1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)ktrace.2 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD: src/lib/libc/sys/ktrace.2,v 1.9.2.7 2001/12/14 18:34:01 ru Exp $ 30.\" 31.Dd April 4, 2023 32.Dt KTRACE 2 33.Os 34.Sh NAME 35.Nm ktrace 36.Nd process tracing 37.Sh LIBRARY 38.Lb libc 39.Sh SYNOPSIS 40.In sys/param.h 41.In sys/time.h 42.In sys/ktrace.h 43.Ft int 44.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid" 45.Sh DESCRIPTION 46The 47.Fn ktrace 48function enables or disables tracing of one or more processes. 49Users may only trace their own processes. 50By default only the super-user can trace setuid or setgid programs. 51This restriction can be removed by setting the sysctl 52.Va kern.ktrace_suid 53to a non-zero value. 54.Pp 55The 56.Fa tracefile 57gives the pathname of the file to be used for tracing. 58The file must exist and be a regular file writable by the calling process. 59All trace records are always appended to the file, 60so the file must be truncated to zero length to discard 61previous trace data. 62If tracing points are being disabled (see 63.Dv KTROP_CLEAR 64below), 65.Fa tracefile 66may be NULL. 67.Pp 68The 69.Fa ops 70parameter specifies the requested ktrace operation. 71The defined operations are: 72.Pp 73.Bl -tag -width KTRFAC_SYSCALLXXXXXX -compact -offset indent 74.It Dv KTROP_SET 75Enable trace points specified in 76.Fa trpoints . 77.It Dv KTROP_CLEAR 78Disable trace points specified in 79.Fa trpoints . 80.It Dv KTROP_CLEARFILE 81Stop all tracing. 82.It Dv KTRFLAG_DESCEND 83The tracing change should apply to the 84specified process and all its current children. 85.El 86.Pp 87The 88.Fa trpoints 89parameter specifies the trace points of interest. 90The defined trace points are: 91.Pp 92.Bl -tag -width KTRFAC_SYSCALLXXXXXX -compact -offset indent 93.It Dv KTRFAC_SYSCALL 94Trace system calls. 95.It Dv KTRFAC_SYSRET 96Trace return values from system calls. 97.It Dv KTRFAC_NAMEI 98Trace name lookup operations. 99.It Dv KTRFAC_GENIO 100Trace all I/O (note that this option can 101generate much output). 102.It Dv KTRFAC_PSIG 103Trace posted signals. 104.It Dv KTRFAC_CSW 105Trace context switch points. 106.It Dv KTRFAC_SYSCTL 107Trace sysctls. 108.It Dv KTRFAC_INHERIT 109Inherit tracing to future children. 110.El 111.Pp 112Each tracing event outputs a record composed of a generic header 113followed by a trace point specific structure. 114The generic header is: 115.Bd -literal 116struct ktr_header { 117 int ktr_len; /* length of buf */ 118 short ktr_type; /* trace record type */ 119 pid_t ktr_pid; /* process id */ 120 char ktr_comm[MAXCOMLEN+1]; /* command name */ 121 struct timeval ktr_time; /* timestamp */ 122 caddr_t ktr_buf; 123}; 124.Ed 125.Pp 126The 127.Va ktr_len 128field specifies the length of the 129.Va ktr_type 130data that follows this header. 131The 132.Va ktr_pid 133and 134.Va ktr_comm 135fields specify the process and command generating the record. 136The 137.Va ktr_time 138field gives the time (with microsecond resolution) 139that the record was generated. 140The 141.Va ktr_buf 142is an internal kernel pointer and is not useful. 143.Pp 144The generic header is followed by 145.Va ktr_len 146bytes of a 147.Va ktr_type 148record. 149The type specific records are defined in the 150.In sys/ktrace.h 151include file. 152.Sh RETURN VALUES 153.Rv -std ktrace 154.Sh ERRORS 155The 156.Fn ktrace 157will fail if: 158.Bl -tag -width Er 159.It Bq Er ENOTDIR 160A component of the path prefix is not a directory. 161.It Bq Er ENAMETOOLONG 162A component of a pathname exceeded 255 characters, 163or an entire path name exceeded 1023 characters. 164.It Bq Er ENOENT 165The named tracefile does not exist. 166.It Bq Er EACCES 167Search permission is denied for a component of the path prefix. 168.It Bq Er ELOOP 169Too many symbolic links were encountered in translating the pathname. 170.It Bq Er EIO 171An I/O error occurred while reading from or writing to the file system. 172.It Bq Er ENOSYS 173The kernel was not compiled with 174.Nm 175support. 176.El 177.Sh SEE ALSO 178.Xr kdump 1 , 179.Xr ktrace 1 , 180.Xr utrace 2 , 181.Xr sysctl 8 182.Sh HISTORY 183A 184.Fn ktrace 185function call first appeared in 186.Bx 4.4 . 187