xref: /freebsd/usr.bin/kdump/kdump.c (revision 4ce386ff25d77954b8cfa11534f632172e848244)
1 /*-
2  * Copyright (c) 1988, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #ifndef lint
31 static const char copyright[] =
32 "@(#) Copyright (c) 1988, 1993\n\
33 	The Regents of the University of California.  All rights reserved.\n";
34 #endif /* not lint */
35 
36 #ifndef lint
37 #if 0
38 static char sccsid[] = "@(#)kdump.c	8.1 (Berkeley) 6/6/93";
39 #endif
40 #endif /* not lint */
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
43 
44 #define _KERNEL
45 extern int errno;
46 #include <sys/errno.h>
47 #undef _KERNEL
48 #include <sys/param.h>
49 #include <sys/capsicum.h>
50 #include <sys/errno.h>
51 #define _KERNEL
52 #include <sys/time.h>
53 #undef _KERNEL
54 #include <sys/uio.h>
55 #include <sys/ktrace.h>
56 #include <sys/ioctl.h>
57 #include <sys/socket.h>
58 #include <sys/stat.h>
59 #include <sys/sysent.h>
60 #include <sys/umtx.h>
61 #include <sys/un.h>
62 #include <sys/queue.h>
63 #include <sys/wait.h>
64 #include <arpa/inet.h>
65 #include <netinet/in.h>
66 #include <ctype.h>
67 #include <dlfcn.h>
68 #include <err.h>
69 #include <grp.h>
70 #include <inttypes.h>
71 #ifdef HAVE_LIBCAPSICUM
72 #include <libcapsicum.h>
73 #include <libcapsicum_grp.h>
74 #include <libcapsicum_pwd.h>
75 #include <libcapsicum_service.h>
76 #endif
77 #include <locale.h>
78 #include <netdb.h>
79 #include <nl_types.h>
80 #ifdef HAVE_LIBCAPSICUM
81 #include <nv.h>
82 #endif
83 #include <pwd.h>
84 #include <stdio.h>
85 #include <stdlib.h>
86 #include <string.h>
87 #include <termios.h>
88 #include <time.h>
89 #include <unistd.h>
90 #include <vis.h>
91 #include "ktrace.h"
92 #include "kdump_subr.h"
93 
94 u_int abidump(struct ktr_header *);
95 int fetchprocinfo(struct ktr_header *, u_int *);
96 int fread_tail(void *, int, int);
97 void dumpheader(struct ktr_header *);
98 void ktrsyscall(struct ktr_syscall *, u_int);
99 void ktrsysret(struct ktr_sysret *, u_int);
100 void ktrnamei(char *, int);
101 void hexdump(char *, int, int);
102 void visdump(char *, int, int);
103 void ktrgenio(struct ktr_genio *, int);
104 void ktrpsig(struct ktr_psig *);
105 void ktrcsw(struct ktr_csw *);
106 void ktrcsw_old(struct ktr_csw_old *);
107 void ktruser_malloc(void *);
108 void ktruser_rtld(int, void *);
109 void ktruser(int, void *);
110 void ktrcaprights(cap_rights_t *);
111 void ktrsockaddr(struct sockaddr *);
112 void ktrstat(struct stat *);
113 void ktrstruct(char *, size_t);
114 void ktrcapfail(struct ktr_cap_fail *);
115 void ktrfault(struct ktr_fault *);
116 void ktrfaultend(struct ktr_faultend *);
117 void limitfd(int fd);
118 void usage(void);
119 void ioctlname(unsigned long, int);
120 
121 #define	TIMESTAMP_NONE		0x0
122 #define	TIMESTAMP_ABSOLUTE	0x1
123 #define	TIMESTAMP_ELAPSED	0x2
124 #define	TIMESTAMP_RELATIVE	0x4
125 
126 extern const char *signames[], *syscallnames[];
127 extern int nsyscalls;
128 
129 static int timestamp, decimal, fancy = 1, suppressdata, tail, threads, maxdata,
130     resolv = 0, abiflag = 0, syscallno = 0;
131 static const char *tracefile = DEF_TRACEFILE;
132 static struct ktr_header ktr_header;
133 
134 #define TIME_FORMAT	"%b %e %T %Y"
135 #define eqs(s1, s2)	(strcmp((s1), (s2)) == 0)
136 
137 #define print_number(i,n,c) do {					\
138 	if (decimal)							\
139 		printf("%c%jd", c, (intmax_t)*i);			\
140 	else								\
141 		printf("%c%#jx", c, (uintmax_t)(u_register_t)*i);	\
142 	i++;								\
143 	n--;								\
144 	c = ',';							\
145 } while (0)
146 
147 #if defined(__amd64__) || defined(__i386__)
148 
149 void linux_ktrsyscall(struct ktr_syscall *);
150 void linux_ktrsysret(struct ktr_sysret *);
151 extern const char *linux_syscallnames[];
152 
153 #include <linux_syscalls.c>
154 static int nlinux_syscalls = sizeof(linux_syscallnames) / \
155 				sizeof(linux_syscallnames[0]);
156 
157 /*
158  * from linux.h
159  * Linux syscalls return negative errno's, we do positive and map them
160  */
161 static int bsd_to_linux_errno[ELAST + 1] = {
162 	-0,  -1,  -2,  -3,  -4,  -5,  -6,  -7,  -8,  -9,
163 	-10, -35, -12, -13, -14, -15, -16, -17, -18, -19,
164 	-20, -21, -22, -23, -24, -25, -26, -27, -28, -29,
165 	-30, -31, -32, -33, -34, -11,-115,-114, -88, -89,
166 	-90, -91, -92, -93, -94, -95, -96, -97, -98, -99,
167 	-100,-101,-102,-103,-104,-105,-106,-107,-108,-109,
168 	-110,-111, -40, -36,-112,-113, -39, -11, -87,-122,
169 	-116, -66,  -6,  -6,  -6,  -6,  -6, -37, -38,  -9,
170 	-6,  -6, -43, -42, -75,-125, -84, -95, -16, -74,
171 	-72, -67, -71
172 };
173 #endif
174 
175 struct proc_info
176 {
177 	TAILQ_ENTRY(proc_info)	info;
178 	u_int			sv_flags;
179 	pid_t			pid;
180 };
181 
182 static TAILQ_HEAD(trace_procs, proc_info) trace_procs;
183 
184 #ifdef HAVE_LIBCAPSICUM
185 static cap_channel_t *cappwd, *capgrp;
186 #endif
187 
188 static void
189 strerror_init(void)
190 {
191 
192 	/*
193 	 * Cache NLS data before entering capability mode.
194 	 * XXXPJD: There should be strerror_init() and strsignal_init() in libc.
195 	 */
196 	(void)catopen("libc", NL_CAT_LOCALE);
197 }
198 
199 static void
200 localtime_init(void)
201 {
202 	time_t ltime;
203 
204 	/*
205 	 * Allow localtime(3) to cache /etc/localtime content before entering
206 	 * capability mode.
207 	 * XXXPJD: There should be localtime_init() in libc.
208 	 */
209 	(void)time(&ltime);
210 	(void)localtime(&ltime);
211 }
212 
213 #ifdef HAVE_LIBCAPSICUM
214 static int
215 cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp)
216 {
217 	cap_channel_t *capcas, *cappwdloc, *capgrploc;
218 	const char *cmds[1], *fields[1];
219 
220 	capcas = cap_init();
221 	if (capcas == NULL) {
222 		warn("unable to contact casperd");
223 		return (-1);
224 	}
225 	cappwdloc = cap_service_open(capcas, "system.pwd");
226 	capgrploc = cap_service_open(capcas, "system.grp");
227 	/* Casper capability no longer needed. */
228 	cap_close(capcas);
229 	if (cappwdloc == NULL || capgrploc == NULL) {
230 		if (cappwdloc == NULL)
231 			warn("unable to open system.pwd service");
232 		if (capgrploc == NULL)
233 			warn("unable to open system.grp service");
234 		exit(1);
235 	}
236 	/* Limit system.pwd to only getpwuid() function and pw_name field. */
237 	cmds[0] = "getpwuid";
238 	if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0)
239 		err(1, "unable to limit system.pwd service");
240 	fields[0] = "pw_name";
241 	if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0)
242 		err(1, "unable to limit system.pwd service");
243 	/* Limit system.grp to only getgrgid() function and gr_name field. */
244 	cmds[0] = "getgrgid";
245 	if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0)
246 		err(1, "unable to limit system.grp service");
247 	fields[0] = "gr_name";
248 	if (cap_grp_limit_fields(capgrploc, fields, 1) < 0)
249 		err(1, "unable to limit system.grp service");
250 
251 	*cappwdp = cappwdloc;
252 	*capgrpp = capgrploc;
253 	return (0);
254 }
255 #endif	/* HAVE_LIBCAPSICUM */
256 
257 int
258 main(int argc, char *argv[])
259 {
260 	int ch, ktrlen, size;
261 	void *m;
262 	int trpoints = ALL_POINTS;
263 	int drop_logged;
264 	pid_t pid = 0;
265 	u_int sv_flags;
266 
267 	setlocale(LC_CTYPE, "");
268 
269 	timestamp = TIMESTAMP_NONE;
270 
271 	while ((ch = getopt(argc,argv,"f:dElm:np:AHRrSsTt:")) != -1)
272 		switch (ch) {
273 		case 'A':
274 			abiflag = 1;
275 			break;
276 		case 'f':
277 			tracefile = optarg;
278 			break;
279 		case 'd':
280 			decimal = 1;
281 			break;
282 		case 'l':
283 			tail = 1;
284 			break;
285 		case 'm':
286 			maxdata = atoi(optarg);
287 			break;
288 		case 'n':
289 			fancy = 0;
290 			break;
291 		case 'p':
292 			pid = atoi(optarg);
293 			break;
294 		case 'r':
295 			resolv = 1;
296 			break;
297 		case 'S':
298 			syscallno = 1;
299 			break;
300 		case 's':
301 			suppressdata = 1;
302 			break;
303 		case 'E':
304 			timestamp |= TIMESTAMP_ELAPSED;
305 			break;
306 		case 'H':
307 			threads = 1;
308 			break;
309 		case 'R':
310 			timestamp |= TIMESTAMP_RELATIVE;
311 			break;
312 		case 'T':
313 			timestamp |= TIMESTAMP_ABSOLUTE;
314 			break;
315 		case 't':
316 			trpoints = getpoints(optarg);
317 			if (trpoints < 0)
318 				errx(1, "unknown trace point in %s", optarg);
319 			break;
320 		default:
321 			usage();
322 		}
323 
324 	if (argc > optind)
325 		usage();
326 
327 	m = malloc(size = 1025);
328 	if (m == NULL)
329 		errx(1, "%s", strerror(ENOMEM));
330 	if (!freopen(tracefile, "r", stdin))
331 		err(1, "%s", tracefile);
332 
333 	strerror_init();
334 	localtime_init();
335 #ifdef HAVE_LIBCAPSICUM
336 	if (resolv != 0) {
337 		if (cappwdgrp_setup(&cappwd, &capgrp) < 0) {
338 			cappwd = NULL;
339 			capgrp = NULL;
340 		}
341 	}
342 	if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) {
343 		if (cap_enter() < 0 && errno != ENOSYS)
344 			err(1, "unable to enter capability mode");
345 	}
346 #else
347 	if (resolv == 0) {
348 		if (cap_enter() < 0 && errno != ENOSYS)
349 			err(1, "unable to enter capability mode");
350 	}
351 #endif
352 	limitfd(STDIN_FILENO);
353 	limitfd(STDOUT_FILENO);
354 	limitfd(STDERR_FILENO);
355 	if (cap_sandboxed())
356 		fprintf(stderr, "capability mode sandbox enabled\n");
357 
358 	TAILQ_INIT(&trace_procs);
359 	drop_logged = 0;
360 	while (fread_tail(&ktr_header, sizeof(struct ktr_header), 1)) {
361 		if (ktr_header.ktr_type & KTR_DROP) {
362 			ktr_header.ktr_type &= ~KTR_DROP;
363 			if (!drop_logged && threads) {
364 				printf(
365 				    "%6jd %6jd %-8.*s Events dropped.\n",
366 				    (intmax_t)ktr_header.ktr_pid,
367 				    ktr_header.ktr_tid > 0 ?
368 				    (intmax_t)ktr_header.ktr_tid : 0,
369 				    MAXCOMLEN, ktr_header.ktr_comm);
370 				drop_logged = 1;
371 			} else if (!drop_logged) {
372 				printf("%6jd %-8.*s Events dropped.\n",
373 				    (intmax_t)ktr_header.ktr_pid, MAXCOMLEN,
374 				    ktr_header.ktr_comm);
375 				drop_logged = 1;
376 			}
377 		}
378 		if (trpoints & (1<<ktr_header.ktr_type))
379 			if (pid == 0 || ktr_header.ktr_pid == pid ||
380 			    ktr_header.ktr_tid == pid)
381 				dumpheader(&ktr_header);
382 		if ((ktrlen = ktr_header.ktr_len) < 0)
383 			errx(1, "bogus length 0x%x", ktrlen);
384 		if (ktrlen > size) {
385 			m = realloc(m, ktrlen+1);
386 			if (m == NULL)
387 				errx(1, "%s", strerror(ENOMEM));
388 			size = ktrlen;
389 		}
390 		if (ktrlen && fread_tail(m, ktrlen, 1) == 0)
391 			errx(1, "data too short");
392 		if (fetchprocinfo(&ktr_header, (u_int *)m) != 0)
393 			continue;
394 		sv_flags = abidump(&ktr_header);
395 		if (pid && ktr_header.ktr_pid != pid &&
396 		    ktr_header.ktr_tid != pid)
397 			continue;
398 		if ((trpoints & (1<<ktr_header.ktr_type)) == 0)
399 			continue;
400 		drop_logged = 0;
401 		switch (ktr_header.ktr_type) {
402 		case KTR_SYSCALL:
403 #if defined(__amd64__) || defined(__i386__)
404 			if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX)
405 				linux_ktrsyscall((struct ktr_syscall *)m);
406 			else
407 #endif
408 				ktrsyscall((struct ktr_syscall *)m, sv_flags);
409 			break;
410 		case KTR_SYSRET:
411 #if defined(__amd64__) || defined(__i386__)
412 			if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX)
413 				linux_ktrsysret((struct ktr_sysret *)m);
414 			else
415 #endif
416 				ktrsysret((struct ktr_sysret *)m, sv_flags);
417 			break;
418 		case KTR_NAMEI:
419 		case KTR_SYSCTL:
420 			ktrnamei(m, ktrlen);
421 			break;
422 		case KTR_GENIO:
423 			ktrgenio((struct ktr_genio *)m, ktrlen);
424 			break;
425 		case KTR_PSIG:
426 			ktrpsig((struct ktr_psig *)m);
427 			break;
428 		case KTR_CSW:
429 			if (ktrlen == sizeof(struct ktr_csw_old))
430 				ktrcsw_old((struct ktr_csw_old *)m);
431 			else
432 				ktrcsw((struct ktr_csw *)m);
433 			break;
434 		case KTR_USER:
435 			ktruser(ktrlen, m);
436 			break;
437 		case KTR_STRUCT:
438 			ktrstruct(m, ktrlen);
439 			break;
440 		case KTR_CAPFAIL:
441 			ktrcapfail((struct ktr_cap_fail *)m);
442 			break;
443 		case KTR_FAULT:
444 			ktrfault((struct ktr_fault *)m);
445 			break;
446 		case KTR_FAULTEND:
447 			ktrfaultend((struct ktr_faultend *)m);
448 			break;
449 		default:
450 			printf("\n");
451 			break;
452 		}
453 		if (tail)
454 			fflush(stdout);
455 	}
456 	return 0;
457 }
458 
459 void
460 limitfd(int fd)
461 {
462 	cap_rights_t rights;
463 	unsigned long cmd;
464 
465 	cap_rights_init(&rights, CAP_FSTAT);
466 	cmd = 0;
467 
468 	switch (fd) {
469 	case STDIN_FILENO:
470 		cap_rights_set(&rights, CAP_READ);
471 		break;
472 	case STDOUT_FILENO:
473 		cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
474 		cmd = TIOCGETA;	/* required by isatty(3) in printf(3) */
475 		break;
476 	case STDERR_FILENO:
477 		cap_rights_set(&rights, CAP_WRITE);
478 		if (!suppressdata) {
479 			cap_rights_set(&rights, CAP_IOCTL);
480 			cmd = TIOCGWINSZ;
481 		}
482 		break;
483 	default:
484 		abort();
485 	}
486 
487 	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
488 		err(1, "unable to limit rights for descriptor %d", fd);
489 	if (cmd != 0 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
490 		err(1, "unable to limit ioctls for descriptor %d", fd);
491 }
492 
493 int
494 fread_tail(void *buf, int size, int num)
495 {
496 	int i;
497 
498 	while ((i = fread(buf, size, num, stdin)) == 0 && tail) {
499 		sleep(1);
500 		clearerr(stdin);
501 	}
502 	return (i);
503 }
504 
505 int
506 fetchprocinfo(struct ktr_header *kth, u_int *flags)
507 {
508 	struct proc_info *pi;
509 
510 	switch (kth->ktr_type) {
511 	case KTR_PROCCTOR:
512 		TAILQ_FOREACH(pi, &trace_procs, info) {
513 			if (pi->pid == kth->ktr_pid) {
514 				TAILQ_REMOVE(&trace_procs, pi, info);
515 				break;
516 			}
517 		}
518 		pi = malloc(sizeof(struct proc_info));
519 		if (pi == NULL)
520 			errx(1, "%s", strerror(ENOMEM));
521 		pi->sv_flags = *flags;
522 		pi->pid = kth->ktr_pid;
523 		TAILQ_INSERT_TAIL(&trace_procs, pi, info);
524 		return (1);
525 
526 	case KTR_PROCDTOR:
527 		TAILQ_FOREACH(pi, &trace_procs, info) {
528 			if (pi->pid == kth->ktr_pid) {
529 				TAILQ_REMOVE(&trace_procs, pi, info);
530 				free(pi);
531 				break;
532 			}
533 		}
534 		return (1);
535 	}
536 
537 	return (0);
538 }
539 
540 u_int
541 abidump(struct ktr_header *kth)
542 {
543 	struct proc_info *pi;
544 	const char *abi;
545 	const char *arch;
546 	u_int flags = 0;
547 
548 	TAILQ_FOREACH(pi, &trace_procs, info) {
549 		if (pi->pid == kth->ktr_pid) {
550 			flags = pi->sv_flags;
551 			break;
552 		}
553 	}
554 
555 	if (abiflag == 0)
556 		return (flags);
557 
558 	switch (flags & SV_ABI_MASK) {
559 	case SV_ABI_LINUX:
560 		abi = "L";
561 		break;
562 	case SV_ABI_FREEBSD:
563 		abi = "F";
564 		break;
565 	default:
566 		abi = "U";
567 		break;
568 	}
569 
570 	if (flags != 0) {
571 		if (flags & SV_LP64)
572 			arch = "64";
573 		else
574 			arch = "32";
575 	} else
576 		arch = "00";
577 
578 	printf("%s%s  ", abi, arch);
579 
580 	return (flags);
581 }
582 
583 void
584 dumpheader(struct ktr_header *kth)
585 {
586 	static char unknown[64];
587 	static struct timeval prevtime, prevtime_e, temp;
588 	const char *type;
589 
590 	switch (kth->ktr_type) {
591 	case KTR_SYSCALL:
592 		type = "CALL";
593 		break;
594 	case KTR_SYSRET:
595 		type = "RET ";
596 		break;
597 	case KTR_NAMEI:
598 		type = "NAMI";
599 		break;
600 	case KTR_GENIO:
601 		type = "GIO ";
602 		break;
603 	case KTR_PSIG:
604 		type = "PSIG";
605 		break;
606 	case KTR_CSW:
607 		type = "CSW ";
608 		break;
609 	case KTR_USER:
610 		type = "USER";
611 		break;
612 	case KTR_STRUCT:
613 		type = "STRU";
614 		break;
615 	case KTR_SYSCTL:
616 		type = "SCTL";
617 		break;
618 	case KTR_PROCCTOR:
619 		/* FALLTHROUGH */
620 	case KTR_PROCDTOR:
621 		return;
622 	case KTR_CAPFAIL:
623 		type = "CAP ";
624 		break;
625 	case KTR_FAULT:
626 		type = "PFLT";
627 		break;
628 	case KTR_FAULTEND:
629 		type = "PRET";
630 		break;
631 	default:
632 		sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type);
633 		type = unknown;
634 	}
635 
636 	/*
637 	 * The ktr_tid field was previously the ktr_buffer field, which held
638 	 * the kernel pointer value for the buffer associated with data
639 	 * following the record header.  It now holds a threadid, but only
640 	 * for trace files after the change.  Older trace files still contain
641 	 * kernel pointers.  Detect this and suppress the results by printing
642 	 * negative tid's as 0.
643 	 */
644 	if (threads)
645 		printf("%6jd %6jd %-8.*s ", (intmax_t)kth->ktr_pid,
646 		    kth->ktr_tid > 0 ? (intmax_t)kth->ktr_tid : 0,
647 		    MAXCOMLEN, kth->ktr_comm);
648 	else
649 		printf("%6jd %-8.*s ", (intmax_t)kth->ktr_pid, MAXCOMLEN,
650 		    kth->ktr_comm);
651         if (timestamp) {
652 		if (timestamp & TIMESTAMP_ABSOLUTE) {
653 			printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
654 			    kth->ktr_time.tv_usec);
655 		}
656 		if (timestamp & TIMESTAMP_ELAPSED) {
657 			if (prevtime_e.tv_sec == 0)
658 				prevtime_e = kth->ktr_time;
659 			timevalsub(&kth->ktr_time, &prevtime_e);
660 			printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
661 			    kth->ktr_time.tv_usec);
662 			timevaladd(&kth->ktr_time, &prevtime_e);
663 		}
664 		if (timestamp & TIMESTAMP_RELATIVE) {
665 			temp = kth->ktr_time;
666 			timevalsub(&kth->ktr_time, &prevtime);
667 			prevtime = temp;
668 			printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
669 			    kth->ktr_time.tv_usec);
670 		}
671 	}
672 	printf("%s  ", type);
673 }
674 
675 #include <sys/syscall.h>
676 #define KTRACE
677 #include <sys/kern/syscalls.c>
678 #undef KTRACE
679 int nsyscalls = sizeof (syscallnames) / sizeof (syscallnames[0]);
680 
681 void
682 ktrsyscall(struct ktr_syscall *ktr, u_int flags)
683 {
684 	int narg = ktr->ktr_narg;
685 	register_t *ip;
686 	intmax_t arg;
687 
688 	if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) ||
689 	    (ktr->ktr_code >= nsyscalls || ktr->ktr_code < 0))
690 		printf("[%d]", ktr->ktr_code);
691 	else {
692 		printf("%s", syscallnames[ktr->ktr_code]);
693 		if (syscallno)
694 			printf("[%d]", ktr->ktr_code);
695 	}
696 	ip = &ktr->ktr_args[0];
697 	if (narg) {
698 		char c = '(';
699 		if (fancy &&
700 		    (flags == 0 || (flags & SV_ABI_MASK) == SV_ABI_FREEBSD)) {
701 			switch (ktr->ktr_code) {
702 			case SYS_bindat:
703 			case SYS_connectat:
704 			case SYS_faccessat:
705 			case SYS_fchmodat:
706 			case SYS_fchownat:
707 			case SYS_fstatat:
708 			case SYS_futimesat:
709 			case SYS_linkat:
710 			case SYS_mkdirat:
711 			case SYS_mkfifoat:
712 			case SYS_mknodat:
713 			case SYS_openat:
714 			case SYS_readlinkat:
715 			case SYS_renameat:
716 			case SYS_unlinkat:
717 			case SYS_utimensat:
718 				putchar('(');
719 				atfdname(*ip, decimal);
720 				c = ',';
721 				ip++;
722 				narg--;
723 				break;
724 			}
725 			switch (ktr->ktr_code) {
726 			case SYS_ioctl: {
727 				print_number(ip, narg, c);
728 				putchar(c);
729 				ioctlname(*ip, decimal);
730 				c = ',';
731 				ip++;
732 				narg--;
733 				break;
734 			}
735 			case SYS_ptrace:
736 				putchar('(');
737 				ptraceopname(*ip);
738 				c = ',';
739 				ip++;
740 				narg--;
741 				break;
742 			case SYS_access:
743 			case SYS_eaccess:
744 			case SYS_faccessat:
745 				print_number(ip, narg, c);
746 				putchar(',');
747 				accessmodename(*ip);
748 				ip++;
749 				narg--;
750 				break;
751 			case SYS_open:
752 			case SYS_openat:
753 				print_number(ip, narg, c);
754 				putchar(',');
755 				flagsandmodename(ip[0], ip[1], decimal);
756 				ip += 2;
757 				narg -= 2;
758 				break;
759 			case SYS_wait4:
760 				print_number(ip, narg, c);
761 				print_number(ip, narg, c);
762 				/*
763 				 * A flags value of zero is valid for
764 				 * wait4() but not for wait6(), so
765 				 * handle zero special here.
766 				 */
767 				if (*ip == 0) {
768 					print_number(ip, narg, c);
769 				} else {
770 					putchar(',');
771 					wait6optname(*ip);
772 					ip++;
773 					narg--;
774 				}
775 				break;
776 			case SYS_wait6:
777 				putchar('(');
778 				idtypename(*ip, decimal);
779 				c = ',';
780 				ip++;
781 				narg--;
782 				print_number(ip, narg, c);
783 				print_number(ip, narg, c);
784 				putchar(',');
785 				wait6optname(*ip);
786 				ip++;
787 				narg--;
788 				break;
789 			case SYS_chmod:
790 			case SYS_fchmod:
791 			case SYS_lchmod:
792 				print_number(ip, narg, c);
793 				putchar(',');
794 				modename(*ip);
795 				ip++;
796 				narg--;
797 				break;
798 			case SYS_mknod:
799 			case SYS_mknodat:
800 				print_number(ip, narg, c);
801 				putchar(',');
802 				modename(*ip);
803 				ip++;
804 				narg--;
805 				break;
806 			case SYS_getfsstat:
807 				print_number(ip, narg, c);
808 				print_number(ip, narg, c);
809 				putchar(',');
810 				getfsstatflagsname(*ip);
811 				ip++;
812 				narg--;
813 				break;
814 			case SYS_mount:
815 				print_number(ip, narg, c);
816 				print_number(ip, narg, c);
817 				putchar(',');
818 				mountflagsname(*ip);
819 				ip++;
820 				narg--;
821 				break;
822 			case SYS_unmount:
823 				print_number(ip, narg, c);
824 				putchar(',');
825 				mountflagsname(*ip);
826 				ip++;
827 				narg--;
828 				break;
829 			case SYS_recvmsg:
830 			case SYS_sendmsg:
831 				print_number(ip, narg, c);
832 				print_number(ip, narg, c);
833 				putchar(',');
834 				sendrecvflagsname(*ip);
835 				ip++;
836 				narg--;
837 				break;
838 			case SYS_recvfrom:
839 			case SYS_sendto:
840 				print_number(ip, narg, c);
841 				print_number(ip, narg, c);
842 				print_number(ip, narg, c);
843 				putchar(',');
844 				sendrecvflagsname(*ip);
845 				ip++;
846 				narg--;
847 				break;
848 			case SYS_chflags:
849 			case SYS_fchflags:
850 			case SYS_lchflags:
851 				print_number(ip, narg, c);
852 				putchar(',');
853 				modename(*ip);
854 				ip++;
855 				narg--;
856 				break;
857 			case SYS_kill:
858 				print_number(ip, narg, c);
859 				putchar(',');
860 				signame(*ip);
861 				ip++;
862 				narg--;
863 				break;
864 			case SYS_reboot:
865 				putchar('(');
866 				rebootoptname(*ip);
867 				ip++;
868 				narg--;
869 				break;
870 			case SYS_umask:
871 				putchar('(');
872 				modename(*ip);
873 				ip++;
874 				narg--;
875 				break;
876 			case SYS_msync:
877 				print_number(ip, narg, c);
878 				print_number(ip, narg, c);
879 				putchar(',');
880 				msyncflagsname(*ip);
881 				ip++;
882 				narg--;
883 				break;
884 #ifdef SYS_freebsd6_mmap
885 			case SYS_freebsd6_mmap:
886 				print_number(ip, narg, c);
887 				print_number(ip, narg, c);
888 				putchar(',');
889 				mmapprotname(*ip);
890 				putchar(',');
891 				ip++;
892 				narg--;
893 				mmapflagsname(*ip);
894 				ip++;
895 				narg--;
896 				break;
897 #endif
898 			case SYS_mmap:
899 				print_number(ip, narg, c);
900 				print_number(ip, narg, c);
901 				putchar(',');
902 				mmapprotname(*ip);
903 				putchar(',');
904 				ip++;
905 				narg--;
906 				mmapflagsname(*ip);
907 				ip++;
908 				narg--;
909 				break;
910 			case SYS_mprotect:
911 				print_number(ip, narg, c);
912 				print_number(ip, narg, c);
913 				putchar(',');
914 				mmapprotname(*ip);
915 				ip++;
916 				narg--;
917 				break;
918 			case SYS_madvise:
919 				print_number(ip, narg, c);
920 				print_number(ip, narg, c);
921 				putchar(',');
922 				madvisebehavname(*ip);
923 				ip++;
924 				narg--;
925 				break;
926 			case SYS_setpriority:
927 				print_number(ip, narg, c);
928 				print_number(ip, narg, c);
929 				putchar(',');
930 				prioname(*ip);
931 				ip++;
932 				narg--;
933 				break;
934 			case SYS_fcntl:
935 				print_number(ip, narg, c);
936 				putchar(',');
937 				fcntlcmdname(ip[0], ip[1], decimal);
938 				ip += 2;
939 				narg -= 2;
940 				break;
941 			case SYS_socket: {
942 				int sockdomain;
943 				putchar('(');
944 				sockdomain = *ip;
945 				sockdomainname(sockdomain);
946 				ip++;
947 				narg--;
948 				putchar(',');
949 				socktypenamewithflags(*ip);
950 				ip++;
951 				narg--;
952 				if (sockdomain == PF_INET ||
953 				    sockdomain == PF_INET6) {
954 					putchar(',');
955 					sockipprotoname(*ip);
956 					ip++;
957 					narg--;
958 				}
959 				c = ',';
960 				break;
961 			}
962 			case SYS_setsockopt:
963 			case SYS_getsockopt:
964 				print_number(ip, narg, c);
965 				putchar(',');
966 				sockoptlevelname(*ip, decimal);
967 				if (*ip == SOL_SOCKET) {
968 					ip++;
969 					narg--;
970 					putchar(',');
971 					sockoptname(*ip);
972 				}
973 				ip++;
974 				narg--;
975 				break;
976 #ifdef SYS_freebsd6_lseek
977 			case SYS_freebsd6_lseek:
978 				print_number(ip, narg, c);
979 				/* Hidden 'pad' argument, not in lseek(2) */
980 				print_number(ip, narg, c);
981 				print_number(ip, narg, c);
982 				putchar(',');
983 				whencename(*ip);
984 				ip++;
985 				narg--;
986 				break;
987 #endif
988 			case SYS_lseek:
989 				print_number(ip, narg, c);
990 				/* Hidden 'pad' argument, not in lseek(2) */
991 				print_number(ip, narg, c);
992 				putchar(',');
993 				whencename(*ip);
994 				ip++;
995 				narg--;
996 				break;
997 			case SYS_flock:
998 				print_number(ip, narg, c);
999 				putchar(',');
1000 				flockname(*ip);
1001 				ip++;
1002 				narg--;
1003 				break;
1004 			case SYS_mkfifo:
1005 			case SYS_mkfifoat:
1006 			case SYS_mkdir:
1007 			case SYS_mkdirat:
1008 				print_number(ip, narg, c);
1009 				putchar(',');
1010 				modename(*ip);
1011 				ip++;
1012 				narg--;
1013 				break;
1014 			case SYS_shutdown:
1015 				print_number(ip, narg, c);
1016 				putchar(',');
1017 				shutdownhowname(*ip);
1018 				ip++;
1019 				narg--;
1020 				break;
1021 			case SYS_socketpair:
1022 				putchar('(');
1023 				sockdomainname(*ip);
1024 				ip++;
1025 				narg--;
1026 				putchar(',');
1027 				socktypenamewithflags(*ip);
1028 				ip++;
1029 				narg--;
1030 				c = ',';
1031 				break;
1032 			case SYS_getrlimit:
1033 			case SYS_setrlimit:
1034 				putchar('(');
1035 				rlimitname(*ip);
1036 				ip++;
1037 				narg--;
1038 				c = ',';
1039 				break;
1040 			case SYS_quotactl:
1041 				print_number(ip, narg, c);
1042 				putchar(',');
1043 				quotactlname(*ip);
1044 				ip++;
1045 				narg--;
1046 				c = ',';
1047 				break;
1048 			case SYS_nfssvc:
1049 				putchar('(');
1050 				nfssvcname(*ip);
1051 				ip++;
1052 				narg--;
1053 				c = ',';
1054 				break;
1055 			case SYS_rtprio:
1056 				putchar('(');
1057 				rtprioname(*ip);
1058 				ip++;
1059 				narg--;
1060 				c = ',';
1061 				break;
1062 			case SYS___semctl:
1063 				print_number(ip, narg, c);
1064 				print_number(ip, narg, c);
1065 				putchar(',');
1066 				semctlname(*ip);
1067 				ip++;
1068 				narg--;
1069 				break;
1070 			case SYS_semget:
1071 				print_number(ip, narg, c);
1072 				print_number(ip, narg, c);
1073 				putchar(',');
1074 				semgetname(*ip);
1075 				ip++;
1076 				narg--;
1077 				break;
1078 			case SYS_msgctl:
1079 				print_number(ip, narg, c);
1080 				putchar(',');
1081 				shmctlname(*ip);
1082 				ip++;
1083 				narg--;
1084 				break;
1085 			case SYS_shmat:
1086 				print_number(ip, narg, c);
1087 				print_number(ip, narg, c);
1088 				putchar(',');
1089 				shmatname(*ip);
1090 				ip++;
1091 				narg--;
1092 				break;
1093 			case SYS_shmctl:
1094 				print_number(ip, narg, c);
1095 				putchar(',');
1096 				shmctlname(*ip);
1097 				ip++;
1098 				narg--;
1099 				break;
1100 			case SYS_shm_open:
1101 				print_number(ip, narg, c);
1102 				putchar(',');
1103 				flagsname(ip[0]);
1104 				printf(",0%o", (unsigned int)ip[1]);
1105 				ip += 3;
1106 				narg -= 3;
1107 				break;
1108 			case SYS_minherit:
1109 				print_number(ip, narg, c);
1110 				print_number(ip, narg, c);
1111 				putchar(',');
1112 				minheritname(*ip);
1113 				ip++;
1114 				narg--;
1115 				break;
1116 			case SYS_rfork:
1117 				putchar('(');
1118 				rforkname(*ip);
1119 				ip++;
1120 				narg--;
1121 				c = ',';
1122 				break;
1123 			case SYS_lio_listio:
1124 				putchar('(');
1125 				lio_listioname(*ip);
1126 				ip++;
1127 				narg--;
1128 				c = ',';
1129 				break;
1130 			case SYS_mlockall:
1131 				putchar('(');
1132 				mlockallname(*ip);
1133 				ip++;
1134 				narg--;
1135 				break;
1136 			case SYS_sched_setscheduler:
1137 				print_number(ip, narg, c);
1138 				putchar(',');
1139 				schedpolicyname(*ip);
1140 				ip++;
1141 				narg--;
1142 				break;
1143 			case SYS_sched_get_priority_max:
1144 			case SYS_sched_get_priority_min:
1145 				putchar('(');
1146 				schedpolicyname(*ip);
1147 				ip++;
1148 				narg--;
1149 				break;
1150 			case SYS_sendfile:
1151 				print_number(ip, narg, c);
1152 				print_number(ip, narg, c);
1153 				print_number(ip, narg, c);
1154 				print_number(ip, narg, c);
1155 				print_number(ip, narg, c);
1156 				print_number(ip, narg, c);
1157 				putchar(',');
1158 				sendfileflagsname(*(int *)ip);
1159 				ip++;
1160 				narg--;
1161 				break;
1162 			case SYS_kldsym:
1163 				print_number(ip, narg, c);
1164 				putchar(',');
1165 				kldsymcmdname(*ip);
1166 				ip++;
1167 				narg--;
1168 				break;
1169 			case SYS_sigprocmask:
1170 				putchar('(');
1171 				sigprocmaskhowname(*ip);
1172 				ip++;
1173 				narg--;
1174 				c = ',';
1175 				break;
1176 			case SYS___acl_get_file:
1177 			case SYS___acl_set_file:
1178 			case SYS___acl_get_fd:
1179 			case SYS___acl_set_fd:
1180 			case SYS___acl_delete_file:
1181 			case SYS___acl_delete_fd:
1182 			case SYS___acl_aclcheck_file:
1183 			case SYS___acl_aclcheck_fd:
1184 			case SYS___acl_get_link:
1185 			case SYS___acl_set_link:
1186 			case SYS___acl_delete_link:
1187 			case SYS___acl_aclcheck_link:
1188 				print_number(ip, narg, c);
1189 				putchar(',');
1190 				acltypename(*ip);
1191 				ip++;
1192 				narg--;
1193 				break;
1194 			case SYS_sigaction:
1195 				putchar('(');
1196 				signame(*ip);
1197 				ip++;
1198 				narg--;
1199 				c = ',';
1200 				break;
1201 			case SYS_extattrctl:
1202 				print_number(ip, narg, c);
1203 				putchar(',');
1204 				extattrctlname(*ip);
1205 				ip++;
1206 				narg--;
1207 				break;
1208 			case SYS_nmount:
1209 				print_number(ip, narg, c);
1210 				print_number(ip, narg, c);
1211 				putchar(',');
1212 				mountflagsname(*ip);
1213 				ip++;
1214 				narg--;
1215 				break;
1216 			case SYS_thr_create:
1217 				print_number(ip, narg, c);
1218 				print_number(ip, narg, c);
1219 				putchar(',');
1220 				thrcreateflagsname(*ip);
1221 				ip++;
1222 				narg--;
1223 				break;
1224 			case SYS_thr_kill:
1225 				print_number(ip, narg, c);
1226 				putchar(',');
1227 				signame(*ip);
1228 				ip++;
1229 				narg--;
1230 				break;
1231 			case SYS_kldunloadf:
1232 				print_number(ip, narg, c);
1233 				putchar(',');
1234 				kldunloadfflagsname(*ip);
1235 				ip++;
1236 				narg--;
1237 				break;
1238 			case SYS_linkat:
1239 			case SYS_renameat:
1240 			case SYS_symlinkat:
1241 				print_number(ip, narg, c);
1242 				putchar(',');
1243 				atfdname(*ip, decimal);
1244 				ip++;
1245 				narg--;
1246 				break;
1247 			case SYS_cap_fcntls_limit:
1248 				print_number(ip, narg, c);
1249 				putchar(',');
1250 				arg = *ip;
1251 				ip++;
1252 				narg--;
1253 				capfcntlname(arg);
1254 				break;
1255 			case SYS_posix_fadvise:
1256 				print_number(ip, narg, c);
1257 				print_number(ip, narg, c);
1258 				print_number(ip, narg, c);
1259 				(void)putchar(',');
1260 				fadvisebehavname((int)*ip);
1261 				ip++;
1262 				narg--;
1263 				break;
1264 			case SYS_procctl:
1265 				putchar('(');
1266 				idtypename(*ip, decimal);
1267 				c = ',';
1268 				ip++;
1269 				narg--;
1270 				print_number(ip, narg, c);
1271 				putchar(',');
1272 				procctlcmdname(*ip);
1273 				ip++;
1274 				narg--;
1275 				break;
1276 			case SYS__umtx_op:
1277 				print_number(ip, narg, c);
1278 				putchar(',');
1279 				umtxopname(*ip);
1280 				switch (*ip) {
1281 				case UMTX_OP_CV_WAIT:
1282 					ip++;
1283 					narg--;
1284 					putchar(',');
1285 					umtxcvwaitflags(*ip);
1286 					break;
1287 				case UMTX_OP_RW_RDLOCK:
1288 					ip++;
1289 					narg--;
1290 					putchar(',');
1291 					umtxrwlockflags(*ip);
1292 					break;
1293 				}
1294 				ip++;
1295 				narg--;
1296 			}
1297 		}
1298 		while (narg > 0) {
1299 			print_number(ip, narg, c);
1300 		}
1301 		putchar(')');
1302 	}
1303 	putchar('\n');
1304 }
1305 
1306 void
1307 ktrsysret(struct ktr_sysret *ktr, u_int flags)
1308 {
1309 	register_t ret = ktr->ktr_retval;
1310 	int error = ktr->ktr_error;
1311 	int code = ktr->ktr_code;
1312 
1313 	if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) ||
1314 	    (code >= nsyscalls || code < 0))
1315 		printf("[%d] ", code);
1316 	else {
1317 		printf("%s", syscallnames[code]);
1318 		if (syscallno)
1319 			printf("[%d]", code);
1320 		printf(" ");
1321 	}
1322 
1323 	if (error == 0) {
1324 		if (fancy) {
1325 			printf("%ld", (long)ret);
1326 			if (ret < 0 || ret > 9)
1327 				printf("/%#lx", (unsigned long)ret);
1328 		} else {
1329 			if (decimal)
1330 				printf("%ld", (long)ret);
1331 			else
1332 				printf("%#lx", (unsigned long)ret);
1333 		}
1334 	} else if (error == ERESTART)
1335 		printf("RESTART");
1336 	else if (error == EJUSTRETURN)
1337 		printf("JUSTRETURN");
1338 	else {
1339 		printf("-1 errno %d", ktr->ktr_error);
1340 		if (fancy)
1341 			printf(" %s", strerror(ktr->ktr_error));
1342 	}
1343 	putchar('\n');
1344 }
1345 
1346 void
1347 ktrnamei(char *cp, int len)
1348 {
1349 	printf("\"%.*s\"\n", len, cp);
1350 }
1351 
1352 void
1353 hexdump(char *p, int len, int screenwidth)
1354 {
1355 	int n, i;
1356 	int width;
1357 
1358 	width = 0;
1359 	do {
1360 		width += 2;
1361 		i = 13;			/* base offset */
1362 		i += (width / 2) + 1;	/* spaces every second byte */
1363 		i += (width * 2);	/* width of bytes */
1364 		i += 3;			/* "  |" */
1365 		i += width;		/* each byte */
1366 		i += 1;			/* "|" */
1367 	} while (i < screenwidth);
1368 	width -= 2;
1369 
1370 	for (n = 0; n < len; n += width) {
1371 		for (i = n; i < n + width; i++) {
1372 			if ((i % width) == 0) {	/* beginning of line */
1373 				printf("       0x%04x", i);
1374 			}
1375 			if ((i % 2) == 0) {
1376 				printf(" ");
1377 			}
1378 			if (i < len)
1379 				printf("%02x", p[i] & 0xff);
1380 			else
1381 				printf("  ");
1382 		}
1383 		printf("  |");
1384 		for (i = n; i < n + width; i++) {
1385 			if (i >= len)
1386 				break;
1387 			if (p[i] >= ' ' && p[i] <= '~')
1388 				printf("%c", p[i]);
1389 			else
1390 				printf(".");
1391 		}
1392 		printf("|\n");
1393 	}
1394 	if ((i % width) != 0)
1395 		printf("\n");
1396 }
1397 
1398 void
1399 visdump(char *dp, int datalen, int screenwidth)
1400 {
1401 	int col = 0;
1402 	char *cp;
1403 	int width;
1404 	char visbuf[5];
1405 
1406 	printf("       \"");
1407 	col = 8;
1408 	for (;datalen > 0; datalen--, dp++) {
1409 		 vis(visbuf, *dp, VIS_CSTYLE, *(dp+1));
1410 		cp = visbuf;
1411 		/*
1412 		 * Keep track of printables and
1413 		 * space chars (like fold(1)).
1414 		 */
1415 		if (col == 0) {
1416 			putchar('\t');
1417 			col = 8;
1418 		}
1419 		switch(*cp) {
1420 		case '\n':
1421 			col = 0;
1422 			putchar('\n');
1423 			continue;
1424 		case '\t':
1425 			width = 8 - (col&07);
1426 			break;
1427 		default:
1428 			width = strlen(cp);
1429 		}
1430 		if (col + width > (screenwidth-2)) {
1431 			printf("\\\n\t");
1432 			col = 8;
1433 		}
1434 		col += width;
1435 		do {
1436 			putchar(*cp++);
1437 		} while (*cp);
1438 	}
1439 	if (col == 0)
1440 		printf("       ");
1441 	printf("\"\n");
1442 }
1443 
1444 void
1445 ktrgenio(struct ktr_genio *ktr, int len)
1446 {
1447 	int datalen = len - sizeof (struct ktr_genio);
1448 	char *dp = (char *)ktr + sizeof (struct ktr_genio);
1449 	static int screenwidth = 0;
1450 	int i, binary;
1451 
1452 	printf("fd %d %s %d byte%s\n", ktr->ktr_fd,
1453 		ktr->ktr_rw == UIO_READ ? "read" : "wrote", datalen,
1454 		datalen == 1 ? "" : "s");
1455 	if (suppressdata)
1456 		return;
1457 	if (screenwidth == 0) {
1458 		struct winsize ws;
1459 
1460 		if (fancy && ioctl(fileno(stderr), TIOCGWINSZ, &ws) != -1 &&
1461 		    ws.ws_col > 8)
1462 			screenwidth = ws.ws_col;
1463 		else
1464 			screenwidth = 80;
1465 	}
1466 	if (maxdata && datalen > maxdata)
1467 		datalen = maxdata;
1468 
1469 	for (i = 0, binary = 0; i < datalen && binary == 0; i++)  {
1470 		if (dp[i] >= 32 && dp[i] < 127)
1471 			continue;
1472 		if (dp[i] == 10 || dp[i] == 13 || dp[i] == 0 || dp[i] == 9)
1473 			continue;
1474 		binary = 1;
1475 	}
1476 	if (binary)
1477 		hexdump(dp, datalen, screenwidth);
1478 	else
1479 		visdump(dp, datalen, screenwidth);
1480 }
1481 
1482 const char *signames[] = {
1483 	"NULL", "HUP", "INT", "QUIT", "ILL", "TRAP", "IOT",	/*  1 - 6  */
1484 	"EMT", "FPE", "KILL", "BUS", "SEGV", "SYS",		/*  7 - 12 */
1485 	"PIPE", "ALRM",  "TERM", "URG", "STOP", "TSTP",		/* 13 - 18 */
1486 	"CONT", "CHLD", "TTIN", "TTOU", "IO", "XCPU",		/* 19 - 24 */
1487 	"XFSZ", "VTALRM", "PROF", "WINCH", "29", "USR1",	/* 25 - 30 */
1488 	"USR2", NULL,						/* 31 - 32 */
1489 };
1490 
1491 void
1492 ktrpsig(struct ktr_psig *psig)
1493 {
1494 	if (psig->signo > 0 && psig->signo < NSIG)
1495 		printf("SIG%s ", signames[psig->signo]);
1496 	else
1497 		printf("SIG %d ", psig->signo);
1498 	if (psig->action == SIG_DFL) {
1499 		printf("SIG_DFL code=");
1500 		sigcodename(psig->signo, psig->code);
1501 		putchar('\n');
1502 	} else {
1503 		printf("caught handler=0x%lx mask=0x%x code=",
1504 		    (u_long)psig->action, psig->mask.__bits[0]);
1505 		sigcodename(psig->signo, psig->code);
1506 		putchar('\n');
1507 	}
1508 }
1509 
1510 void
1511 ktrcsw_old(struct ktr_csw_old *cs)
1512 {
1513 	printf("%s %s\n", cs->out ? "stop" : "resume",
1514 		cs->user ? "user" : "kernel");
1515 }
1516 
1517 void
1518 ktrcsw(struct ktr_csw *cs)
1519 {
1520 	printf("%s %s \"%s\"\n", cs->out ? "stop" : "resume",
1521 	    cs->user ? "user" : "kernel", cs->wmesg);
1522 }
1523 
1524 #define	UTRACE_DLOPEN_START		1
1525 #define	UTRACE_DLOPEN_STOP		2
1526 #define	UTRACE_DLCLOSE_START		3
1527 #define	UTRACE_DLCLOSE_STOP		4
1528 #define	UTRACE_LOAD_OBJECT		5
1529 #define	UTRACE_UNLOAD_OBJECT		6
1530 #define	UTRACE_ADD_RUNDEP		7
1531 #define	UTRACE_PRELOAD_FINISHED		8
1532 #define	UTRACE_INIT_CALL		9
1533 #define	UTRACE_FINI_CALL		10
1534 #define	UTRACE_DLSYM_START		11
1535 #define	UTRACE_DLSYM_STOP		12
1536 
1537 struct utrace_rtld {
1538 	char sig[4];				/* 'RTLD' */
1539 	int event;
1540 	void *handle;
1541 	void *mapbase;
1542 	size_t mapsize;
1543 	int refcnt;
1544 	char name[MAXPATHLEN];
1545 };
1546 
1547 void
1548 ktruser_rtld(int len, void *p)
1549 {
1550 	struct utrace_rtld *ut = p;
1551 	unsigned char *cp;
1552 	void *parent;
1553 	int mode;
1554 
1555 	switch (ut->event) {
1556 	case UTRACE_DLOPEN_START:
1557 		mode = ut->refcnt;
1558 		printf("dlopen(%s, ", ut->name);
1559 		switch (mode & RTLD_MODEMASK) {
1560 		case RTLD_NOW:
1561 			printf("RTLD_NOW");
1562 			break;
1563 		case RTLD_LAZY:
1564 			printf("RTLD_LAZY");
1565 			break;
1566 		default:
1567 			printf("%#x", mode & RTLD_MODEMASK);
1568 		}
1569 		if (mode & RTLD_GLOBAL)
1570 			printf(" | RTLD_GLOBAL");
1571 		if (mode & RTLD_TRACE)
1572 			printf(" | RTLD_TRACE");
1573 		if (mode & ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE))
1574 			printf(" | %#x", mode &
1575 			    ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE));
1576 		printf(")\n");
1577 		break;
1578 	case UTRACE_DLOPEN_STOP:
1579 		printf("%p = dlopen(%s) ref %d\n", ut->handle, ut->name,
1580 		    ut->refcnt);
1581 		break;
1582 	case UTRACE_DLCLOSE_START:
1583 		printf("dlclose(%p) (%s, %d)\n", ut->handle, ut->name,
1584 		    ut->refcnt);
1585 		break;
1586 	case UTRACE_DLCLOSE_STOP:
1587 		printf("dlclose(%p) finished\n", ut->handle);
1588 		break;
1589 	case UTRACE_LOAD_OBJECT:
1590 		printf("RTLD: loaded   %p @ %p - %p (%s)\n", ut->handle,
1591 		    ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1,
1592 		    ut->name);
1593 		break;
1594 	case UTRACE_UNLOAD_OBJECT:
1595 		printf("RTLD: unloaded %p @ %p - %p (%s)\n", ut->handle,
1596 		    ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1,
1597 		    ut->name);
1598 		break;
1599 	case UTRACE_ADD_RUNDEP:
1600 		parent = ut->mapbase;
1601 		printf("RTLD: %p now depends on %p (%s, %d)\n", parent,
1602 		    ut->handle, ut->name, ut->refcnt);
1603 		break;
1604 	case UTRACE_PRELOAD_FINISHED:
1605 		printf("RTLD: LD_PRELOAD finished\n");
1606 		break;
1607 	case UTRACE_INIT_CALL:
1608 		printf("RTLD: init %p for %p (%s)\n", ut->mapbase, ut->handle,
1609 		    ut->name);
1610 		break;
1611 	case UTRACE_FINI_CALL:
1612 		printf("RTLD: fini %p for %p (%s)\n", ut->mapbase, ut->handle,
1613 		    ut->name);
1614 		break;
1615 	case UTRACE_DLSYM_START:
1616 		printf("RTLD: dlsym(%p, %s)\n", ut->handle, ut->name);
1617 		break;
1618 	case UTRACE_DLSYM_STOP:
1619 		printf("RTLD: %p = dlsym(%p, %s)\n", ut->mapbase, ut->handle,
1620 		    ut->name);
1621 		break;
1622 	default:
1623 		cp = p;
1624 		cp += 4;
1625 		len -= 4;
1626 		printf("RTLD: %d ", len);
1627 		while (len--)
1628 			if (decimal)
1629 				printf(" %d", *cp++);
1630 			else
1631 				printf(" %02x", *cp++);
1632 		printf("\n");
1633 	}
1634 }
1635 
1636 struct utrace_malloc {
1637 	void *p;
1638 	size_t s;
1639 	void *r;
1640 };
1641 
1642 void
1643 ktruser_malloc(void *p)
1644 {
1645 	struct utrace_malloc *ut = p;
1646 
1647 	if (ut->p == (void *)(intptr_t)(-1))
1648 		printf("malloc_init()\n");
1649 	else if (ut->s == 0)
1650 		printf("free(%p)\n", ut->p);
1651 	else if (ut->p == NULL)
1652 		printf("%p = malloc(%zu)\n", ut->r, ut->s);
1653 	else
1654 		printf("%p = realloc(%p, %zu)\n", ut->r, ut->p, ut->s);
1655 }
1656 
1657 void
1658 ktruser(int len, void *p)
1659 {
1660 	unsigned char *cp;
1661 
1662 	if (len >= 8 && bcmp(p, "RTLD", 4) == 0) {
1663 		ktruser_rtld(len, p);
1664 		return;
1665 	}
1666 
1667 	if (len == sizeof(struct utrace_malloc)) {
1668 		ktruser_malloc(p);
1669 		return;
1670 	}
1671 
1672 	printf("%d ", len);
1673 	cp = p;
1674 	while (len--)
1675 		if (decimal)
1676 			printf(" %d", *cp++);
1677 		else
1678 			printf(" %02x", *cp++);
1679 	printf("\n");
1680 }
1681 
1682 void
1683 ktrcaprights(cap_rights_t *rightsp)
1684 {
1685 
1686 	printf("cap_rights_t ");
1687 	capname(rightsp);
1688 	printf("\n");
1689 }
1690 
1691 void
1692 ktrsockaddr(struct sockaddr *sa)
1693 {
1694 /*
1695  TODO: Support additional address families
1696 	#include <netnatm/natm.h>
1697 	struct sockaddr_natm	*natm;
1698 	#include <netsmb/netbios.h>
1699 	struct sockaddr_nb	*nb;
1700 */
1701 	char addr[64];
1702 
1703 	/*
1704 	 * note: ktrstruct() has already verified that sa points to a
1705 	 * buffer at least sizeof(struct sockaddr) bytes long and exactly
1706 	 * sa->sa_len bytes long.
1707 	 */
1708 	printf("struct sockaddr { ");
1709 	sockfamilyname(sa->sa_family);
1710 	printf(", ");
1711 
1712 #define check_sockaddr_len(n)					\
1713 	if (sa_##n.s##n##_len < sizeof(struct sockaddr_##n)) {	\
1714 		printf("invalid");				\
1715 		break;						\
1716 	}
1717 
1718 	switch(sa->sa_family) {
1719 	case AF_INET: {
1720 		struct sockaddr_in sa_in;
1721 
1722 		memset(&sa_in, 0, sizeof(sa_in));
1723 		memcpy(&sa_in, sa, sa->sa_len);
1724 		check_sockaddr_len(in);
1725 		inet_ntop(AF_INET, &sa_in.sin_addr, addr, sizeof addr);
1726 		printf("%s:%u", addr, ntohs(sa_in.sin_port));
1727 		break;
1728 	}
1729 	case AF_INET6: {
1730 		struct sockaddr_in6 sa_in6;
1731 
1732 		memset(&sa_in6, 0, sizeof(sa_in6));
1733 		memcpy(&sa_in6, sa, sa->sa_len);
1734 		check_sockaddr_len(in6);
1735 		getnameinfo((struct sockaddr *)&sa_in6, sizeof(sa_in6),
1736 		    addr, sizeof(addr), NULL, 0, NI_NUMERICHOST);
1737 		printf("[%s]:%u", addr, htons(sa_in6.sin6_port));
1738 		break;
1739 	}
1740 	case AF_UNIX: {
1741 		struct sockaddr_un sa_un;
1742 
1743 		memset(&sa_un, 0, sizeof(sa_un));
1744 		memcpy(&sa_un, sa, sa->sa_len);
1745 		printf("%.*s", (int)sizeof(sa_un.sun_path), sa_un.sun_path);
1746 		break;
1747 	}
1748 	default:
1749 		printf("unknown address family");
1750 	}
1751 	printf(" }\n");
1752 }
1753 
1754 void
1755 ktrstat(struct stat *statp)
1756 {
1757 	char mode[12], timestr[PATH_MAX + 4];
1758 	struct passwd *pwd;
1759 	struct group  *grp;
1760 	struct tm *tm;
1761 
1762 	/*
1763 	 * note: ktrstruct() has already verified that statp points to a
1764 	 * buffer exactly sizeof(struct stat) bytes long.
1765 	 */
1766 	printf("struct stat {");
1767 	printf("dev=%ju, ino=%ju, ",
1768 		(uintmax_t)statp->st_dev, (uintmax_t)statp->st_ino);
1769 	if (resolv == 0)
1770 		printf("mode=0%jo, ", (uintmax_t)statp->st_mode);
1771 	else {
1772 		strmode(statp->st_mode, mode);
1773 		printf("mode=%s, ", mode);
1774 	}
1775 	printf("nlink=%ju, ", (uintmax_t)statp->st_nlink);
1776 	if (resolv == 0) {
1777 		pwd = NULL;
1778 	} else {
1779 #ifdef HAVE_LIBCAPSICUM
1780 		if (cappwd != NULL)
1781 			pwd = cap_getpwuid(cappwd, statp->st_uid);
1782 		else
1783 #endif
1784 			pwd = getpwuid(statp->st_uid);
1785 	}
1786 	if (pwd == NULL)
1787 		printf("uid=%ju, ", (uintmax_t)statp->st_uid);
1788 	else
1789 		printf("uid=\"%s\", ", pwd->pw_name);
1790 	if (resolv == 0) {
1791 		grp = NULL;
1792 	} else {
1793 #ifdef HAVE_LIBCAPSICUM
1794 		if (capgrp != NULL)
1795 			grp = cap_getgrgid(capgrp, statp->st_gid);
1796 		else
1797 #endif
1798 			grp = getgrgid(statp->st_gid);
1799 	}
1800 	if (grp == NULL)
1801 		printf("gid=%ju, ", (uintmax_t)statp->st_gid);
1802 	else
1803 		printf("gid=\"%s\", ", grp->gr_name);
1804 	printf("rdev=%ju, ", (uintmax_t)statp->st_rdev);
1805 	printf("atime=");
1806 	if (resolv == 0)
1807 		printf("%jd", (intmax_t)statp->st_atim.tv_sec);
1808 	else {
1809 		tm = localtime(&statp->st_atim.tv_sec);
1810 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1811 		printf("\"%s\"", timestr);
1812 	}
1813 	if (statp->st_atim.tv_nsec != 0)
1814 		printf(".%09ld, ", statp->st_atim.tv_nsec);
1815 	else
1816 		printf(", ");
1817 	printf("stime=");
1818 	if (resolv == 0)
1819 		printf("%jd", (intmax_t)statp->st_mtim.tv_sec);
1820 	else {
1821 		tm = localtime(&statp->st_mtim.tv_sec);
1822 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1823 		printf("\"%s\"", timestr);
1824 	}
1825 	if (statp->st_mtim.tv_nsec != 0)
1826 		printf(".%09ld, ", statp->st_mtim.tv_nsec);
1827 	else
1828 		printf(", ");
1829 	printf("ctime=");
1830 	if (resolv == 0)
1831 		printf("%jd", (intmax_t)statp->st_ctim.tv_sec);
1832 	else {
1833 		tm = localtime(&statp->st_ctim.tv_sec);
1834 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1835 		printf("\"%s\"", timestr);
1836 	}
1837 	if (statp->st_ctim.tv_nsec != 0)
1838 		printf(".%09ld, ", statp->st_ctim.tv_nsec);
1839 	else
1840 		printf(", ");
1841 	printf("birthtime=");
1842 	if (resolv == 0)
1843 		printf("%jd", (intmax_t)statp->st_birthtim.tv_sec);
1844 	else {
1845 		tm = localtime(&statp->st_birthtim.tv_sec);
1846 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1847 		printf("\"%s\"", timestr);
1848 	}
1849 	if (statp->st_birthtim.tv_nsec != 0)
1850 		printf(".%09ld, ", statp->st_birthtim.tv_nsec);
1851 	else
1852 		printf(", ");
1853 	printf("size=%jd, blksize=%ju, blocks=%jd, flags=0x%x",
1854 		(uintmax_t)statp->st_size, (uintmax_t)statp->st_blksize,
1855 		(intmax_t)statp->st_blocks, statp->st_flags);
1856 	printf(" }\n");
1857 }
1858 
1859 void
1860 ktrstruct(char *buf, size_t buflen)
1861 {
1862 	char *name, *data;
1863 	size_t namelen, datalen;
1864 	int i;
1865 	cap_rights_t rights;
1866 	struct stat sb;
1867 	struct sockaddr_storage ss;
1868 
1869 	for (name = buf, namelen = 0;
1870 	     namelen < buflen && name[namelen] != '\0';
1871 	     ++namelen)
1872 		/* nothing */;
1873 	if (namelen == buflen)
1874 		goto invalid;
1875 	if (name[namelen] != '\0')
1876 		goto invalid;
1877 	data = buf + namelen + 1;
1878 	datalen = buflen - namelen - 1;
1879 	if (datalen == 0)
1880 		goto invalid;
1881 	/* sanity check */
1882 	for (i = 0; i < (int)namelen; ++i)
1883 		if (!isalpha(name[i]))
1884 			goto invalid;
1885 	if (strcmp(name, "caprights") == 0) {
1886 		if (datalen != sizeof(cap_rights_t))
1887 			goto invalid;
1888 		memcpy(&rights, data, datalen);
1889 		ktrcaprights(&rights);
1890 	} else if (strcmp(name, "stat") == 0) {
1891 		if (datalen != sizeof(struct stat))
1892 			goto invalid;
1893 		memcpy(&sb, data, datalen);
1894 		ktrstat(&sb);
1895 	} else if (strcmp(name, "sockaddr") == 0) {
1896 		if (datalen > sizeof(ss))
1897 			goto invalid;
1898 		memcpy(&ss, data, datalen);
1899 		if (datalen != ss.ss_len)
1900 			goto invalid;
1901 		ktrsockaddr((struct sockaddr *)&ss);
1902 	} else {
1903 		printf("unknown structure\n");
1904 	}
1905 	return;
1906 invalid:
1907 	printf("invalid record\n");
1908 }
1909 
1910 void
1911 ktrcapfail(struct ktr_cap_fail *ktr)
1912 {
1913 	switch (ktr->cap_type) {
1914 	case CAPFAIL_NOTCAPABLE:
1915 		/* operation on fd with insufficient capabilities */
1916 		printf("operation requires ");
1917 		capname(&ktr->cap_needed);
1918 		printf(", descriptor holds ");
1919 		capname(&ktr->cap_held);
1920 		break;
1921 	case CAPFAIL_INCREASE:
1922 		/* requested more capabilities than fd already has */
1923 		printf("attempt to increase capabilities from ");
1924 		capname(&ktr->cap_held);
1925 		printf(" to ");
1926 		capname(&ktr->cap_needed);
1927 		break;
1928 	case CAPFAIL_SYSCALL:
1929 		/* called restricted syscall */
1930 		printf("disallowed system call");
1931 		break;
1932 	case CAPFAIL_LOOKUP:
1933 		/* used ".." in strict-relative mode */
1934 		printf("restricted VFS lookup");
1935 		break;
1936 	default:
1937 		printf("unknown capability failure: ");
1938 		capname(&ktr->cap_needed);
1939 		printf(" ");
1940 		capname(&ktr->cap_held);
1941 		break;
1942 	}
1943 	printf("\n");
1944 }
1945 
1946 void
1947 ktrfault(struct ktr_fault *ktr)
1948 {
1949 
1950 	printf("0x%jx ", (uintmax_t)ktr->vaddr);
1951 	vmprotname(ktr->type);
1952 	printf("\n");
1953 }
1954 
1955 void
1956 ktrfaultend(struct ktr_faultend *ktr)
1957 {
1958 
1959 	vmresultname(ktr->result);
1960 	printf("\n");
1961 }
1962 
1963 #if defined(__amd64__) || defined(__i386__)
1964 void
1965 linux_ktrsyscall(struct ktr_syscall *ktr)
1966 {
1967 	int narg = ktr->ktr_narg;
1968 	register_t *ip;
1969 
1970 	if (ktr->ktr_code >= nlinux_syscalls || ktr->ktr_code < 0)
1971 		printf("[%d]", ktr->ktr_code);
1972 	else {
1973 		printf("%s", linux_syscallnames[ktr->ktr_code]);
1974 		if (syscallno)
1975 			printf("[%d]", ktr->ktr_code);
1976 	}
1977 	ip = &ktr->ktr_args[0];
1978 	if (narg) {
1979 		char c = '(';
1980 		while (narg > 0)
1981 			print_number(ip, narg, c);
1982 		putchar(')');
1983 	}
1984 	putchar('\n');
1985 }
1986 
1987 void
1988 linux_ktrsysret(struct ktr_sysret *ktr)
1989 {
1990 	register_t ret = ktr->ktr_retval;
1991 	int error = ktr->ktr_error;
1992 	int code = ktr->ktr_code;
1993 
1994 	if (code >= nlinux_syscalls || code < 0)
1995 		printf("[%d] ", code);
1996 	else {
1997 		printf("%s", linux_syscallnames[code]);
1998 		if (syscallno)
1999 			printf("[%d]", code);
2000 		printf(" ");
2001 	}
2002 
2003 	if (error == 0) {
2004 		if (fancy) {
2005 			printf("%ld", (long)ret);
2006 			if (ret < 0 || ret > 9)
2007 				printf("/%#lx", (unsigned long)ret);
2008 		} else {
2009 			if (decimal)
2010 				printf("%ld", (long)ret);
2011 			else
2012 				printf("%#lx", (unsigned long)ret);
2013 		}
2014 	} else if (error == ERESTART)
2015 		printf("RESTART");
2016 	else if (error == EJUSTRETURN)
2017 		printf("JUSTRETURN");
2018 	else {
2019 		if (ktr->ktr_error <= ELAST + 1)
2020 			error = abs(bsd_to_linux_errno[ktr->ktr_error]);
2021 		else
2022 			error = 999;
2023 		printf("-1 errno %d", error);
2024 		if (fancy)
2025 			printf(" %s", strerror(ktr->ktr_error));
2026 	}
2027 	putchar('\n');
2028 }
2029 #endif
2030 
2031 void
2032 usage(void)
2033 {
2034 	fprintf(stderr, "usage: kdump [-dEnlHRrSsTA] [-f trfile] "
2035 	    "[-m maxdata] [-p pid] [-t trstr]\n");
2036 	exit(1);
2037 }
2038