

                    •  05 Jan 2002 20:53
                    Avatar

                      Release Notes: Support for new process parameters PPID and PCOMM (special attention should be given to PCOMM, which allows matching on the name of the program the process parent is executing), a fix for a bug where filter expressions with '!' or '~' weren't parsed correctly, and a fix for a bug where if the filter expression first token was a '(' it looped endlessly because it never advanced to the next token.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.