1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)ktrace.2 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD: src/lib/libc/sys/ktrace.2,v 1.9.2.7 2001/12/14 18:34:01 ru Exp $ 30.\" 31.Dd November 24, 2019 32.Dt KTRACE 2 33.Os 34.Sh NAME 35.Nm ktrace 36.Nd process tracing 37.Sh LIBRARY 38.Lb libc 39.Sh SYNOPSIS 40.In sys/param.h 41.In sys/time.h 42.In sys/ktrace.h 43.Ft int 44.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid" 45.Sh DESCRIPTION 46The 47.Fn ktrace 48function enables or disables tracing of one or more processes. 49Users may only trace their own processes. 50By default only the super-user can trace setuid or setgid programs. 51This restriction can be removed by setting the sysctl 52.Va kern.ktrace_suid 53to a non-zero value. 54.Pp 55The 56.Fa tracefile 57gives the pathname of the file to be used for tracing. 58The file must exist and be a regular file writable by the calling process. 59All trace records are always appended to the file, 60so the file must be truncated to zero length to discard 61previous trace data. 62If tracing points are being disabled (see KTROP_CLEAR below), 63.Fa tracefile 64may be NULL. 65.Pp 66The 67.Fa ops 68parameter specifies the requested ktrace operation. 69The defined operations are: 70.Bl -column KTRFLAG_DESCENDXXX -offset indent 71.It "KTROP_SET Enable trace points specified in" 72.Fa trpoints . 73.It "KTROP_CLEAR Disable trace points specified in" 74.Fa trpoints . 75.It "KTROP_CLEARFILE Stop all tracing." 76.It "KTRFLAG_DESCEND The tracing change should apply to the" 77specified process and all its current children. 78.El 79.Pp 80The 81.Fa trpoints 82parameter specifies the trace points of interest. 83The defined trace points are: 84.Bl -column KTRFAC_SYSCALLXXX -offset indent 85.It "KTRFAC_SYSCALL Trace system calls." 86.It "KTRFAC_SYSRET Trace return values from system calls." 87.It "KTRFAC_NAMEI Trace name lookup operations." 88.It "KTRFAC_GENIO Trace all I/O (note that this option can" 89generate much output). 90.It "KTRFAC_PSIG Trace posted signals." 91.It "KTRFAC_CSW Trace context switch points." 92.It "KTRFAC_INHERIT Inherit tracing to future children." 93.El 94.Pp 95Each tracing event outputs a record composed of a generic header 96followed by a trace point specific structure. 97The generic header is: 98.Bd -literal 99struct ktr_header { 100 int ktr_len; /* length of buf */ 101 short ktr_type; /* trace record type */ 102 pid_t ktr_pid; /* process id */ 103 char ktr_comm[MAXCOMLEN+1]; /* command name */ 104 struct timeval ktr_time; /* timestamp */ 105 caddr_t ktr_buf; 106}; 107.Ed 108.Pp 109The 110.Va ktr_len 111field specifies the length of the 112.Va ktr_type 113data that follows this header. 114The 115.Va ktr_pid 116and 117.Va ktr_comm 118fields specify the process and command generating the record. 119The 120.Va ktr_time 121field gives the time (with microsecond resolution) 122that the record was generated. 123The 124.Va ktr_buf 125is an internal kernel pointer and is not useful. 126.Pp 127The generic header is followed by 128.Va ktr_len 129bytes of a 130.Va ktr_type 131record. 132The type specific records are defined in the 133.In sys/ktrace.h 134include file. 135.Sh RETURN VALUES 136.Rv -std ktrace 137.Sh ERRORS 138The 139.Fn ktrace 140will fail if: 141.Bl -tag -width Er 142.It Bq Er ENOTDIR 143A component of the path prefix is not a directory. 144.It Bq Er ENAMETOOLONG 145A component of a pathname exceeded 255 characters, 146or an entire path name exceeded 1023 characters. 147.It Bq Er ENOENT 148The named tracefile does not exist. 149.It Bq Er EACCES 150Search permission is denied for a component of the path prefix. 151.It Bq Er ELOOP 152Too many symbolic links were encountered in translating the pathname. 153.It Bq Er EIO 154An I/O error occurred while reading from or writing to the file system. 155.It Bq Er ENOSYS 156The kernel was not compiled with 157.Nm 158support. 159.El 160.Sh SEE ALSO 161.Xr kdump 1 , 162.Xr ktrace 1 , 163.Xr utrace 2 164.Sh HISTORY 165A 166.Fn ktrace 167function call first appeared in 168.Bx 4.4 . 169