2 * Copyright (c) 1988, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * @(#)ktrace.h 8.1 (Berkeley) 6/2/93
33 #ifndef _SYS_KTRACE_H_
34 #define _SYS_KTRACE_H_
37 * operations to ktrace system call (KTROP(op))
39 #define KTROP_SET 0 /* set trace points */
40 #define KTROP_CLEAR 1 /* clear trace points */
41 #define KTROP_CLEARFILE 2 /* stop all tracing to file */
42 #define KTROP(o) ((o)&3) /* macro to extract operation */
44 * flags (ORed in with operation)
46 #define KTRFLAG_DESCEND 4 /* perform op on all children too */
49 * ktrace record header
52 int ktr_len; /* length of buf */
53 short ktr_type; /* trace record type */
54 pid_t ktr_pid; /* process id */
55 char ktr_comm[MAXCOMLEN + 1];/* command name */
56 struct timeval ktr_time; /* timestamp */
57 intptr_t ktr_tid; /* was ktr_buffer */
61 * Test for kernel trace point (MP SAFE).
63 * KTRCHECK() just checks that the type is enabled and is only for
64 * internal use in the ktrace subsystem. KTRPOINT() checks against
65 * ktrace recursion as well as checking that the type is enabled and
66 * is the public interface.
68 #define KTRCHECK(td, type) ((td)->td_proc->p_traceflag & (1 << type))
69 #define KTRPOINT(td, type) \
70 (KTRCHECK((td), (type)) && !((td)->td_pflags & TDP_INKTRACE))
71 #define KTRCHECKDRAIN(td) (!(STAILQ_EMPTY(&(td)->td_proc->p_ktr)))
72 #define KTRUSERRET(td) do { \
73 if (KTRCHECKDRAIN(td)) \
82 * KTR_SYSCALL - system call record
86 short ktr_code; /* syscall number */
87 short ktr_narg; /* number of arguments */
89 * followed by ktr_narg register_t
91 register_t ktr_args[1];
95 * KTR_SYSRET - return from system call record
102 register_t ktr_retval;
106 * KTR_NAMEI - namei record
109 /* record contains pathname */
112 * KTR_GENIO - trace generic process i/o
119 * followed by data successfully read/written
124 * KTR_PSIG - trace processed signal
135 * KTR_CSW - trace context switches
139 int out; /* 1 if switch out, 0 if switch in */
140 int user; /* 1 if usermode (ivcsw), 0 if kernel (vcsw) */
144 * KTR_USER - data coming from userland
146 #define KTR_USER_MAXLEN 2048 /* maximum length of passed data */
150 * KTR_STRUCT - misc. structs
154 * record contains null-terminated struct name followed by
162 * KTR_SYSCTL - name of a sysctl MIB
165 /* record contains null-terminated MIB name */
168 * KTR_PROCCTOR - trace process creation (multiple ABI support)
170 #define KTR_PROCCTOR 10
171 struct ktr_proc_ctor {
172 u_int sv_flags; /* struct sysentvec sv_flags copy */
176 * KTR_PROCDTOR - trace process destruction (multiple ABI support)
178 #define KTR_PROCDTOR 11
181 * KTR_DROP - If this bit is set in ktr_type, then at least one event
182 * between the previous record and this record was dropped.
184 #define KTR_DROP 0x8000
187 * kernel trace points (in p_traceflag)
189 #define KTRFAC_MASK 0x00ffffff
190 #define KTRFAC_SYSCALL (1<<KTR_SYSCALL)
191 #define KTRFAC_SYSRET (1<<KTR_SYSRET)
192 #define KTRFAC_NAMEI (1<<KTR_NAMEI)
193 #define KTRFAC_GENIO (1<<KTR_GENIO)
194 #define KTRFAC_PSIG (1<<KTR_PSIG)
195 #define KTRFAC_CSW (1<<KTR_CSW)
196 #define KTRFAC_USER (1<<KTR_USER)
197 #define KTRFAC_STRUCT (1<<KTR_STRUCT)
198 #define KTRFAC_SYSCTL (1<<KTR_SYSCTL)
199 #define KTRFAC_PROCCTOR (1<<KTR_PROCCTOR)
200 #define KTRFAC_PROCDTOR (1<<KTR_PROCDTOR)
203 * trace flags (also in p_traceflags)
205 #define KTRFAC_ROOT 0x80000000 /* root set this trace */
206 #define KTRFAC_INHERIT 0x40000000 /* pass trace flags to children */
207 #define KTRFAC_DROP 0x20000000 /* last event was dropped */
210 void ktrnamei(char *);
211 void ktrcsw(int, int);
212 void ktrpsig(int, sig_t, sigset_t *, int);
213 void ktrgenio(int, enum uio_rw, struct uio *, int);
214 void ktrsyscall(int, int narg, register_t args[]);
215 void ktrsysctl(int *name, u_int namelen);
216 void ktrsysret(int, int, register_t);
217 void ktrprocctor(struct proc *);
218 void ktrprocexec(struct proc *, struct ucred **, struct vnode **);
219 void ktrprocexit(struct thread *);
220 void ktrprocfork(struct proc *, struct proc *);
221 void ktruserret(struct thread *);
222 void ktrstruct(const char *, void *, size_t);
223 #define ktrsockaddr(s) \
224 ktrstruct("sockaddr", (s), ((struct sockaddr *)(s))->sa_len)
226 ktrstruct("stat", (s), sizeof(struct stat))
230 #include <sys/cdefs.h>
233 int ktrace(const char *, int, int, pid_t);
234 int utrace(const void *, size_t);