libc/sys/ktrace.2

.\"	$OpenBSD: ktrace.2,v 1.31 2016/06/18 04:24:19 guenther Exp $
.\"	$NetBSD: ktrace.2,v 1.2 1995/02/27 12:33:58 cgd Exp $
.\"
.\" Copyright (c) 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)ktrace.2	8.1 (Berkeley) 6/4/93
.\"
.Dd $Mdocdate: June 18 2016 $
.Dt KTRACE 2
.Os
.Sh NAME
.Nm ktrace
.Nd process tracing
.Sh SYNOPSIS
.In sys/types.h
.In sys/param.h
.In sys/uio.h
.In sys/ktrace.h
.Ft int
.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "pid_t pid"
.Sh DESCRIPTION
The
.Fn ktrace
function enables or disables tracing of one or more processes.
Users may only trace their own processes.
Only the superuser can trace setuid or setgid programs.
.Fn ktrace
is only available on kernels compiled with the
.Cm KTRACE
option.
.Pp
.Fa tracefile
gives the pathname of the file to be used for tracing.
The file must exist, be writable by the calling process, and
not be a symbolic link.
All trace records are always appended to the file,
so the file must be truncated to zero length to discard
previous trace data.
If tracing points are being disabled (see
.Dv KTROP_CLEAR
below),
.Fa tracefile
may be
.Dv NULL .
.Pp
The
.Fa ops
parameter specifies the requested ktrace operation.
The defined operations are:
.Pp
.Bl -tag -width KTRFLAG_DESCEND -offset indent -compact
.It Dv KTROP_SET
Enable trace points specified in
.Fa trpoints .
.It Dv KTROP_CLEAR
Disable trace points specified in
.Fa trpoints .
.It Dv KTROP_CLEARFILE
Stop all tracing.
.It Dv KTRFLAG_DESCEND
The tracing change should apply to the
specified process and all its current children.
.El
.Pp
The
.Fa trpoints
parameter specifies the trace points of interest.
The defined trace points are:
.Pp
.Bl -tag -width KTRFAC_EXECARGS -offset indent -compact
.It Dv KTRFAC_SYSCALL
Trace system calls.
.It Dv KTRFAC_SYSRET
Trace return values from system calls.
.It Dv KTRFAC_NAMEI
Trace name lookup operations.
.It Dv KTRFAC_GENIO
Trace all I/O
(note that this option can generate much output).
.It Dv KTRFAC_PSIG
Trace posted signals.
.It Dv KTRFAC_STRUCT
Trace various structs
.It Dv KTRFAC_USER
Trace user data coming from
.Xr utrace 2
calls.
.It Dv KTRFAC_EXECARGS
Trace argument vector in
.Xr execve 2
calls.
.It Dv KTRFAC_EXECENV
Trace environment vector in
.Xr execve 2
calls.
.It Dv KTRFAC_PLEDGE
Trace violations of
.Xr pledge 2
restrictions.
.It Dv KTRFAC_INHERIT
Inherit tracing to future children.
.El
.Pp
The
.Fa pid
parameter refers to a process ID.
If it is negative,
it refers to a process group ID.
.Pp
Each tracing event outputs a record composed of a generic header
followed by a trace point specific structure.
The generic header is:
.Bd -literal
struct ktr_header {
	uint	ktr_type;		/* trace record type */
	pid_t	ktr_pid;		/* process id */
	pid_t	ktr_tid;		/* thread id */
	struct	timespec ktr_time;	/* timestamp */
	char	ktr_comm[MAXCOMLEN+1];	/* command name */
	size_t	ktr_len;		/* length of buf */
};
.Ed
.Pp
The
.Fa ktr_len
field specifies the length of the
.Fa ktr_type
data that follows this header.
The
.Fa ktr_pid , ktr_tid ,
and
.Fa ktr_comm
fields specify the process, thread, and command generating the record.
The
.Fa ktr_time
field gives the time (with nanosecond resolution)
that the record was generated.
.Pp
The generic header is followed by
.Fa ktr_len
bytes of a
.Fa ktr_type
record.
The type specific records are defined in the
.In sys/ktrace.h
include file.
.Sh RETURN VALUES
.Rv -std
.Sh ERRORS
.Fn ktrace
will fail if:
.Bl -tag -width ENAMETOOLONGAA
.It Bq Er ENOTDIR
A component of the path prefix is not a directory.
.It Bq Er EINVAL
No trace points were selected.
.It Bq Er ENAMETOOLONG
A component of a pathname exceeded
.Dv NAME_MAX
characters, or an entire pathname (including the terminating NUL)
exceeded
.Dv PATH_MAX
bytes.
.It Bq Er ENOENT
The named tracefile does not exist.
.It Bq Er EACCES
Search permission is denied for a component of the path prefix or the
path refers to a symbolic link.
.It Bq Er ELOOP
Too many symbolic links were encountered in translating the pathname.
.It Bq Er EIO
An I/O error occurred while reading from or writing to the file system.
.It Bq Er ESRCH
No process can be found corresponding to that specified by
.Fa pid .
.El
.Sh SEE ALSO
.Xr kdump 1 ,
.Xr ktrace 1 ,
.Xr utrace 2
.Sh HISTORY
A
.Fn ktrace
function call first appeared in
.Bx 4.4 .