1 Reply Latest reply: Dec 28, 2009 9:31 PM by 807559 RSS

    Pattern Match in a predicate ?

      Is it possible to pattern match in a predicate? I am modifying opensnoop as the "-f filename" option will only ever match the exact string. So if you do "-f /var/tmp/moo.txt" it will not match/fire when someone is IN /var/tmp and does a "cat moo.txt" The filename/pathnames do not match

      /self->ok && PATHNAME == copyinstr(self->pathp)/
      etc etc etc

      What can you do in the PATHNAME command to pattern match all instances of "moo.txt". So that even if you are in /etc and do a "cat ../var/tmp/moo.txt" would be picked up?

        • 1. Re: Pattern Match in a predicate ?
          There's no (straightforward) means of pattern-matching in a predicate. However, you do have subroutines in DTrace that can further your cause. If the name of your file is a sufficient match, i.e., you're not worried about matching against a same-name file in another likely directory:

          string basename(char *str)

          Or, you can use

          string cleanpath(char *str)

          if collapsing a directory with redundant elements is sufficient.

          Whatever you can do with those operations, logically ANDed together, is what you can do.