1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)ktrace.2 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD$ 30.\" 31.Dd November 2, 2022 32.Dt KTRACE 2 33.Os 34.Sh NAME 35.Nm ktrace 36.Nd process tracing 37.Sh LIBRARY 38.Lb libc 39.Sh SYNOPSIS 40.In sys/param.h 41.In sys/time.h 42.In sys/uio.h 43.In sys/ktrace.h 44.Ft int 45.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid" 46.Sh DESCRIPTION 47The 48.Fn ktrace 49system call enables or disables tracing of one or more processes. 50Users may only trace their own processes. 51Only the super-user can trace setuid or setgid programs. 52.Pp 53The 54.Fa tracefile 55argument 56gives the pathname of the file to be used for tracing. 57The file must exist and be a regular file writable by the calling process. 58All trace records are always appended to the file, 59so the file must be truncated to zero length to discard 60previous trace data. 61If tracing points are being disabled (see KTROP_CLEAR below), 62.Fa tracefile 63may be NULL. 64.Pp 65The 66.Fa ops 67argument specifies the requested ktrace operation. 68The defined operations are: 69.Bl -column KTRFLAG_DESCENDXXX -offset indent 70.It KTROP_SET Ta "Enable trace points specified in" 71.Fa trpoints . 72.It KTROP_CLEAR Ta "Disable trace points specified in" 73.Fa trpoints . 74.It KTROP_CLEARFILE Ta "Stop all tracing." 75.It KTRFLAG_DESCEND Ta "The tracing change should apply to the" 76specified process and all its current children. 77.El 78.Pp 79The 80.Fa trpoints 81argument specifies the trace points of interest. 82The defined trace points are: 83.Bl -column KTRFAC_PROCCTORXXX -offset indent 84.It KTRFAC_SYSCALL Ta "Trace system calls." 85.It KTRFAC_SYSRET Ta "Trace return values from system calls." 86.It KTRFAC_NAMEI Ta "Trace name lookup operations." 87.It KTRFAC_GENIO Ta "Trace all I/O (note that this option can" 88generate much output). 89.It KTRFAC_PSIG Ta "Trace posted signals." 90.It KTRFAC_CSW Ta "Trace context switch points." 91.It KTRFAC_USER Ta "Trace application-specific events." 92.It KTRFAC_STRUCT Ta "Trace certain data structures." 93.It KTRFAC_SYSCTL Ta "Trace sysctls." 94.It KTRFAC_PROCCTOR Ta "Trace process construction." 95.It KTRFAC_PROCDTOR Ta "Trace process destruction." 96.It KTRFAC_CAPFAIL Ta "Trace capability failures." 97.It KTRFAC_FAULT Ta "Trace page faults." 98.It KTRFAC_FAULTEND Ta "Trace the end of page faults." 99.It KTRFAC_STRUCT_ARRAY Ta "Trace arrays of certain data structures." 100.It KTRFAC_INHERIT Ta "Inherit tracing to future children." 101.El 102.Pp 103Each tracing event outputs a record composed of a generic header 104followed by a trace point specific structure. 105The generic header is: 106.Bd -literal 107struct ktr_header { 108 int ktr_len; /* length of buf */ 109 short ktr_type; /* trace record type */ 110 pid_t ktr_pid; /* process id */ 111 char ktr_comm[MAXCOMLEN+1]; /* command name */ 112 struct timeval ktr_time; /* timestamp */ 113 long ktr_tid; /* thread id */ 114}; 115.Ed 116.Pp 117The 118.Va ktr_len 119field specifies the length of the 120.Va ktr_type 121data that follows this header. 122The 123.Va ktr_pid 124and 125.Va ktr_comm 126fields specify the process and command generating the record. 127The 128.Va ktr_time 129field gives the time (with microsecond resolution) 130that the record was generated. 131The 132.Va ktr_tid 133field holds a thread id. 134.Pp 135The generic header is followed by 136.Va ktr_len 137bytes of a 138.Va ktr_type 139record. 140The type specific records are defined in the 141.In sys/ktrace.h 142include file. 143.Sh SYSCTL TUNABLES 144The following 145.Xr sysctl 8 146tunables influence the behaviour of 147.Fn ktrace : 148.Bl -tag -width indent 149.It Va kern.ktrace.geniosize 150bounds the amount of data a traced I/O request will log 151to the trace file. 152.It Va kern.ktrace.request_pool 153bounds the number of trace events being logged at a time. 154.El 155.Pp 156Sysctl tunables that control process debuggability (as determined by 157.Xr p_candebug 9 ) 158also affect the operation of 159.Fn ktrace . 160.Sh RETURN VALUES 161.Rv -std ktrace 162.Sh ERRORS 163The 164.Fn ktrace 165system call 166will fail if: 167.Bl -tag -width Er 168.It Bq Er ENOTDIR 169A component of the path prefix is not a directory. 170.It Bq Er ENAMETOOLONG 171A component of a pathname exceeded 255 characters, 172or an entire path name exceeded 1023 characters. 173.It Bq Er ENOENT 174The named tracefile does not exist. 175.It Bq Er EACCES 176Search permission is denied for a component of the path prefix. 177.It Bq Er ELOOP 178Too many symbolic links were encountered in translating the pathname. 179.It Bq Er EIO 180An I/O error occurred while reading from or writing to the file system. 181.It Bq Er EINTEGRITY 182Corrupted data was detected while reading from the file system. 183.It Bq Er ENOSYS 184The kernel was not compiled with 185.Nm 186support. 187.El 188.Pp 189A thread may be unable to log one or more tracing events due to a 190temporary shortage of resources. 191This condition is remembered by the kernel, and the next tracing request 192that succeeds will have the flag 193.Li KTR_DROP 194set in its 195.Va ktr_type 196field. 197.Sh SEE ALSO 198.Xr kdump 1 , 199.Xr ktrace 1 , 200.Xr utrace 2 , 201.Xr sysctl 8 , 202.Xr p_candebug 9 203.Sh HISTORY 204The 205.Fn ktrace 206system call first appeared in 207.Bx 4.4 . 208