1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)ktrace.2 8.1 (Berkeley) 6/4/93 29.\" 30.Dd November 2, 2022 31.Dt KTRACE 2 32.Os 33.Sh NAME 34.Nm ktrace 35.Nd process tracing 36.Sh LIBRARY 37.Lb libc 38.Sh SYNOPSIS 39.In sys/param.h 40.In sys/time.h 41.In sys/uio.h 42.In sys/ktrace.h 43.Ft int 44.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid" 45.Sh DESCRIPTION 46The 47.Fn ktrace 48system call enables or disables tracing of one or more processes. 49Users may only trace their own processes. 50Only the super-user can trace setuid or setgid programs. 51.Pp 52The 53.Fa tracefile 54argument 55gives the pathname of the file to be used for tracing. 56The file must exist and be a regular file writable by the calling process. 57All trace records are always appended to the file, 58so the file must be truncated to zero length to discard 59previous trace data. 60If tracing points are being disabled (see KTROP_CLEAR below), 61.Fa tracefile 62may be NULL. 63.Pp 64The 65.Fa ops 66argument specifies the requested ktrace operation. 67The defined operations are: 68.Bl -column KTRFLAG_DESCENDXXX -offset indent 69.It KTROP_SET Ta "Enable trace points specified in" 70.Fa trpoints . 71.It KTROP_CLEAR Ta "Disable trace points specified in" 72.Fa trpoints . 73.It KTROP_CLEARFILE Ta "Stop all tracing." 74.It KTRFLAG_DESCEND Ta "The tracing change should apply to the" 75specified process and all its current children. 76.El 77.Pp 78The 79.Fa trpoints 80argument specifies the trace points of interest. 81The defined trace points are: 82.Bl -column KTRFAC_PROCCTORXXX -offset indent 83.It KTRFAC_SYSCALL Ta "Trace system calls." 84.It KTRFAC_SYSRET Ta "Trace return values from system calls." 85.It KTRFAC_NAMEI Ta "Trace name lookup operations." 86.It KTRFAC_GENIO Ta "Trace all I/O (note that this option can" 87generate much output). 88.It KTRFAC_PSIG Ta "Trace posted signals." 89.It KTRFAC_CSW Ta "Trace context switch points." 90.It KTRFAC_USER Ta "Trace application-specific events." 91.It KTRFAC_STRUCT Ta "Trace certain data structures." 92.It KTRFAC_SYSCTL Ta "Trace sysctls." 93.It KTRFAC_PROCCTOR Ta "Trace process construction." 94.It KTRFAC_PROCDTOR Ta "Trace process destruction." 95.It KTRFAC_CAPFAIL Ta "Trace capability failures." 96.It KTRFAC_FAULT Ta "Trace page faults." 97.It KTRFAC_FAULTEND Ta "Trace the end of page faults." 98.It KTRFAC_STRUCT_ARRAY Ta "Trace arrays of certain data structures." 99.It KTRFAC_INHERIT Ta "Inherit tracing to future children." 100.El 101.Pp 102Each tracing event outputs a record composed of a generic header 103followed by a trace point specific structure. 104The generic header is: 105.Bd -literal 106struct ktr_header { 107 int ktr_len; /* length of buf */ 108 short ktr_type; /* trace record type */ 109 pid_t ktr_pid; /* process id */ 110 char ktr_comm[MAXCOMLEN+1]; /* command name */ 111 struct timeval ktr_time; /* timestamp */ 112 long ktr_tid; /* thread id */ 113}; 114.Ed 115.Pp 116The 117.Va ktr_len 118field specifies the length of the 119.Va ktr_type 120data that follows this header. 121The 122.Va ktr_pid 123and 124.Va ktr_comm 125fields specify the process and command generating the record. 126The 127.Va ktr_time 128field gives the time (with microsecond resolution) 129that the record was generated. 130The 131.Va ktr_tid 132field holds a thread id. 133.Pp 134The generic header is followed by 135.Va ktr_len 136bytes of a 137.Va ktr_type 138record. 139The type specific records are defined in the 140.In sys/ktrace.h 141include file. 142.Sh SYSCTL TUNABLES 143The following 144.Xr sysctl 8 145tunables influence the behaviour of 146.Fn ktrace : 147.Bl -tag -width indent 148.It Va kern.ktrace.genio_size 149bounds the amount of data a traced I/O request will log 150to the trace file. 151.It Va kern.ktrace.request_pool 152bounds the number of trace events being logged at a time. 153.El 154.Pp 155Sysctl tunables that control process debuggability (as determined by 156.Xr p_candebug 9 ) 157also affect the operation of 158.Fn ktrace . 159.Sh RETURN VALUES 160.Rv -std ktrace 161.Sh ERRORS 162The 163.Fn ktrace 164system call 165will fail if: 166.Bl -tag -width Er 167.It Bq Er ENOTDIR 168A component of the path prefix is not a directory. 169.It Bq Er ENAMETOOLONG 170A component of a pathname exceeded 255 characters, 171or an entire path name exceeded 1023 characters. 172.It Bq Er ENOENT 173The named tracefile does not exist. 174.It Bq Er EACCES 175Search permission is denied for a component of the path prefix. 176.It Bq Er ELOOP 177Too many symbolic links were encountered in translating the pathname. 178.It Bq Er EIO 179An I/O error occurred while reading from or writing to the file system. 180.It Bq Er EINTEGRITY 181Corrupted data was detected while reading from the file system. 182.It Bq Er ENOSYS 183The kernel was not compiled with 184.Nm 185support. 186.El 187.Pp 188A thread may be unable to log one or more tracing events due to a 189temporary shortage of resources. 190This condition is remembered by the kernel, and the next tracing request 191that succeeds will have the flag 192.Li KTR_DROP 193set in its 194.Va ktr_type 195field. 196.Sh SEE ALSO 197.Xr kdump 1 , 198.Xr ktrace 1 , 199.Xr utrace 2 , 200.Xr sysctl 8 , 201.Xr p_candebug 9 202.Sh HISTORY 203The 204.Fn ktrace 205system call first appeared in 206.Bx 4.4 . 207