1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)ktrace.2 8.1 (Berkeley) 6/4/93 29.\" $FreeBSD: src/lib/libc/sys/ktrace.2,v 1.9.2.7 2001/12/14 18:34:01 ru Exp $ 30.\" 31.Dd November 24, 2019 32.Dt KTRACE 2 33.Os 34.Sh NAME 35.Nm ktrace 36.Nd process tracing 37.Sh LIBRARY 38.Lb libc 39.Sh SYNOPSIS 40.In sys/param.h 41.In sys/time.h 42.In sys/ktrace.h 43.Ft int 44.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid" 45.Sh DESCRIPTION 46The 47.Fn ktrace 48function enables or disables tracing of one or more processes. 49Users may only trace their own processes. 50By default only the super-user can trace setuid or setgid programs. 51This restriction can be removed by setting the sysctl 52.Va kern.ktrace_suid 53to a non-zero value. 54.Pp 55The 56.Fa tracefile 57gives the pathname of the file to be used for tracing. 58The file must exist and be a regular file writable by the calling process. 59All trace records are always appended to the file, 60so the file must be truncated to zero length to discard 61previous trace data. 62If tracing points are being disabled (see 63.Dv KTROP_CLEAR 64below), 65.Fa tracefile 66may be NULL. 67.Pp 68The 69.Fa ops 70parameter specifies the requested ktrace operation. 71The defined operations are: 72.Pp 73.Bl -tag -width KTRFAC_SYSCALLXXXXXX -compact -offset indent 74.It Dv KTROP_SET 75Enable trace points specified in 76.Fa trpoints . 77.It Dv KTROP_CLEAR 78Disable trace points specified in 79.Fa trpoints . 80.It Dv KTROP_CLEARFILE 81Stop all tracing. 82.It Dv KTRFLAG_DESCEND 83The tracing change should apply to the 84specified process and all its current children. 85.El 86.Pp 87The 88.Fa trpoints 89parameter specifies the trace points of interest. 90The defined trace points are: 91.Pp 92.Bl -tag -width KTRFAC_SYSCALLXXXXXX -compact -offset indent 93.It Dv KTRFAC_SYSCALL 94Trace system calls. 95.It Dv KTRFAC_SYSRET 96Trace return values from system calls. 97.It Dv KTRFAC_NAMEI 98Trace name lookup operations. 99.It Dv KTRFAC_GENIO 100Trace all I/O (note that this option can 101generate much output). 102.It Dv KTRFAC_PSIG 103Trace posted signals. 104.It Dv KTRFAC_CSW 105Trace context switch points. 106.It Dv KTRFAC_INHERIT 107Inherit tracing to future children. 108.El 109.Pp 110Each tracing event outputs a record composed of a generic header 111followed by a trace point specific structure. 112The generic header is: 113.Bd -literal 114struct ktr_header { 115 int ktr_len; /* length of buf */ 116 short ktr_type; /* trace record type */ 117 pid_t ktr_pid; /* process id */ 118 char ktr_comm[MAXCOMLEN+1]; /* command name */ 119 struct timeval ktr_time; /* timestamp */ 120 caddr_t ktr_buf; 121}; 122.Ed 123.Pp 124The 125.Va ktr_len 126field specifies the length of the 127.Va ktr_type 128data that follows this header. 129The 130.Va ktr_pid 131and 132.Va ktr_comm 133fields specify the process and command generating the record. 134The 135.Va ktr_time 136field gives the time (with microsecond resolution) 137that the record was generated. 138The 139.Va ktr_buf 140is an internal kernel pointer and is not useful. 141.Pp 142The generic header is followed by 143.Va ktr_len 144bytes of a 145.Va ktr_type 146record. 147The type specific records are defined in the 148.In sys/ktrace.h 149include file. 150.Sh RETURN VALUES 151.Rv -std ktrace 152.Sh ERRORS 153The 154.Fn ktrace 155will fail if: 156.Bl -tag -width Er 157.It Bq Er ENOTDIR 158A component of the path prefix is not a directory. 159.It Bq Er ENAMETOOLONG 160A component of a pathname exceeded 255 characters, 161or an entire path name exceeded 1023 characters. 162.It Bq Er ENOENT 163The named tracefile does not exist. 164.It Bq Er EACCES 165Search permission is denied for a component of the path prefix. 166.It Bq Er ELOOP 167Too many symbolic links were encountered in translating the pathname. 168.It Bq Er EIO 169An I/O error occurred while reading from or writing to the file system. 170.It Bq Er ENOSYS 171The kernel was not compiled with 172.Nm 173support. 174.El 175.Sh SEE ALSO 176.Xr kdump 1 , 177.Xr ktrace 1 , 178.Xr utrace 2 179.Sh HISTORY 180A 181.Fn ktrace 182function call first appeared in 183.Bx 4.4 . 184