VFS full_audit - vfs_op_names gives wrong value [WAS: VFS modul
- understanding operations - help needed]
Mario Minati
mario at minati.de
Sat Oct 15 21:45:19 GMT 2005
Jeremy Allison schrieb:
>On Fri, Oct 14, 2005 at 12:37:50AM +0200, Mario Minati wrote:
>
>
>>Now my problem:
>>At the moment I am quite confused by the load of operations created by
>>e.g. a new directory. While I am monitoring samba with the full_audit
>>VFS modul I get no mkdir. The only message that is somehow connected to
>>that new directory is open with 'w' flag. The unlink operation is an
>>other example, in a few minutes of surfing through the dir tree I get a
>>few hundreds of them without deleting anything.
>>So I would like to know where I can find out about when which operation
>>is called.
>>Is there some information in the sourcecode? I only read the modules
>>files so far and I couldn't find any usefull informations in the CIFS
>>documentation or the other samba developer doucments.
>>
>>
>
>*All* filesystem operations go through the VFS layer. There is no
>other way the smbd code can touch the underlying filesystem.
>
>In the source code grep for SMB_VFS_ within all C files to see
>where all the VFS calls are.
>
>Read the source code to discover how things are used - that's what
>it is for !
>
>Jeremy.
>
>
>
Hi,
the last days I learned quite a bit of how samba is working internaly,
yet I am far from being an expert. ;-)
When I was stepping through smbd (3.0.14 - debian source) with gdb on a
trans2 message asking for ALL_INFO there was a call to unix_convert
which calls SMB_VFS_STAT to check if a file (".") exists. That was fine
so far.
Through this VFS call, the full_audit VFS..._stat function (line 1029)
was called - as expected - but it returns *'unlink'* as operation name
instead of 'stat'.
I printed the variables in function audit_opname, line 672:
op was SMB_VFS_OP_STAT as expected
vfs_op_names[op].name delivered 'unlink' which I don't understand.
I compared the definitions of vfs_op_names in vfs_full_audit.c and vfs.h
and can't find any differences, except that the SMB_VFS_OP_NULL at the
beginning is missing, but that shouldn't be a problem, right?
Can you help me hunt this thing down?
Greets,
Mario
More information about the samba-technical
mailing list