xref: /freebsd/usr.bin/kdump/kdump.c (revision 5608fd23c27fa1e8ee595d7b678cbfd35d657fbe)
1 /*-
2  * Copyright (c) 1988, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #ifndef lint
31 static const char copyright[] =
32 "@(#) Copyright (c) 1988, 1993\n\
33 	The Regents of the University of California.  All rights reserved.\n";
34 #endif /* not lint */
35 
36 #ifndef lint
37 #if 0
38 static char sccsid[] = "@(#)kdump.c	8.1 (Berkeley) 6/6/93";
39 #endif
40 #endif /* not lint */
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
43 
44 #define _KERNEL
45 extern int errno;
46 #include <sys/errno.h>
47 #undef _KERNEL
48 #include <sys/param.h>
49 #include <sys/capsicum.h>
50 #include <sys/errno.h>
51 #define _KERNEL
52 #include <sys/time.h>
53 #undef _KERNEL
54 #include <sys/uio.h>
55 #include <sys/ktrace.h>
56 #include <sys/ioctl.h>
57 #include <sys/socket.h>
58 #include <sys/stat.h>
59 #include <sys/sysent.h>
60 #include <sys/un.h>
61 #include <sys/queue.h>
62 #include <sys/wait.h>
63 #include <arpa/inet.h>
64 #include <netinet/in.h>
65 #include <ctype.h>
66 #include <dlfcn.h>
67 #include <err.h>
68 #include <grp.h>
69 #include <inttypes.h>
70 #ifdef HAVE_LIBCAPSICUM
71 #include <libcapsicum.h>
72 #include <libcapsicum_grp.h>
73 #include <libcapsicum_pwd.h>
74 #include <libcapsicum_service.h>
75 #endif
76 #include <locale.h>
77 #include <netdb.h>
78 #include <nl_types.h>
79 #ifdef HAVE_LIBCAPSICUM
80 #include <nv.h>
81 #endif
82 #include <pwd.h>
83 #include <stdio.h>
84 #include <stdlib.h>
85 #include <string.h>
86 #include <termios.h>
87 #include <time.h>
88 #include <unistd.h>
89 #include <vis.h>
90 #include "ktrace.h"
91 #include "kdump_subr.h"
92 
93 u_int abidump(struct ktr_header *);
94 int fetchprocinfo(struct ktr_header *, u_int *);
95 int fread_tail(void *, int, int);
96 void dumpheader(struct ktr_header *);
97 void ktrsyscall(struct ktr_syscall *, u_int);
98 void ktrsysret(struct ktr_sysret *, u_int);
99 void ktrnamei(char *, int);
100 void hexdump(char *, int, int);
101 void visdump(char *, int, int);
102 void ktrgenio(struct ktr_genio *, int);
103 void ktrpsig(struct ktr_psig *);
104 void ktrcsw(struct ktr_csw *);
105 void ktrcsw_old(struct ktr_csw_old *);
106 void ktruser_malloc(unsigned char *);
107 void ktruser_rtld(int, unsigned char *);
108 void ktruser(int, unsigned char *);
109 void ktrcaprights(cap_rights_t *);
110 void ktrsockaddr(struct sockaddr *);
111 void ktrstat(struct stat *);
112 void ktrstruct(char *, size_t);
113 void ktrcapfail(struct ktr_cap_fail *);
114 void ktrfault(struct ktr_fault *);
115 void ktrfaultend(struct ktr_faultend *);
116 void limitfd(int fd);
117 void usage(void);
118 void ioctlname(unsigned long, int);
119 
120 #define	TIMESTAMP_NONE		0x0
121 #define	TIMESTAMP_ABSOLUTE	0x1
122 #define	TIMESTAMP_ELAPSED	0x2
123 #define	TIMESTAMP_RELATIVE	0x4
124 
125 int timestamp, decimal, fancy = 1, suppressdata, tail, threads, maxdata,
126     resolv = 0, abiflag = 0, syscallno = 0;
127 const char *tracefile = DEF_TRACEFILE;
128 struct ktr_header ktr_header;
129 
130 #define TIME_FORMAT	"%b %e %T %Y"
131 #define eqs(s1, s2)	(strcmp((s1), (s2)) == 0)
132 
133 #define print_number(i,n,c) do {					\
134 	if (decimal)							\
135 		printf("%c%jd", c, (intmax_t)*i);			\
136 	else								\
137 		printf("%c%#jx", c, (uintmax_t)(u_register_t)*i);	\
138 	i++;								\
139 	n--;								\
140 	c = ',';							\
141 } while (0)
142 
143 #if defined(__amd64__) || defined(__i386__)
144 
145 void linux_ktrsyscall(struct ktr_syscall *);
146 void linux_ktrsysret(struct ktr_sysret *);
147 extern char *linux_syscallnames[];
148 extern int nlinux_syscalls;
149 
150 /*
151  * from linux.h
152  * Linux syscalls return negative errno's, we do positive and map them
153  */
154 static int bsd_to_linux_errno[ELAST + 1] = {
155 	-0,  -1,  -2,  -3,  -4,  -5,  -6,  -7,  -8,  -9,
156 	-10, -35, -12, -13, -14, -15, -16, -17, -18, -19,
157 	-20, -21, -22, -23, -24, -25, -26, -27, -28, -29,
158 	-30, -31, -32, -33, -34, -11,-115,-114, -88, -89,
159 	-90, -91, -92, -93, -94, -95, -96, -97, -98, -99,
160 	-100,-101,-102,-103,-104,-105,-106,-107,-108,-109,
161 	-110,-111, -40, -36,-112,-113, -39, -11, -87,-122,
162 	-116, -66,  -6,  -6,  -6,  -6,  -6, -37, -38,  -9,
163 	-6,  -6, -43, -42, -75,-125, -84, -95, -16, -74,
164 	-72, -67, -71
165 };
166 #endif
167 
168 struct proc_info
169 {
170 	TAILQ_ENTRY(proc_info)	info;
171 	u_int			sv_flags;
172 	pid_t			pid;
173 };
174 
175 TAILQ_HEAD(trace_procs, proc_info) trace_procs;
176 
177 #ifdef HAVE_LIBCAPSICUM
178 static cap_channel_t *cappwd, *capgrp;
179 #endif
180 
181 static void
182 strerror_init(void)
183 {
184 
185 	/*
186 	 * Cache NLS data before entering capability mode.
187 	 * XXXPJD: There should be strerror_init() and strsignal_init() in libc.
188 	 */
189 	(void)catopen("libc", NL_CAT_LOCALE);
190 }
191 
192 static void
193 localtime_init(void)
194 {
195 	time_t ltime;
196 
197 	/*
198 	 * Allow localtime(3) to cache /etc/localtime content before entering
199 	 * capability mode.
200 	 * XXXPJD: There should be localtime_init() in libc.
201 	 */
202 	(void)time(&ltime);
203 	(void)localtime(&ltime);
204 }
205 
206 #ifdef HAVE_LIBCAPSICUM
207 static int
208 cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp)
209 {
210 	cap_channel_t *capcas, *cappwdloc, *capgrploc;
211 	const char *cmds[1], *fields[1];
212 
213 	capcas = cap_init();
214 	if (capcas == NULL) {
215 		warn("unable to contact casperd");
216 		return (-1);
217 	}
218 	cappwdloc = cap_service_open(capcas, "system.pwd");
219 	capgrploc = cap_service_open(capcas, "system.grp");
220 	/* Casper capability no longer needed. */
221 	cap_close(capcas);
222 	if (cappwdloc == NULL || capgrploc == NULL) {
223 		if (cappwdloc == NULL)
224 			warn("unable to open system.pwd service");
225 		if (capgrploc == NULL)
226 			warn("unable to open system.grp service");
227 		exit(1);
228 	}
229 	/* Limit system.pwd to only getpwuid() function and pw_name field. */
230 	cmds[0] = "getpwuid";
231 	if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0)
232 		err(1, "unable to limit system.pwd service");
233 	fields[0] = "pw_name";
234 	if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0)
235 		err(1, "unable to limit system.pwd service");
236 	/* Limit system.grp to only getgrgid() function and gr_name field. */
237 	cmds[0] = "getgrgid";
238 	if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0)
239 		err(1, "unable to limit system.grp service");
240 	fields[0] = "gr_name";
241 	if (cap_grp_limit_fields(capgrploc, fields, 1) < 0)
242 		err(1, "unable to limit system.grp service");
243 
244 	*cappwdp = cappwdloc;
245 	*capgrpp = capgrploc;
246 	return (0);
247 }
248 #endif	/* HAVE_LIBCAPSICUM */
249 
250 int
251 main(int argc, char *argv[])
252 {
253 	int ch, ktrlen, size;
254 	void *m;
255 	int trpoints = ALL_POINTS;
256 	int drop_logged;
257 	pid_t pid = 0;
258 	u_int sv_flags;
259 
260 	setlocale(LC_CTYPE, "");
261 
262 	timestamp = TIMESTAMP_NONE;
263 
264 	while ((ch = getopt(argc,argv,"f:dElm:np:AHRrSsTt:")) != -1)
265 		switch (ch) {
266 		case 'A':
267 			abiflag = 1;
268 			break;
269 		case 'f':
270 			tracefile = optarg;
271 			break;
272 		case 'd':
273 			decimal = 1;
274 			break;
275 		case 'l':
276 			tail = 1;
277 			break;
278 		case 'm':
279 			maxdata = atoi(optarg);
280 			break;
281 		case 'n':
282 			fancy = 0;
283 			break;
284 		case 'p':
285 			pid = atoi(optarg);
286 			break;
287 		case 'r':
288 			resolv = 1;
289 			break;
290 		case 'S':
291 			syscallno = 1;
292 			break;
293 		case 's':
294 			suppressdata = 1;
295 			break;
296 		case 'E':
297 			timestamp |= TIMESTAMP_ELAPSED;
298 			break;
299 		case 'H':
300 			threads = 1;
301 			break;
302 		case 'R':
303 			timestamp |= TIMESTAMP_RELATIVE;
304 			break;
305 		case 'T':
306 			timestamp |= TIMESTAMP_ABSOLUTE;
307 			break;
308 		case 't':
309 			trpoints = getpoints(optarg);
310 			if (trpoints < 0)
311 				errx(1, "unknown trace point in %s", optarg);
312 			break;
313 		default:
314 			usage();
315 		}
316 
317 	if (argc > optind)
318 		usage();
319 
320 	m = malloc(size = 1025);
321 	if (m == NULL)
322 		errx(1, "%s", strerror(ENOMEM));
323 	if (!freopen(tracefile, "r", stdin))
324 		err(1, "%s", tracefile);
325 
326 	strerror_init();
327 	localtime_init();
328 #ifdef HAVE_LIBCAPSICUM
329 	if (resolv != 0) {
330 		if (cappwdgrp_setup(&cappwd, &capgrp) < 0) {
331 			cappwd = NULL;
332 			capgrp = NULL;
333 		}
334 	}
335 	if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) {
336 		if (cap_enter() < 0 && errno != ENOSYS)
337 			err(1, "unable to enter capability mode");
338 	}
339 #else
340 	if (resolv == 0) {
341 		if (cap_enter() < 0 && errno != ENOSYS)
342 			err(1, "unable to enter capability mode");
343 	}
344 #endif
345 	limitfd(STDIN_FILENO);
346 	limitfd(STDOUT_FILENO);
347 	limitfd(STDERR_FILENO);
348 	if (cap_sandboxed())
349 		fprintf(stderr, "capability mode sandbox enabled\n");
350 
351 	TAILQ_INIT(&trace_procs);
352 	drop_logged = 0;
353 	while (fread_tail(&ktr_header, sizeof(struct ktr_header), 1)) {
354 		if (ktr_header.ktr_type & KTR_DROP) {
355 			ktr_header.ktr_type &= ~KTR_DROP;
356 			if (!drop_logged && threads) {
357 				printf(
358 				    "%6jd %6jd %-8.*s Events dropped.\n",
359 				    (intmax_t)ktr_header.ktr_pid,
360 				    ktr_header.ktr_tid > 0 ?
361 				    (intmax_t)ktr_header.ktr_tid : 0,
362 				    MAXCOMLEN, ktr_header.ktr_comm);
363 				drop_logged = 1;
364 			} else if (!drop_logged) {
365 				printf("%6jd %-8.*s Events dropped.\n",
366 				    (intmax_t)ktr_header.ktr_pid, MAXCOMLEN,
367 				    ktr_header.ktr_comm);
368 				drop_logged = 1;
369 			}
370 		}
371 		if (trpoints & (1<<ktr_header.ktr_type))
372 			if (pid == 0 || ktr_header.ktr_pid == pid ||
373 			    ktr_header.ktr_tid == pid)
374 				dumpheader(&ktr_header);
375 		if ((ktrlen = ktr_header.ktr_len) < 0)
376 			errx(1, "bogus length 0x%x", ktrlen);
377 		if (ktrlen > size) {
378 			m = realloc(m, ktrlen+1);
379 			if (m == NULL)
380 				errx(1, "%s", strerror(ENOMEM));
381 			size = ktrlen;
382 		}
383 		if (ktrlen && fread_tail(m, ktrlen, 1) == 0)
384 			errx(1, "data too short");
385 		if (fetchprocinfo(&ktr_header, (u_int *)m) != 0)
386 			continue;
387 		sv_flags = abidump(&ktr_header);
388 		if (pid && ktr_header.ktr_pid != pid &&
389 		    ktr_header.ktr_tid != pid)
390 			continue;
391 		if ((trpoints & (1<<ktr_header.ktr_type)) == 0)
392 			continue;
393 		drop_logged = 0;
394 		switch (ktr_header.ktr_type) {
395 		case KTR_SYSCALL:
396 #if defined(__amd64__) || defined(__i386__)
397 			if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX)
398 				linux_ktrsyscall((struct ktr_syscall *)m);
399 			else
400 #endif
401 				ktrsyscall((struct ktr_syscall *)m, sv_flags);
402 			break;
403 		case KTR_SYSRET:
404 #if defined(__amd64__) || defined(__i386__)
405 			if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX)
406 				linux_ktrsysret((struct ktr_sysret *)m);
407 			else
408 #endif
409 				ktrsysret((struct ktr_sysret *)m, sv_flags);
410 			break;
411 		case KTR_NAMEI:
412 		case KTR_SYSCTL:
413 			ktrnamei(m, ktrlen);
414 			break;
415 		case KTR_GENIO:
416 			ktrgenio((struct ktr_genio *)m, ktrlen);
417 			break;
418 		case KTR_PSIG:
419 			ktrpsig((struct ktr_psig *)m);
420 			break;
421 		case KTR_CSW:
422 			if (ktrlen == sizeof(struct ktr_csw_old))
423 				ktrcsw_old((struct ktr_csw_old *)m);
424 			else
425 				ktrcsw((struct ktr_csw *)m);
426 			break;
427 		case KTR_USER:
428 			ktruser(ktrlen, m);
429 			break;
430 		case KTR_STRUCT:
431 			ktrstruct(m, ktrlen);
432 			break;
433 		case KTR_CAPFAIL:
434 			ktrcapfail((struct ktr_cap_fail *)m);
435 			break;
436 		case KTR_FAULT:
437 			ktrfault((struct ktr_fault *)m);
438 			break;
439 		case KTR_FAULTEND:
440 			ktrfaultend((struct ktr_faultend *)m);
441 			break;
442 		default:
443 			printf("\n");
444 			break;
445 		}
446 		if (tail)
447 			fflush(stdout);
448 	}
449 	return 0;
450 }
451 
452 void
453 limitfd(int fd)
454 {
455 	cap_rights_t rights;
456 	unsigned long cmd;
457 
458 	cap_rights_init(&rights, CAP_FSTAT);
459 	cmd = -1;
460 
461 	switch (fd) {
462 	case STDIN_FILENO:
463 		cap_rights_set(&rights, CAP_READ);
464 		break;
465 	case STDOUT_FILENO:
466 		cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
467 		cmd = TIOCGETA;	/* required by isatty(3) in printf(3) */
468 		break;
469 	case STDERR_FILENO:
470 		cap_rights_set(&rights, CAP_WRITE);
471 		if (!suppressdata) {
472 			cap_rights_set(&rights, CAP_IOCTL);
473 			cmd = TIOCGWINSZ;
474 		}
475 		break;
476 	default:
477 		abort();
478 	}
479 
480 	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
481 		err(1, "unable to limit rights for descriptor %d", fd);
482 	if (cmd != -1 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
483 		err(1, "unable to limit ioctls for descriptor %d", fd);
484 }
485 
486 int
487 fread_tail(void *buf, int size, int num)
488 {
489 	int i;
490 
491 	while ((i = fread(buf, size, num, stdin)) == 0 && tail) {
492 		sleep(1);
493 		clearerr(stdin);
494 	}
495 	return (i);
496 }
497 
498 int
499 fetchprocinfo(struct ktr_header *kth, u_int *flags)
500 {
501 	struct proc_info *pi;
502 
503 	switch (kth->ktr_type) {
504 	case KTR_PROCCTOR:
505 		TAILQ_FOREACH(pi, &trace_procs, info) {
506 			if (pi->pid == kth->ktr_pid) {
507 				TAILQ_REMOVE(&trace_procs, pi, info);
508 				break;
509 			}
510 		}
511 		pi = malloc(sizeof(struct proc_info));
512 		if (pi == NULL)
513 			errx(1, "%s", strerror(ENOMEM));
514 		pi->sv_flags = *flags;
515 		pi->pid = kth->ktr_pid;
516 		TAILQ_INSERT_TAIL(&trace_procs, pi, info);
517 		return (1);
518 
519 	case KTR_PROCDTOR:
520 		TAILQ_FOREACH(pi, &trace_procs, info) {
521 			if (pi->pid == kth->ktr_pid) {
522 				TAILQ_REMOVE(&trace_procs, pi, info);
523 				free(pi);
524 				break;
525 			}
526 		}
527 		return (1);
528 	}
529 
530 	return (0);
531 }
532 
533 u_int
534 abidump(struct ktr_header *kth)
535 {
536 	struct proc_info *pi;
537 	const char *abi;
538 	const char *arch;
539 	u_int flags = 0;
540 
541 	TAILQ_FOREACH(pi, &trace_procs, info) {
542 		if (pi->pid == kth->ktr_pid) {
543 			flags = pi->sv_flags;
544 			break;
545 		}
546 	}
547 
548 	if (abiflag == 0)
549 		return (flags);
550 
551 	switch (flags & SV_ABI_MASK) {
552 	case SV_ABI_LINUX:
553 		abi = "L";
554 		break;
555 	case SV_ABI_FREEBSD:
556 		abi = "F";
557 		break;
558 	default:
559 		abi = "U";
560 		break;
561 	}
562 
563 	if (flags != 0) {
564 		if (flags & SV_LP64)
565 			arch = "64";
566 		else
567 			arch = "32";
568 	} else
569 		arch = "00";
570 
571 	printf("%s%s  ", abi, arch);
572 
573 	return (flags);
574 }
575 
576 void
577 dumpheader(struct ktr_header *kth)
578 {
579 	static char unknown[64];
580 	static struct timeval prevtime, prevtime_e, temp;
581 	const char *type;
582 
583 	switch (kth->ktr_type) {
584 	case KTR_SYSCALL:
585 		type = "CALL";
586 		break;
587 	case KTR_SYSRET:
588 		type = "RET ";
589 		break;
590 	case KTR_NAMEI:
591 		type = "NAMI";
592 		break;
593 	case KTR_GENIO:
594 		type = "GIO ";
595 		break;
596 	case KTR_PSIG:
597 		type = "PSIG";
598 		break;
599 	case KTR_CSW:
600 		type = "CSW ";
601 		break;
602 	case KTR_USER:
603 		type = "USER";
604 		break;
605 	case KTR_STRUCT:
606 		type = "STRU";
607 		break;
608 	case KTR_SYSCTL:
609 		type = "SCTL";
610 		break;
611 	case KTR_PROCCTOR:
612 		/* FALLTHROUGH */
613 	case KTR_PROCDTOR:
614 		return;
615 	case KTR_CAPFAIL:
616 		type = "CAP ";
617 		break;
618 	case KTR_FAULT:
619 		type = "PFLT";
620 		break;
621 	case KTR_FAULTEND:
622 		type = "PRET";
623 		break;
624 	default:
625 		sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type);
626 		type = unknown;
627 	}
628 
629 	/*
630 	 * The ktr_tid field was previously the ktr_buffer field, which held
631 	 * the kernel pointer value for the buffer associated with data
632 	 * following the record header.  It now holds a threadid, but only
633 	 * for trace files after the change.  Older trace files still contain
634 	 * kernel pointers.  Detect this and suppress the results by printing
635 	 * negative tid's as 0.
636 	 */
637 	if (threads)
638 		printf("%6jd %6jd %-8.*s ", (intmax_t)kth->ktr_pid,
639 		    kth->ktr_tid > 0 ? (intmax_t)kth->ktr_tid : 0,
640 		    MAXCOMLEN, kth->ktr_comm);
641 	else
642 		printf("%6jd %-8.*s ", (intmax_t)kth->ktr_pid, MAXCOMLEN,
643 		    kth->ktr_comm);
644         if (timestamp) {
645 		if (timestamp & TIMESTAMP_ABSOLUTE) {
646 			printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
647 			    kth->ktr_time.tv_usec);
648 		}
649 		if (timestamp & TIMESTAMP_ELAPSED) {
650 			if (prevtime_e.tv_sec == 0)
651 				prevtime_e = kth->ktr_time;
652 			timevalsub(&kth->ktr_time, &prevtime_e);
653 			printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
654 			    kth->ktr_time.tv_usec);
655 			timevaladd(&kth->ktr_time, &prevtime_e);
656 		}
657 		if (timestamp & TIMESTAMP_RELATIVE) {
658 			temp = kth->ktr_time;
659 			timevalsub(&kth->ktr_time, &prevtime);
660 			prevtime = temp;
661 			printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
662 			    kth->ktr_time.tv_usec);
663 		}
664 	}
665 	printf("%s  ", type);
666 }
667 
668 #include <sys/syscall.h>
669 #define KTRACE
670 #include <sys/kern/syscalls.c>
671 #undef KTRACE
672 int nsyscalls = sizeof (syscallnames) / sizeof (syscallnames[0]);
673 
674 void
675 ktrsyscall(struct ktr_syscall *ktr, u_int flags)
676 {
677 	int narg = ktr->ktr_narg;
678 	register_t *ip;
679 	intmax_t arg;
680 
681 	if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) ||
682 	    (ktr->ktr_code >= nsyscalls || ktr->ktr_code < 0))
683 		printf("[%d]", ktr->ktr_code);
684 	else {
685 		printf("%s", syscallnames[ktr->ktr_code]);
686 		if (syscallno)
687 			printf("[%d]", ktr->ktr_code);
688 	}
689 	ip = &ktr->ktr_args[0];
690 	if (narg) {
691 		char c = '(';
692 		if (fancy &&
693 		    (flags == 0 || (flags & SV_ABI_MASK) == SV_ABI_FREEBSD)) {
694 			switch (ktr->ktr_code) {
695 			case SYS_bindat:
696 			case SYS_connectat:
697 			case SYS_faccessat:
698 			case SYS_fchmodat:
699 			case SYS_fchownat:
700 			case SYS_fstatat:
701 			case SYS_futimesat:
702 			case SYS_linkat:
703 			case SYS_mkdirat:
704 			case SYS_mkfifoat:
705 			case SYS_mknodat:
706 			case SYS_openat:
707 			case SYS_readlinkat:
708 			case SYS_renameat:
709 			case SYS_unlinkat:
710 				putchar('(');
711 				atfdname(*ip, decimal);
712 				c = ',';
713 				ip++;
714 				narg--;
715 				break;
716 			}
717 			switch (ktr->ktr_code) {
718 			case SYS_ioctl: {
719 				print_number(ip, narg, c);
720 				putchar(c);
721 				ioctlname(*ip, decimal);
722 				c = ',';
723 				ip++;
724 				narg--;
725 				break;
726 			}
727 			case SYS_ptrace:
728 				putchar('(');
729 				ptraceopname(*ip);
730 				c = ',';
731 				ip++;
732 				narg--;
733 				break;
734 			case SYS_access:
735 			case SYS_eaccess:
736 			case SYS_faccessat:
737 				print_number(ip, narg, c);
738 				putchar(',');
739 				accessmodename(*ip);
740 				ip++;
741 				narg--;
742 				break;
743 			case SYS_open:
744 			case SYS_openat:
745 				print_number(ip, narg, c);
746 				putchar(',');
747 				flagsandmodename(ip[0], ip[1], decimal);
748 				ip += 2;
749 				narg -= 2;
750 				break;
751 			case SYS_wait4:
752 				print_number(ip, narg, c);
753 				print_number(ip, narg, c);
754 				/*
755 				 * A flags value of zero is valid for
756 				 * wait4() but not for wait6(), so
757 				 * handle zero special here.
758 				 */
759 				if (*ip == 0) {
760 					print_number(ip, narg, c);
761 				} else {
762 					putchar(',');
763 					wait6optname(*ip);
764 					ip++;
765 					narg--;
766 				}
767 				break;
768 			case SYS_wait6:
769 				putchar('(');
770 				idtypename(*ip, decimal);
771 				c = ',';
772 				ip++;
773 				narg--;
774 				print_number(ip, narg, c);
775 				print_number(ip, narg, c);
776 				putchar(',');
777 				wait6optname(*ip);
778 				ip++;
779 				narg--;
780 				break;
781 			case SYS_chmod:
782 			case SYS_fchmod:
783 			case SYS_lchmod:
784 				print_number(ip, narg, c);
785 				putchar(',');
786 				modename(*ip);
787 				ip++;
788 				narg--;
789 				break;
790 			case SYS_mknod:
791 			case SYS_mknodat:
792 				print_number(ip, narg, c);
793 				putchar(',');
794 				modename(*ip);
795 				ip++;
796 				narg--;
797 				break;
798 			case SYS_getfsstat:
799 				print_number(ip, narg, c);
800 				print_number(ip, narg, c);
801 				putchar(',');
802 				getfsstatflagsname(*ip);
803 				ip++;
804 				narg--;
805 				break;
806 			case SYS_mount:
807 				print_number(ip, narg, c);
808 				print_number(ip, narg, c);
809 				putchar(',');
810 				mountflagsname(*ip);
811 				ip++;
812 				narg--;
813 				break;
814 			case SYS_unmount:
815 				print_number(ip, narg, c);
816 				putchar(',');
817 				mountflagsname(*ip);
818 				ip++;
819 				narg--;
820 				break;
821 			case SYS_recvmsg:
822 			case SYS_sendmsg:
823 				print_number(ip, narg, c);
824 				print_number(ip, narg, c);
825 				putchar(',');
826 				sendrecvflagsname(*ip);
827 				ip++;
828 				narg--;
829 				break;
830 			case SYS_recvfrom:
831 			case SYS_sendto:
832 				print_number(ip, narg, c);
833 				print_number(ip, narg, c);
834 				print_number(ip, narg, c);
835 				putchar(',');
836 				sendrecvflagsname(*ip);
837 				ip++;
838 				narg--;
839 				break;
840 			case SYS_chflags:
841 			case SYS_fchflags:
842 			case SYS_lchflags:
843 				print_number(ip, narg, c);
844 				putchar(',');
845 				modename(*ip);
846 				ip++;
847 				narg--;
848 				break;
849 			case SYS_kill:
850 				print_number(ip, narg, c);
851 				putchar(',');
852 				signame(*ip);
853 				ip++;
854 				narg--;
855 				break;
856 			case SYS_reboot:
857 				putchar('(');
858 				rebootoptname(*ip);
859 				ip++;
860 				narg--;
861 				break;
862 			case SYS_umask:
863 				putchar('(');
864 				modename(*ip);
865 				ip++;
866 				narg--;
867 				break;
868 			case SYS_msync:
869 				print_number(ip, narg, c);
870 				print_number(ip, narg, c);
871 				putchar(',');
872 				msyncflagsname(*ip);
873 				ip++;
874 				narg--;
875 				break;
876 #ifdef SYS_freebsd6_mmap
877 			case SYS_freebsd6_mmap:
878 				print_number(ip, narg, c);
879 				print_number(ip, narg, c);
880 				putchar(',');
881 				mmapprotname(*ip);
882 				putchar(',');
883 				ip++;
884 				narg--;
885 				mmapflagsname(*ip);
886 				ip++;
887 				narg--;
888 				break;
889 #endif
890 			case SYS_mmap:
891 				print_number(ip, narg, c);
892 				print_number(ip, narg, c);
893 				putchar(',');
894 				mmapprotname(*ip);
895 				putchar(',');
896 				ip++;
897 				narg--;
898 				mmapflagsname(*ip);
899 				ip++;
900 				narg--;
901 				break;
902 			case SYS_mprotect:
903 				print_number(ip, narg, c);
904 				print_number(ip, narg, c);
905 				putchar(',');
906 				mmapprotname(*ip);
907 				ip++;
908 				narg--;
909 				break;
910 			case SYS_madvise:
911 				print_number(ip, narg, c);
912 				print_number(ip, narg, c);
913 				putchar(',');
914 				madvisebehavname(*ip);
915 				ip++;
916 				narg--;
917 				break;
918 			case SYS_setpriority:
919 				print_number(ip, narg, c);
920 				print_number(ip, narg, c);
921 				putchar(',');
922 				prioname(*ip);
923 				ip++;
924 				narg--;
925 				break;
926 			case SYS_fcntl:
927 				print_number(ip, narg, c);
928 				putchar(',');
929 				fcntlcmdname(ip[0], ip[1], decimal);
930 				ip += 2;
931 				narg -= 2;
932 				break;
933 			case SYS_socket: {
934 				int sockdomain;
935 				putchar('(');
936 				sockdomain = *ip;
937 				sockdomainname(sockdomain);
938 				ip++;
939 				narg--;
940 				putchar(',');
941 				socktypenamewithflags(*ip);
942 				ip++;
943 				narg--;
944 				if (sockdomain == PF_INET ||
945 				    sockdomain == PF_INET6) {
946 					putchar(',');
947 					sockipprotoname(*ip);
948 					ip++;
949 					narg--;
950 				}
951 				c = ',';
952 				break;
953 			}
954 			case SYS_setsockopt:
955 			case SYS_getsockopt:
956 				print_number(ip, narg, c);
957 				putchar(',');
958 				sockoptlevelname(*ip, decimal);
959 				if (*ip == SOL_SOCKET) {
960 					ip++;
961 					narg--;
962 					putchar(',');
963 					sockoptname(*ip);
964 				}
965 				ip++;
966 				narg--;
967 				break;
968 #ifdef SYS_freebsd6_lseek
969 			case SYS_freebsd6_lseek:
970 				print_number(ip, narg, c);
971 				/* Hidden 'pad' argument, not in lseek(2) */
972 				print_number(ip, narg, c);
973 				print_number(ip, narg, c);
974 				putchar(',');
975 				whencename(*ip);
976 				ip++;
977 				narg--;
978 				break;
979 #endif
980 			case SYS_lseek:
981 				print_number(ip, narg, c);
982 				/* Hidden 'pad' argument, not in lseek(2) */
983 				print_number(ip, narg, c);
984 				putchar(',');
985 				whencename(*ip);
986 				ip++;
987 				narg--;
988 				break;
989 			case SYS_flock:
990 				print_number(ip, narg, c);
991 				putchar(',');
992 				flockname(*ip);
993 				ip++;
994 				narg--;
995 				break;
996 			case SYS_mkfifo:
997 			case SYS_mkfifoat:
998 			case SYS_mkdir:
999 			case SYS_mkdirat:
1000 				print_number(ip, narg, c);
1001 				putchar(',');
1002 				modename(*ip);
1003 				ip++;
1004 				narg--;
1005 				break;
1006 			case SYS_shutdown:
1007 				print_number(ip, narg, c);
1008 				putchar(',');
1009 				shutdownhowname(*ip);
1010 				ip++;
1011 				narg--;
1012 				break;
1013 			case SYS_socketpair:
1014 				putchar('(');
1015 				sockdomainname(*ip);
1016 				ip++;
1017 				narg--;
1018 				putchar(',');
1019 				socktypenamewithflags(*ip);
1020 				ip++;
1021 				narg--;
1022 				c = ',';
1023 				break;
1024 			case SYS_getrlimit:
1025 			case SYS_setrlimit:
1026 				putchar('(');
1027 				rlimitname(*ip);
1028 				ip++;
1029 				narg--;
1030 				c = ',';
1031 				break;
1032 			case SYS_quotactl:
1033 				print_number(ip, narg, c);
1034 				putchar(',');
1035 				quotactlname(*ip);
1036 				ip++;
1037 				narg--;
1038 				c = ',';
1039 				break;
1040 			case SYS_nfssvc:
1041 				putchar('(');
1042 				nfssvcname(*ip);
1043 				ip++;
1044 				narg--;
1045 				c = ',';
1046 				break;
1047 			case SYS_rtprio:
1048 				putchar('(');
1049 				rtprioname(*ip);
1050 				ip++;
1051 				narg--;
1052 				c = ',';
1053 				break;
1054 			case SYS___semctl:
1055 				print_number(ip, narg, c);
1056 				print_number(ip, narg, c);
1057 				putchar(',');
1058 				semctlname(*ip);
1059 				ip++;
1060 				narg--;
1061 				break;
1062 			case SYS_semget:
1063 				print_number(ip, narg, c);
1064 				print_number(ip, narg, c);
1065 				putchar(',');
1066 				semgetname(*ip);
1067 				ip++;
1068 				narg--;
1069 				break;
1070 			case SYS_msgctl:
1071 				print_number(ip, narg, c);
1072 				putchar(',');
1073 				shmctlname(*ip);
1074 				ip++;
1075 				narg--;
1076 				break;
1077 			case SYS_shmat:
1078 				print_number(ip, narg, c);
1079 				print_number(ip, narg, c);
1080 				putchar(',');
1081 				shmatname(*ip);
1082 				ip++;
1083 				narg--;
1084 				break;
1085 			case SYS_shmctl:
1086 				print_number(ip, narg, c);
1087 				putchar(',');
1088 				shmctlname(*ip);
1089 				ip++;
1090 				narg--;
1091 				break;
1092 			case SYS_shm_open:
1093 				print_number(ip, narg, c);
1094 				putchar(',');
1095 				flagsname(ip[0]);
1096 				printf(",0%o", ip[1]);
1097 				ip += 3;
1098 				narg -= 3;
1099 				break;
1100 			case SYS_minherit:
1101 				print_number(ip, narg, c);
1102 				print_number(ip, narg, c);
1103 				putchar(',');
1104 				minheritname(*ip);
1105 				ip++;
1106 				narg--;
1107 				break;
1108 			case SYS_rfork:
1109 				putchar('(');
1110 				rforkname(*ip);
1111 				ip++;
1112 				narg--;
1113 				c = ',';
1114 				break;
1115 			case SYS_lio_listio:
1116 				putchar('(');
1117 				lio_listioname(*ip);
1118 				ip++;
1119 				narg--;
1120 				c = ',';
1121 				break;
1122 			case SYS_mlockall:
1123 				putchar('(');
1124 				mlockallname(*ip);
1125 				ip++;
1126 				narg--;
1127 				break;
1128 			case SYS_sched_setscheduler:
1129 				print_number(ip, narg, c);
1130 				putchar(',');
1131 				schedpolicyname(*ip);
1132 				ip++;
1133 				narg--;
1134 				break;
1135 			case SYS_sched_get_priority_max:
1136 			case SYS_sched_get_priority_min:
1137 				putchar('(');
1138 				schedpolicyname(*ip);
1139 				ip++;
1140 				narg--;
1141 				break;
1142 			case SYS_sendfile:
1143 				print_number(ip, narg, c);
1144 				print_number(ip, narg, c);
1145 				print_number(ip, narg, c);
1146 				print_number(ip, narg, c);
1147 				print_number(ip, narg, c);
1148 				print_number(ip, narg, c);
1149 				putchar(',');
1150 				sendfileflagsname(*ip);
1151 				ip++;
1152 				narg--;
1153 				break;
1154 			case SYS_kldsym:
1155 				print_number(ip, narg, c);
1156 				putchar(',');
1157 				kldsymcmdname(*ip);
1158 				ip++;
1159 				narg--;
1160 				break;
1161 			case SYS_sigprocmask:
1162 				putchar('(');
1163 				sigprocmaskhowname(*ip);
1164 				ip++;
1165 				narg--;
1166 				c = ',';
1167 				break;
1168 			case SYS___acl_get_file:
1169 			case SYS___acl_set_file:
1170 			case SYS___acl_get_fd:
1171 			case SYS___acl_set_fd:
1172 			case SYS___acl_delete_file:
1173 			case SYS___acl_delete_fd:
1174 			case SYS___acl_aclcheck_file:
1175 			case SYS___acl_aclcheck_fd:
1176 			case SYS___acl_get_link:
1177 			case SYS___acl_set_link:
1178 			case SYS___acl_delete_link:
1179 			case SYS___acl_aclcheck_link:
1180 				print_number(ip, narg, c);
1181 				putchar(',');
1182 				acltypename(*ip);
1183 				ip++;
1184 				narg--;
1185 				break;
1186 			case SYS_sigaction:
1187 				putchar('(');
1188 				signame(*ip);
1189 				ip++;
1190 				narg--;
1191 				c = ',';
1192 				break;
1193 			case SYS_extattrctl:
1194 				print_number(ip, narg, c);
1195 				putchar(',');
1196 				extattrctlname(*ip);
1197 				ip++;
1198 				narg--;
1199 				break;
1200 			case SYS_nmount:
1201 				print_number(ip, narg, c);
1202 				print_number(ip, narg, c);
1203 				putchar(',');
1204 				mountflagsname(*ip);
1205 				ip++;
1206 				narg--;
1207 				break;
1208 			case SYS_thr_create:
1209 				print_number(ip, narg, c);
1210 				print_number(ip, narg, c);
1211 				putchar(',');
1212 				thrcreateflagsname(*ip);
1213 				ip++;
1214 				narg--;
1215 				break;
1216 			case SYS_thr_kill:
1217 				print_number(ip, narg, c);
1218 				putchar(',');
1219 				signame(*ip);
1220 				ip++;
1221 				narg--;
1222 				break;
1223 			case SYS_kldunloadf:
1224 				print_number(ip, narg, c);
1225 				putchar(',');
1226 				kldunloadfflagsname(*ip);
1227 				ip++;
1228 				narg--;
1229 				break;
1230 			case SYS_linkat:
1231 			case SYS_renameat:
1232 			case SYS_symlinkat:
1233 				print_number(ip, narg, c);
1234 				putchar(',');
1235 				atfdname(*ip, decimal);
1236 				ip++;
1237 				narg--;
1238 				break;
1239 			case SYS_cap_fcntls_limit:
1240 				print_number(ip, narg, c);
1241 				putchar(',');
1242 				arg = *ip;
1243 				ip++;
1244 				narg--;
1245 				capfcntlname(arg);
1246 				break;
1247 			case SYS_posix_fadvise:
1248 				print_number(ip, narg, c);
1249 				print_number(ip, narg, c);
1250 				print_number(ip, narg, c);
1251 				(void)putchar(',');
1252 				fadvisebehavname((int)*ip);
1253 				ip++;
1254 				narg--;
1255 				break;
1256 			case SYS_procctl:
1257 				putchar('(');
1258 				idtypename(*ip, decimal);
1259 				c = ',';
1260 				ip++;
1261 				narg--;
1262 				print_number(ip, narg, c);
1263 				putchar(',');
1264 				procctlcmdname(*ip);
1265 				ip++;
1266 				narg--;
1267 				break;
1268 			}
1269 		}
1270 		while (narg > 0) {
1271 			print_number(ip, narg, c);
1272 		}
1273 		putchar(')');
1274 	}
1275 	putchar('\n');
1276 }
1277 
1278 void
1279 ktrsysret(struct ktr_sysret *ktr, u_int flags)
1280 {
1281 	register_t ret = ktr->ktr_retval;
1282 	int error = ktr->ktr_error;
1283 	int code = ktr->ktr_code;
1284 
1285 	if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) ||
1286 	    (code >= nsyscalls || code < 0))
1287 		printf("[%d] ", code);
1288 	else {
1289 		printf("%s", syscallnames[code]);
1290 		if (syscallno)
1291 			printf("[%d]", code);
1292 		printf(" ");
1293 	}
1294 
1295 	if (error == 0) {
1296 		if (fancy) {
1297 			printf("%ld", (long)ret);
1298 			if (ret < 0 || ret > 9)
1299 				printf("/%#lx", (unsigned long)ret);
1300 		} else {
1301 			if (decimal)
1302 				printf("%ld", (long)ret);
1303 			else
1304 				printf("%#lx", (unsigned long)ret);
1305 		}
1306 	} else if (error == ERESTART)
1307 		printf("RESTART");
1308 	else if (error == EJUSTRETURN)
1309 		printf("JUSTRETURN");
1310 	else {
1311 		printf("-1 errno %d", ktr->ktr_error);
1312 		if (fancy)
1313 			printf(" %s", strerror(ktr->ktr_error));
1314 	}
1315 	putchar('\n');
1316 }
1317 
1318 void
1319 ktrnamei(char *cp, int len)
1320 {
1321 	printf("\"%.*s\"\n", len, cp);
1322 }
1323 
1324 void
1325 hexdump(char *p, int len, int screenwidth)
1326 {
1327 	int n, i;
1328 	int width;
1329 
1330 	width = 0;
1331 	do {
1332 		width += 2;
1333 		i = 13;			/* base offset */
1334 		i += (width / 2) + 1;	/* spaces every second byte */
1335 		i += (width * 2);	/* width of bytes */
1336 		i += 3;			/* "  |" */
1337 		i += width;		/* each byte */
1338 		i += 1;			/* "|" */
1339 	} while (i < screenwidth);
1340 	width -= 2;
1341 
1342 	for (n = 0; n < len; n += width) {
1343 		for (i = n; i < n + width; i++) {
1344 			if ((i % width) == 0) {	/* beginning of line */
1345 				printf("       0x%04x", i);
1346 			}
1347 			if ((i % 2) == 0) {
1348 				printf(" ");
1349 			}
1350 			if (i < len)
1351 				printf("%02x", p[i] & 0xff);
1352 			else
1353 				printf("  ");
1354 		}
1355 		printf("  |");
1356 		for (i = n; i < n + width; i++) {
1357 			if (i >= len)
1358 				break;
1359 			if (p[i] >= ' ' && p[i] <= '~')
1360 				printf("%c", p[i]);
1361 			else
1362 				printf(".");
1363 		}
1364 		printf("|\n");
1365 	}
1366 	if ((i % width) != 0)
1367 		printf("\n");
1368 }
1369 
1370 void
1371 visdump(char *dp, int datalen, int screenwidth)
1372 {
1373 	int col = 0;
1374 	char *cp;
1375 	int width;
1376 	char visbuf[5];
1377 
1378 	printf("       \"");
1379 	col = 8;
1380 	for (;datalen > 0; datalen--, dp++) {
1381 		 vis(visbuf, *dp, VIS_CSTYLE, *(dp+1));
1382 		cp = visbuf;
1383 		/*
1384 		 * Keep track of printables and
1385 		 * space chars (like fold(1)).
1386 		 */
1387 		if (col == 0) {
1388 			putchar('\t');
1389 			col = 8;
1390 		}
1391 		switch(*cp) {
1392 		case '\n':
1393 			col = 0;
1394 			putchar('\n');
1395 			continue;
1396 		case '\t':
1397 			width = 8 - (col&07);
1398 			break;
1399 		default:
1400 			width = strlen(cp);
1401 		}
1402 		if (col + width > (screenwidth-2)) {
1403 			printf("\\\n\t");
1404 			col = 8;
1405 		}
1406 		col += width;
1407 		do {
1408 			putchar(*cp++);
1409 		} while (*cp);
1410 	}
1411 	if (col == 0)
1412 		printf("       ");
1413 	printf("\"\n");
1414 }
1415 
1416 void
1417 ktrgenio(struct ktr_genio *ktr, int len)
1418 {
1419 	int datalen = len - sizeof (struct ktr_genio);
1420 	char *dp = (char *)ktr + sizeof (struct ktr_genio);
1421 	static int screenwidth = 0;
1422 	int i, binary;
1423 
1424 	printf("fd %d %s %d byte%s\n", ktr->ktr_fd,
1425 		ktr->ktr_rw == UIO_READ ? "read" : "wrote", datalen,
1426 		datalen == 1 ? "" : "s");
1427 	if (suppressdata)
1428 		return;
1429 	if (screenwidth == 0) {
1430 		struct winsize ws;
1431 
1432 		if (fancy && ioctl(fileno(stderr), TIOCGWINSZ, &ws) != -1 &&
1433 		    ws.ws_col > 8)
1434 			screenwidth = ws.ws_col;
1435 		else
1436 			screenwidth = 80;
1437 	}
1438 	if (maxdata && datalen > maxdata)
1439 		datalen = maxdata;
1440 
1441 	for (i = 0, binary = 0; i < datalen && binary == 0; i++)  {
1442 		if (dp[i] >= 32 && dp[i] < 127)
1443 			continue;
1444 		if (dp[i] == 10 || dp[i] == 13 || dp[i] == 0 || dp[i] == 9)
1445 			continue;
1446 		binary = 1;
1447 	}
1448 	if (binary)
1449 		hexdump(dp, datalen, screenwidth);
1450 	else
1451 		visdump(dp, datalen, screenwidth);
1452 }
1453 
1454 const char *signames[] = {
1455 	"NULL", "HUP", "INT", "QUIT", "ILL", "TRAP", "IOT",	/*  1 - 6  */
1456 	"EMT", "FPE", "KILL", "BUS", "SEGV", "SYS",		/*  7 - 12 */
1457 	"PIPE", "ALRM",  "TERM", "URG", "STOP", "TSTP",		/* 13 - 18 */
1458 	"CONT", "CHLD", "TTIN", "TTOU", "IO", "XCPU",		/* 19 - 24 */
1459 	"XFSZ", "VTALRM", "PROF", "WINCH", "29", "USR1",	/* 25 - 30 */
1460 	"USR2", NULL,						/* 31 - 32 */
1461 };
1462 
1463 void
1464 ktrpsig(struct ktr_psig *psig)
1465 {
1466 	if (psig->signo > 0 && psig->signo < NSIG)
1467 		printf("SIG%s ", signames[psig->signo]);
1468 	else
1469 		printf("SIG %d ", psig->signo);
1470 	if (psig->action == SIG_DFL) {
1471 		printf("SIG_DFL code=");
1472 		sigcodename(psig->signo, psig->code);
1473 		putchar('\n');
1474 	} else {
1475 		printf("caught handler=0x%lx mask=0x%x code=",
1476 		    (u_long)psig->action, psig->mask.__bits[0]);
1477 		sigcodename(psig->signo, psig->code);
1478 		putchar('\n');
1479 	}
1480 }
1481 
1482 void
1483 ktrcsw_old(struct ktr_csw_old *cs)
1484 {
1485 	printf("%s %s\n", cs->out ? "stop" : "resume",
1486 		cs->user ? "user" : "kernel");
1487 }
1488 
1489 void
1490 ktrcsw(struct ktr_csw *cs)
1491 {
1492 	printf("%s %s \"%s\"\n", cs->out ? "stop" : "resume",
1493 	    cs->user ? "user" : "kernel", cs->wmesg);
1494 }
1495 
1496 #define	UTRACE_DLOPEN_START		1
1497 #define	UTRACE_DLOPEN_STOP		2
1498 #define	UTRACE_DLCLOSE_START		3
1499 #define	UTRACE_DLCLOSE_STOP		4
1500 #define	UTRACE_LOAD_OBJECT		5
1501 #define	UTRACE_UNLOAD_OBJECT		6
1502 #define	UTRACE_ADD_RUNDEP		7
1503 #define	UTRACE_PRELOAD_FINISHED		8
1504 #define	UTRACE_INIT_CALL		9
1505 #define	UTRACE_FINI_CALL		10
1506 
1507 struct utrace_rtld {
1508 	char sig[4];				/* 'RTLD' */
1509 	int event;
1510 	void *handle;
1511 	void *mapbase;
1512 	size_t mapsize;
1513 	int refcnt;
1514 	char name[MAXPATHLEN];
1515 };
1516 
1517 void
1518 ktruser_rtld(int len, unsigned char *p)
1519 {
1520 	struct utrace_rtld *ut = (struct utrace_rtld *)p;
1521 	void *parent;
1522 	int mode;
1523 
1524 	switch (ut->event) {
1525 	case UTRACE_DLOPEN_START:
1526 		mode = ut->refcnt;
1527 		printf("dlopen(%s, ", ut->name);
1528 		switch (mode & RTLD_MODEMASK) {
1529 		case RTLD_NOW:
1530 			printf("RTLD_NOW");
1531 			break;
1532 		case RTLD_LAZY:
1533 			printf("RTLD_LAZY");
1534 			break;
1535 		default:
1536 			printf("%#x", mode & RTLD_MODEMASK);
1537 		}
1538 		if (mode & RTLD_GLOBAL)
1539 			printf(" | RTLD_GLOBAL");
1540 		if (mode & RTLD_TRACE)
1541 			printf(" | RTLD_TRACE");
1542 		if (mode & ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE))
1543 			printf(" | %#x", mode &
1544 			    ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE));
1545 		printf(")\n");
1546 		break;
1547 	case UTRACE_DLOPEN_STOP:
1548 		printf("%p = dlopen(%s) ref %d\n", ut->handle, ut->name,
1549 		    ut->refcnt);
1550 		break;
1551 	case UTRACE_DLCLOSE_START:
1552 		printf("dlclose(%p) (%s, %d)\n", ut->handle, ut->name,
1553 		    ut->refcnt);
1554 		break;
1555 	case UTRACE_DLCLOSE_STOP:
1556 		printf("dlclose(%p) finished\n", ut->handle);
1557 		break;
1558 	case UTRACE_LOAD_OBJECT:
1559 		printf("RTLD: loaded   %p @ %p - %p (%s)\n", ut->handle,
1560 		    ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1,
1561 		    ut->name);
1562 		break;
1563 	case UTRACE_UNLOAD_OBJECT:
1564 		printf("RTLD: unloaded %p @ %p - %p (%s)\n", ut->handle,
1565 		    ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1,
1566 		    ut->name);
1567 		break;
1568 	case UTRACE_ADD_RUNDEP:
1569 		parent = ut->mapbase;
1570 		printf("RTLD: %p now depends on %p (%s, %d)\n", parent,
1571 		    ut->handle, ut->name, ut->refcnt);
1572 		break;
1573 	case UTRACE_PRELOAD_FINISHED:
1574 		printf("RTLD: LD_PRELOAD finished\n");
1575 		break;
1576 	case UTRACE_INIT_CALL:
1577 		printf("RTLD: init %p for %p (%s)\n", ut->mapbase, ut->handle,
1578 		    ut->name);
1579 		break;
1580 	case UTRACE_FINI_CALL:
1581 		printf("RTLD: fini %p for %p (%s)\n", ut->mapbase, ut->handle,
1582 		    ut->name);
1583 		break;
1584 	default:
1585 		p += 4;
1586 		len -= 4;
1587 		printf("RTLD: %d ", len);
1588 		while (len--)
1589 			if (decimal)
1590 				printf(" %d", *p++);
1591 			else
1592 				printf(" %02x", *p++);
1593 		printf("\n");
1594 	}
1595 }
1596 
1597 struct utrace_malloc {
1598 	void *p;
1599 	size_t s;
1600 	void *r;
1601 };
1602 
1603 void
1604 ktruser_malloc(unsigned char *p)
1605 {
1606 	struct utrace_malloc *ut = (struct utrace_malloc *)p;
1607 
1608 	if (ut->p == (void *)(intptr_t)(-1))
1609 		printf("malloc_init()\n");
1610 	else if (ut->s == 0)
1611 		printf("free(%p)\n", ut->p);
1612 	else if (ut->p == NULL)
1613 		printf("%p = malloc(%zu)\n", ut->r, ut->s);
1614 	else
1615 		printf("%p = realloc(%p, %zu)\n", ut->r, ut->p, ut->s);
1616 }
1617 
1618 void
1619 ktruser(int len, unsigned char *p)
1620 {
1621 
1622 	if (len >= 8 && bcmp(p, "RTLD", 4) == 0) {
1623 		ktruser_rtld(len, p);
1624 		return;
1625 	}
1626 
1627 	if (len == sizeof(struct utrace_malloc)) {
1628 		ktruser_malloc(p);
1629 		return;
1630 	}
1631 
1632 	printf("%d ", len);
1633 	while (len--)
1634 		if (decimal)
1635 			printf(" %d", *p++);
1636 		else
1637 			printf(" %02x", *p++);
1638 	printf("\n");
1639 }
1640 
1641 void
1642 ktrcaprights(cap_rights_t *rightsp)
1643 {
1644 
1645 	printf("cap_rights_t ");
1646 	capname(rightsp);
1647 	printf("\n");
1648 }
1649 
1650 void
1651 ktrsockaddr(struct sockaddr *sa)
1652 {
1653 /*
1654  TODO: Support additional address families
1655 	#include <netnatm/natm.h>
1656 	struct sockaddr_natm	*natm;
1657 	#include <netsmb/netbios.h>
1658 	struct sockaddr_nb	*nb;
1659 */
1660 	char addr[64];
1661 
1662 	/*
1663 	 * note: ktrstruct() has already verified that sa points to a
1664 	 * buffer at least sizeof(struct sockaddr) bytes long and exactly
1665 	 * sa->sa_len bytes long.
1666 	 */
1667 	printf("struct sockaddr { ");
1668 	sockfamilyname(sa->sa_family);
1669 	printf(", ");
1670 
1671 #define check_sockaddr_len(n)					\
1672 	if (sa_##n.s##n##_len < sizeof(struct sockaddr_##n)) {	\
1673 		printf("invalid");				\
1674 		break;						\
1675 	}
1676 
1677 	switch(sa->sa_family) {
1678 	case AF_INET: {
1679 		struct sockaddr_in sa_in;
1680 
1681 		memset(&sa_in, 0, sizeof(sa_in));
1682 		memcpy(&sa_in, sa, sa->sa_len);
1683 		check_sockaddr_len(in);
1684 		inet_ntop(AF_INET, &sa_in.sin_addr, addr, sizeof addr);
1685 		printf("%s:%u", addr, ntohs(sa_in.sin_port));
1686 		break;
1687 	}
1688 	case AF_INET6: {
1689 		struct sockaddr_in6 sa_in6;
1690 
1691 		memset(&sa_in6, 0, sizeof(sa_in6));
1692 		memcpy(&sa_in6, sa, sa->sa_len);
1693 		check_sockaddr_len(in6);
1694 		getnameinfo((struct sockaddr *)&sa_in6, sizeof(sa_in6),
1695 		    addr, sizeof(addr), NULL, 0, NI_NUMERICHOST);
1696 		printf("[%s]:%u", addr, htons(sa_in6.sin6_port));
1697 		break;
1698 	}
1699 	case AF_UNIX: {
1700 		struct sockaddr_un sa_un;
1701 
1702 		memset(&sa_un, 0, sizeof(sa_un));
1703 		memcpy(&sa_un, sa, sa->sa_len);
1704 		printf("%.*s", (int)sizeof(sa_un.sun_path), sa_un.sun_path);
1705 		break;
1706 	}
1707 	default:
1708 		printf("unknown address family");
1709 	}
1710 	printf(" }\n");
1711 }
1712 
1713 void
1714 ktrstat(struct stat *statp)
1715 {
1716 	char mode[12], timestr[PATH_MAX + 4];
1717 	struct passwd *pwd;
1718 	struct group  *grp;
1719 	struct tm *tm;
1720 
1721 	/*
1722 	 * note: ktrstruct() has already verified that statp points to a
1723 	 * buffer exactly sizeof(struct stat) bytes long.
1724 	 */
1725 	printf("struct stat {");
1726 	printf("dev=%ju, ino=%ju, ",
1727 		(uintmax_t)statp->st_dev, (uintmax_t)statp->st_ino);
1728 	if (resolv == 0)
1729 		printf("mode=0%jo, ", (uintmax_t)statp->st_mode);
1730 	else {
1731 		strmode(statp->st_mode, mode);
1732 		printf("mode=%s, ", mode);
1733 	}
1734 	printf("nlink=%ju, ", (uintmax_t)statp->st_nlink);
1735 	if (resolv == 0) {
1736 		pwd = NULL;
1737 	} else {
1738 #ifdef HAVE_LIBCAPSICUM
1739 		if (cappwd != NULL)
1740 			pwd = cap_getpwuid(cappwd, statp->st_uid);
1741 		else
1742 #endif
1743 			pwd = getpwuid(statp->st_uid);
1744 	}
1745 	if (pwd == NULL)
1746 		printf("uid=%ju, ", (uintmax_t)statp->st_uid);
1747 	else
1748 		printf("uid=\"%s\", ", pwd->pw_name);
1749 	if (resolv == 0) {
1750 		grp = NULL;
1751 	} else {
1752 #ifdef HAVE_LIBCAPSICUM
1753 		if (capgrp != NULL)
1754 			grp = cap_getgrgid(capgrp, statp->st_gid);
1755 		else
1756 #endif
1757 			grp = getgrgid(statp->st_gid);
1758 	}
1759 	if (grp == NULL)
1760 		printf("gid=%ju, ", (uintmax_t)statp->st_gid);
1761 	else
1762 		printf("gid=\"%s\", ", grp->gr_name);
1763 	printf("rdev=%ju, ", (uintmax_t)statp->st_rdev);
1764 	printf("atime=");
1765 	if (resolv == 0)
1766 		printf("%jd", (intmax_t)statp->st_atim.tv_sec);
1767 	else {
1768 		tm = localtime(&statp->st_atim.tv_sec);
1769 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1770 		printf("\"%s\"", timestr);
1771 	}
1772 	if (statp->st_atim.tv_nsec != 0)
1773 		printf(".%09ld, ", statp->st_atim.tv_nsec);
1774 	else
1775 		printf(", ");
1776 	printf("stime=");
1777 	if (resolv == 0)
1778 		printf("%jd", (intmax_t)statp->st_mtim.tv_sec);
1779 	else {
1780 		tm = localtime(&statp->st_mtim.tv_sec);
1781 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1782 		printf("\"%s\"", timestr);
1783 	}
1784 	if (statp->st_mtim.tv_nsec != 0)
1785 		printf(".%09ld, ", statp->st_mtim.tv_nsec);
1786 	else
1787 		printf(", ");
1788 	printf("ctime=");
1789 	if (resolv == 0)
1790 		printf("%jd", (intmax_t)statp->st_ctim.tv_sec);
1791 	else {
1792 		tm = localtime(&statp->st_ctim.tv_sec);
1793 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1794 		printf("\"%s\"", timestr);
1795 	}
1796 	if (statp->st_ctim.tv_nsec != 0)
1797 		printf(".%09ld, ", statp->st_ctim.tv_nsec);
1798 	else
1799 		printf(", ");
1800 	printf("birthtime=");
1801 	if (resolv == 0)
1802 		printf("%jd", (intmax_t)statp->st_birthtim.tv_sec);
1803 	else {
1804 		tm = localtime(&statp->st_birthtim.tv_sec);
1805 		strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1806 		printf("\"%s\"", timestr);
1807 	}
1808 	if (statp->st_birthtim.tv_nsec != 0)
1809 		printf(".%09ld, ", statp->st_birthtim.tv_nsec);
1810 	else
1811 		printf(", ");
1812 	printf("size=%jd, blksize=%ju, blocks=%jd, flags=0x%x",
1813 		(uintmax_t)statp->st_size, (uintmax_t)statp->st_blksize,
1814 		(intmax_t)statp->st_blocks, statp->st_flags);
1815 	printf(" }\n");
1816 }
1817 
1818 void
1819 ktrstruct(char *buf, size_t buflen)
1820 {
1821 	char *name, *data;
1822 	size_t namelen, datalen;
1823 	int i;
1824 	cap_rights_t rights;
1825 	struct stat sb;
1826 	struct sockaddr_storage ss;
1827 
1828 	for (name = buf, namelen = 0;
1829 	     namelen < buflen && name[namelen] != '\0';
1830 	     ++namelen)
1831 		/* nothing */;
1832 	if (namelen == buflen)
1833 		goto invalid;
1834 	if (name[namelen] != '\0')
1835 		goto invalid;
1836 	data = buf + namelen + 1;
1837 	datalen = buflen - namelen - 1;
1838 	if (datalen == 0)
1839 		goto invalid;
1840 	/* sanity check */
1841 	for (i = 0; i < (int)namelen; ++i)
1842 		if (!isalpha(name[i]))
1843 			goto invalid;
1844 	if (strcmp(name, "caprights") == 0) {
1845 		if (datalen != sizeof(cap_rights_t))
1846 			goto invalid;
1847 		memcpy(&rights, data, datalen);
1848 		ktrcaprights(&rights);
1849 	} else if (strcmp(name, "stat") == 0) {
1850 		if (datalen != sizeof(struct stat))
1851 			goto invalid;
1852 		memcpy(&sb, data, datalen);
1853 		ktrstat(&sb);
1854 	} else if (strcmp(name, "sockaddr") == 0) {
1855 		if (datalen > sizeof(ss))
1856 			goto invalid;
1857 		memcpy(&ss, data, datalen);
1858 		if (datalen != ss.ss_len)
1859 			goto invalid;
1860 		ktrsockaddr((struct sockaddr *)&ss);
1861 	} else {
1862 		printf("unknown structure\n");
1863 	}
1864 	return;
1865 invalid:
1866 	printf("invalid record\n");
1867 }
1868 
1869 void
1870 ktrcapfail(struct ktr_cap_fail *ktr)
1871 {
1872 	switch (ktr->cap_type) {
1873 	case CAPFAIL_NOTCAPABLE:
1874 		/* operation on fd with insufficient capabilities */
1875 		printf("operation requires ");
1876 		capname(&ktr->cap_needed);
1877 		printf(", descriptor holds ");
1878 		capname(&ktr->cap_held);
1879 		break;
1880 	case CAPFAIL_INCREASE:
1881 		/* requested more capabilities than fd already has */
1882 		printf("attempt to increase capabilities from ");
1883 		capname(&ktr->cap_held);
1884 		printf(" to ");
1885 		capname(&ktr->cap_needed);
1886 		break;
1887 	case CAPFAIL_SYSCALL:
1888 		/* called restricted syscall */
1889 		printf("disallowed system call");
1890 		break;
1891 	case CAPFAIL_LOOKUP:
1892 		/* used ".." in strict-relative mode */
1893 		printf("restricted VFS lookup");
1894 		break;
1895 	default:
1896 		printf("unknown capability failure: ");
1897 		capname(&ktr->cap_needed);
1898 		printf(" ");
1899 		capname(&ktr->cap_held);
1900 		break;
1901 	}
1902 	printf("\n");
1903 }
1904 
1905 void
1906 ktrfault(struct ktr_fault *ktr)
1907 {
1908 
1909 	printf("0x%jx ", ktr->vaddr);
1910 	vmprotname(ktr->type);
1911 	printf("\n");
1912 }
1913 
1914 void
1915 ktrfaultend(struct ktr_faultend *ktr)
1916 {
1917 
1918 	vmresultname(ktr->result);
1919 	printf("\n");
1920 }
1921 
1922 #if defined(__amd64__) || defined(__i386__)
1923 void
1924 linux_ktrsyscall(struct ktr_syscall *ktr)
1925 {
1926 	int narg = ktr->ktr_narg;
1927 	register_t *ip;
1928 
1929 	if (ktr->ktr_code >= nlinux_syscalls || ktr->ktr_code < 0)
1930 		printf("[%d]", ktr->ktr_code);
1931 	else {
1932 		printf("%s", linux_syscallnames[ktr->ktr_code]);
1933 		if (syscallno)
1934 			printf("[%d]", ktr->ktr_code);
1935 	}
1936 	ip = &ktr->ktr_args[0];
1937 	if (narg) {
1938 		char c = '(';
1939 		while (narg > 0)
1940 			print_number(ip, narg, c);
1941 		putchar(')');
1942 	}
1943 	putchar('\n');
1944 }
1945 
1946 void
1947 linux_ktrsysret(struct ktr_sysret *ktr)
1948 {
1949 	register_t ret = ktr->ktr_retval;
1950 	int error = ktr->ktr_error;
1951 	int code = ktr->ktr_code;
1952 
1953 	if (code >= nlinux_syscalls || code < 0)
1954 		printf("[%d] ", code);
1955 	else {
1956 		printf("%s", linux_syscallnames[code]);
1957 		if (syscallno)
1958 			printf("[%d]", code);
1959 		printf(" ");
1960 	}
1961 
1962 	if (error == 0) {
1963 		if (fancy) {
1964 			printf("%ld", (long)ret);
1965 			if (ret < 0 || ret > 9)
1966 				printf("/%#lx", (unsigned long)ret);
1967 		} else {
1968 			if (decimal)
1969 				printf("%ld", (long)ret);
1970 			else
1971 				printf("%#lx", (unsigned long)ret);
1972 		}
1973 	} else if (error == ERESTART)
1974 		printf("RESTART");
1975 	else if (error == EJUSTRETURN)
1976 		printf("JUSTRETURN");
1977 	else {
1978 		if (ktr->ktr_error <= ELAST + 1)
1979 			error = abs(bsd_to_linux_errno[ktr->ktr_error]);
1980 		else
1981 			error = 999;
1982 		printf("-1 errno %d", error);
1983 		if (fancy)
1984 			printf(" %s", strerror(ktr->ktr_error));
1985 	}
1986 	putchar('\n');
1987 }
1988 #endif
1989 
1990 void
1991 usage(void)
1992 {
1993 	fprintf(stderr, "usage: kdump [-dEnlHRrSsTA] [-f trfile] "
1994 	    "[-m maxdata] [-p pid] [-t trstr]\n");
1995 	exit(1);
1996 }
1997