1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd November 2, 2022 29.Dt KTRACE 2 30.Os 31.Sh NAME 32.Nm ktrace 33.Nd process tracing 34.Sh LIBRARY 35.Lb libc 36.Sh SYNOPSIS 37.In sys/param.h 38.In sys/time.h 39.In sys/uio.h 40.In sys/ktrace.h 41.Ft int 42.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid" 43.Sh DESCRIPTION 44The 45.Fn ktrace 46system call enables or disables tracing of one or more processes. 47Users may only trace their own processes. 48Only the super-user can trace setuid or setgid programs. 49.Pp 50The 51.Fa tracefile 52argument 53gives the pathname of the file to be used for tracing. 54The file must exist and be a regular file writable by the calling process. 55All trace records are always appended to the file, 56so the file must be truncated to zero length to discard 57previous trace data. 58If tracing points are being disabled (see KTROP_CLEAR below), 59.Fa tracefile 60may be NULL. 61.Pp 62The 63.Fa ops 64argument specifies the requested ktrace operation. 65The defined operations are: 66.Bl -column KTRFLAG_DESCENDXXX -offset indent 67.It KTROP_SET Ta "Enable trace points specified in" 68.Fa trpoints . 69.It KTROP_CLEAR Ta "Disable trace points specified in" 70.Fa trpoints . 71.It KTROP_CLEARFILE Ta "Stop all tracing." 72.It KTRFLAG_DESCEND Ta "The tracing change should apply to the" 73specified process and all its current children. 74.El 75.Pp 76The 77.Fa trpoints 78argument specifies the trace points of interest. 79The defined trace points are: 80.Bl -column KTRFAC_PROCCTORXXX -offset indent 81.It KTRFAC_SYSCALL Ta "Trace system calls." 82.It KTRFAC_SYSRET Ta "Trace return values from system calls." 83.It KTRFAC_NAMEI Ta "Trace name lookup operations." 84.It KTRFAC_GENIO Ta "Trace all I/O (note that this option can" 85generate much output). 86.It KTRFAC_PSIG Ta "Trace posted signals." 87.It KTRFAC_CSW Ta "Trace context switch points." 88.It KTRFAC_USER Ta "Trace application-specific events." 89.It KTRFAC_STRUCT Ta "Trace certain data structures." 90.It KTRFAC_SYSCTL Ta "Trace sysctls." 91.It KTRFAC_PROCCTOR Ta "Trace process construction." 92.It KTRFAC_PROCDTOR Ta "Trace process destruction." 93.It KTRFAC_CAPFAIL Ta "Trace capability failures." 94.It KTRFAC_FAULT Ta "Trace page faults." 95.It KTRFAC_FAULTEND Ta "Trace the end of page faults." 96.It KTRFAC_STRUCT_ARRAY Ta "Trace arrays of certain data structures." 97.It KTRFAC_INHERIT Ta "Inherit tracing to future children." 98.El 99.Pp 100Each tracing event outputs a record composed of a generic header 101followed by a trace point specific structure. 102The generic header is: 103.Bd -literal 104struct ktr_header { 105 int ktr_len; /* length of buf */ 106 short ktr_type; /* trace record type */ 107 pid_t ktr_pid; /* process id */ 108 char ktr_comm[MAXCOMLEN+1]; /* command name */ 109 struct timeval ktr_time; /* timestamp */ 110 long ktr_tid; /* thread id */ 111}; 112.Ed 113.Pp 114The 115.Va ktr_len 116field specifies the length of the 117.Va ktr_type 118data that follows this header. 119The 120.Va ktr_pid 121and 122.Va ktr_comm 123fields specify the process and command generating the record. 124The 125.Va ktr_time 126field gives the time (with microsecond resolution) 127that the record was generated. 128The 129.Va ktr_tid 130field holds a thread id. 131.Pp 132The generic header is followed by 133.Va ktr_len 134bytes of a 135.Va ktr_type 136record. 137The type specific records are defined in the 138.In sys/ktrace.h 139include file. 140.Sh SYSCTL TUNABLES 141The following 142.Xr sysctl 8 143tunables influence the behaviour of 144.Fn ktrace : 145.Bl -tag -width indent 146.It Va kern.ktrace.genio_size 147bounds the amount of data a traced I/O request will log 148to the trace file. 149.It Va kern.ktrace.request_pool 150bounds the number of trace events being logged at a time. 151.El 152.Pp 153Sysctl tunables that control process debuggability (as determined by 154.Xr p_candebug 9 ) 155also affect the operation of 156.Fn ktrace . 157.Sh RETURN VALUES 158.Rv -std ktrace 159.Sh ERRORS 160The 161.Fn ktrace 162system call 163will fail if: 164.Bl -tag -width Er 165.It Bq Er ENOTDIR 166A component of the path prefix is not a directory. 167.It Bq Er ENAMETOOLONG 168A component of a pathname exceeded 255 characters, 169or an entire path name exceeded 1023 characters. 170.It Bq Er ENOENT 171The named tracefile does not exist. 172.It Bq Er EACCES 173Search permission is denied for a component of the path prefix. 174.It Bq Er ELOOP 175Too many symbolic links were encountered in translating the pathname. 176.It Bq Er EIO 177An I/O error occurred while reading from or writing to the file system. 178.It Bq Er EINTEGRITY 179Corrupted data was detected while reading from the file system. 180.It Bq Er ENOSYS 181The kernel was not compiled with 182.Nm 183support. 184.El 185.Pp 186A thread may be unable to log one or more tracing events due to a 187temporary shortage of resources. 188This condition is remembered by the kernel, and the next tracing request 189that succeeds will have the flag 190.Li KTR_DROP 191set in its 192.Va ktr_type 193field. 194.Sh SEE ALSO 195.Xr kdump 1 , 196.Xr ktrace 1 , 197.Xr utrace 2 , 198.Xr sysctl 8 , 199.Xr p_candebug 9 200.Sh HISTORY 201The 202.Fn ktrace 203system call first appeared in 204.Bx 4.4 . 205