usr.bin/kdump/kdump.c

   1 /*-
   2  * Copyright (c) 1988, 1993
   3  *      The Regents of the University of California.  All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  * 4. Neither the name of the University nor the names of its contributors
  14  *    may be used to endorse or promote products derived from this software
  15  *    without specific prior written permission.
  16  *
  17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27  * SUCH DAMAGE.
  28  */
  29
  30 #ifndef lint
  31 static const char copyright[] =
  32 "@(#) Copyright (c) 1988, 1993\n\
  33         The Regents of the University of California.  All rights reserved.\n";
  34 #endif /* not lint */
  35
  36 #ifndef lint
  37 #if 0
  38 static char sccsid[] = "@(#)kdump.c     8.1 (Berkeley) 6/6/93";
  39 #endif
  40 #endif /* not lint */
  41 #include <sys/cdefs.h>
  42 __FBSDID("$FreeBSD$");
  43
  44 #define _KERNEL
  45 extern int errno;
  46 #include <sys/errno.h>
  47 #undef _KERNEL
  48 #include <sys/param.h>
  49 #include <sys/capability.h>
  50 #include <sys/errno.h>
  51 #define _KERNEL
  52 #include <sys/time.h>
  53 #undef _KERNEL
  54 #include <sys/uio.h>
  55 #include <sys/ktrace.h>
  56 #include <sys/ioctl.h>
  57 #include <sys/socket.h>
  58 #include <sys/stat.h>
  59 #include <sys/sysent.h>
  60 #include <sys/un.h>
  61 #include <sys/queue.h>
  62 #ifdef IPX
  63 #include <sys/types.h>
  64 #include <netipx/ipx.h>
  65 #endif
  66 #ifdef NETATALK
  67 #include <netatalk/at.h>
  68 #endif
  69 #include <arpa/inet.h>
  70 #include <netinet/in.h>
  71 #include <ctype.h>
  72 #include <dlfcn.h>
  73 #include <err.h>
  74 #include <grp.h>
  75 #include <inttypes.h>
  76 #include <locale.h>
  77 #include <netdb.h>
  78 #include <nl_types.h>
  79 #include <pwd.h>
  80 #include <stdio.h>
  81 #include <stdlib.h>
  82 #include <string.h>
  83 #include <termios.h>
  84 #include <time.h>
  85 #include <unistd.h>
  86 #include <vis.h>
  87 #include "ktrace.h"
  88 #include "kdump_subr.h"
  89
  90 u_int abidump(struct ktr_header *);
  91 int fetchprocinfo(struct ktr_header *, u_int *);
  92 int fread_tail(void *, int, int);
  93 void dumpheader(struct ktr_header *);
  94 void ktrsyscall(struct ktr_syscall *, u_int);
  95 void ktrsysret(struct ktr_sysret *, u_int);
  96 void ktrnamei(char *, int);
  97 void hexdump(char *, int, int);
  98 void visdump(char *, int, int);
  99 void ktrgenio(struct ktr_genio *, int);
 100 void ktrpsig(struct ktr_psig *);
 101 void ktrcsw(struct ktr_csw *);
 102 void ktrcsw_old(struct ktr_csw_old *);
 103 void ktruser_malloc(unsigned char *);
 104 void ktruser_rtld(int, unsigned char *);
 105 void ktruser(int, unsigned char *);
 106 void ktrcaprights(cap_rights_t *);
 107 void ktrsockaddr(struct sockaddr *);
 108 void ktrstat(struct stat *);
 109 void ktrstruct(char *, size_t);
 110 void ktrcapfail(struct ktr_cap_fail *);
 111 void ktrfault(struct ktr_fault *);
 112 void ktrfaultend(struct ktr_faultend *);
 113 void limitfd(int fd);
 114 void usage(void);
 115 void ioctlname(unsigned long, int);
 116
 117 int timestamp, decimal, fancy = 1, suppressdata, tail, threads, maxdata,
 118     resolv = 0, abiflag = 0;
 119 const char *tracefile = DEF_TRACEFILE;
 120 struct ktr_header ktr_header;
 121
 122 #define TIME_FORMAT     "%b %e %T %Y"
 123 #define eqs(s1, s2)     (strcmp((s1), (s2)) == 0)
 124
 125 #define print_number(i,n,c) do {                                        \
 126         if (decimal)                                                    \
 127                 printf("%c%jd", c, (intmax_t)*i);                       \
 128         else                                                            \
 129                 printf("%c%#jx", c, (uintmax_t)(u_register_t)*i);       \
 130         i++;                                                            \
 131         n--;                                                            \
 132         c = ',';                                                        \
 133 } while (0)
 134
 135 #if defined(__amd64__) || defined(__i386__)
 136
 137 void linux_ktrsyscall(struct ktr_syscall *);
 138 void linux_ktrsysret(struct ktr_sysret *);
 139 extern char *linux_syscallnames[];
 140 extern int nlinux_syscalls;
 141
 142 /*
 143  * from linux.h
 144  * Linux syscalls return negative errno's, we do positive and map them
 145  */
 146 static int bsd_to_linux_errno[ELAST + 1] = {
 147         -0,  -1,  -2,  -3,  -4,  -5,  -6,  -7,  -8,  -9,
 148         -10, -35, -12, -13, -14, -15, -16, -17, -18, -19,
 149         -20, -21, -22, -23, -24, -25, -26, -27, -28, -29,
 150         -30, -31, -32, -33, -34, -11,-115,-114, -88, -89,
 151         -90, -91, -92, -93, -94, -95, -96, -97, -98, -99,
 152         -100,-101,-102,-103,-104,-105,-106,-107,-108,-109,
 153         -110,-111, -40, -36,-112,-113, -39, -11, -87,-122,
 154         -116, -66,  -6,  -6,  -6,  -6,  -6, -37, -38,  -9,
 155         -6,  -6, -43, -42, -75,-125, -84, -95, -16, -74,
 156         -72, -67, -71
 157 };
 158 #endif
 159
 160 struct proc_info
 161 {
 162         TAILQ_ENTRY(proc_info)  info;
 163         u_int                   sv_flags;
 164         pid_t                   pid;
 165 };
 166
 167 TAILQ_HEAD(trace_procs, proc_info) trace_procs;
 168
 169 static void
 170 strerror_init(void)
 171 {
 172
 173         /*
 174          * Cache NLS data before entering capability mode.
 175          * XXXPJD: There should be strerror_init() and strsignal_init() in libc.
 176          */
 177         (void)catopen("libc", NL_CAT_LOCALE);
 178 }
 179
 180 static void
 181 localtime_init(void)
 182 {
 183         time_t ltime;
 184
 185         /*
 186          * Allow localtime(3) to cache /etc/localtime content before entering
 187          * capability mode.
 188          * XXXPJD: There should be localtime_init() in libc.
 189          */
 190         (void)time(&ltime);
 191         (void)localtime(&ltime);
 192 }
 193
 194 int
 195 main(int argc, char *argv[])
 196 {
 197         int ch, ktrlen, size;
 198         void *m;
 199         int trpoints = ALL_POINTS;
 200         int drop_logged;
 201         pid_t pid = 0;
 202         u_int sv_flags;
 203
 204         setlocale(LC_CTYPE, "");
 205
 206         while ((ch = getopt(argc,argv,"f:dElm:np:AHRrsTt:")) != -1)
 207                 switch (ch) {
 208                 case 'A':
 209                         abiflag = 1;
 210                         break;
 211                 case 'f':
 212                         tracefile = optarg;
 213                         break;
 214                 case 'd':
 215                         decimal = 1;
 216                         break;
 217                 case 'l':
 218                         tail = 1;
 219                         break;
 220                 case 'm':
 221                         maxdata = atoi(optarg);
 222                         break;
 223                 case 'n':
 224                         fancy = 0;
 225                         break;
 226                 case 'p':
 227                         pid = atoi(optarg);
 228                         break;
 229                 case 'r':
 230                         resolv = 1;
 231                         break;
 232                 case 's':
 233                         suppressdata = 1;
 234                         break;
 235                 case 'E':
 236                         timestamp = 3;  /* elapsed timestamp */
 237                         break;
 238                 case 'H':
 239                         threads = 1;
 240                         break;
 241                 case 'R':
 242                         timestamp = 2;  /* relative timestamp */
 243                         break;
 244                 case 'T':
 245                         timestamp = 1;
 246                         break;
 247                 case 't':
 248                         trpoints = getpoints(optarg);
 249                         if (trpoints < 0)
 250                                 errx(1, "unknown trace point in %s", optarg);
 251                         break;
 252                 default:
 253                         usage();
 254                 }
 255
 256         if (argc > optind)
 257                 usage();
 258
 259         m = malloc(size = 1025);
 260         if (m == NULL)
 261                 errx(1, "%s", strerror(ENOMEM));
 262         if (!freopen(tracefile, "r", stdin))
 263                 err(1, "%s", tracefile);
 264
 265         strerror_init();
 266         localtime_init();
 267
 268         if (resolv == 0) {
 269                 if (cap_enter() < 0 && errno != ENOSYS)
 270                         err(1, "unable to enter capability mode");
 271         }
 272         limitfd(STDIN_FILENO);
 273         limitfd(STDOUT_FILENO);
 274         limitfd(STDERR_FILENO);
 275
 276         TAILQ_INIT(&trace_procs);
 277         drop_logged = 0;
 278         while (fread_tail(&ktr_header, sizeof(struct ktr_header), 1)) {
 279                 if (ktr_header.ktr_type & KTR_DROP) {
 280                         ktr_header.ktr_type &= ~KTR_DROP;
 281                         if (!drop_logged && threads) {
 282                                 printf(
 283                                     "%6jd %6jd %-8.*s Events dropped.\n",
 284                                     (intmax_t)ktr_header.ktr_pid,
 285                                     ktr_header.ktr_tid > 0 ?
 286                                     (intmax_t)ktr_header.ktr_tid : 0,
 287                                     MAXCOMLEN, ktr_header.ktr_comm);
 288                                 drop_logged = 1;
 289                         } else if (!drop_logged) {
 290                                 printf("%6jd %-8.*s Events dropped.\n",
 291                                     (intmax_t)ktr_header.ktr_pid, MAXCOMLEN,
 292                                     ktr_header.ktr_comm);
 293                                 drop_logged = 1;
 294                         }
 295                 }
 296                 if (trpoints & (1<<ktr_header.ktr_type))
 297                         if (pid == 0 || ktr_header.ktr_pid == pid ||
 298                             ktr_header.ktr_tid == pid)
 299                                 dumpheader(&ktr_header);
 300                 if ((ktrlen = ktr_header.ktr_len) < 0)
 301                         errx(1, "bogus length 0x%x", ktrlen);
 302                 if (ktrlen > size) {
 303                         m = realloc(m, ktrlen+1);
 304                         if (m == NULL)
 305                                 errx(1, "%s", strerror(ENOMEM));
 306                         size = ktrlen;
 307                 }
 308                 if (ktrlen && fread_tail(m, ktrlen, 1) == 0)
 309                         errx(1, "data too short");
 310                 if (fetchprocinfo(&ktr_header, (u_int *)m) != 0)
 311                         continue;
 312                 sv_flags = abidump(&ktr_header);
 313                 if (pid && ktr_header.ktr_pid != pid &&
 314                     ktr_header.ktr_tid != pid)
 315                         continue;
 316                 if ((trpoints & (1<<ktr_header.ktr_type)) == 0)
 317                         continue;
 318                 drop_logged = 0;
 319                 switch (ktr_header.ktr_type) {
 320                 case KTR_SYSCALL:
 321 #if defined(__amd64__) || defined(__i386__)
 322                         if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX)
 323                                 linux_ktrsyscall((struct ktr_syscall *)m);
 324                         else
 325 #endif
 326                                 ktrsyscall((struct ktr_syscall *)m, sv_flags);
 327                         break;
 328                 case KTR_SYSRET:
 329 #if defined(__amd64__) || defined(__i386__)
 330                         if ((sv_flags & SV_ABI_MASK) == SV_ABI_LINUX)
 331                                 linux_ktrsysret((struct ktr_sysret *)m);
 332                         else
 333 #endif
 334                                 ktrsysret((struct ktr_sysret *)m, sv_flags);
 335                         break;
 336                 case KTR_NAMEI:
 337                 case KTR_SYSCTL:
 338                         ktrnamei(m, ktrlen);
 339                         break;
 340                 case KTR_GENIO:
 341                         ktrgenio((struct ktr_genio *)m, ktrlen);
 342                         break;
 343                 case KTR_PSIG:
 344                         ktrpsig((struct ktr_psig *)m);
 345                         break;
 346                 case KTR_CSW:
 347                         if (ktrlen == sizeof(struct ktr_csw_old))
 348                                 ktrcsw_old((struct ktr_csw_old *)m);
 349                         else
 350                                 ktrcsw((struct ktr_csw *)m);
 351                         break;
 352                 case KTR_USER:
 353                         ktruser(ktrlen, m);
 354                         break;
 355                 case KTR_STRUCT:
 356                         ktrstruct(m, ktrlen);
 357                         break;
 358                 case KTR_CAPFAIL:
 359                         ktrcapfail((struct ktr_cap_fail *)m);
 360                         break;
 361                 case KTR_FAULT:
 362                         ktrfault((struct ktr_fault *)m);
 363                         break;
 364                 case KTR_FAULTEND:
 365                         ktrfaultend((struct ktr_faultend *)m);
 366                         break;
 367                 default:
 368                         printf("\n");
 369                         break;
 370                 }
 371                 if (tail)
 372                         fflush(stdout);
 373         }
 374         return 0;
 375 }
 376
 377 void
 378 limitfd(int fd)
 379 {
 380         cap_rights_t rights;
 381         unsigned long cmd;
 382
 383         cap_rights_init(&rights, CAP_FSTAT);
 384         cmd = -1;
 385
 386         switch (fd) {
 387         case STDIN_FILENO:
 388                 cap_rights_set(&rights, CAP_READ);
 389                 break;
 390         case STDOUT_FILENO:
 391                 cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
 392                 cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
 393                 break;
 394         case STDERR_FILENO:
 395                 cap_rights_set(&rights, CAP_WRITE);
 396                 if (!suppressdata) {
 397                         cap_rights_set(&rights, CAP_IOCTL);
 398                         cmd = TIOCGWINSZ;
 399                 }
 400                 break;
 401         default:
 402                 abort();
 403         }
 404
 405         if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
 406                 err(1, "unable to limit rights for descriptor %d", fd);
 407         if (cmd != -1 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
 408                 err(1, "unable to limit ioctls for descriptor %d", fd);
 409 }
 410
 411 int
 412 fread_tail(void *buf, int size, int num)
 413 {
 414         int i;
 415
 416         while ((i = fread(buf, size, num, stdin)) == 0 && tail) {
 417                 sleep(1);
 418                 clearerr(stdin);
 419         }
 420         return (i);
 421 }
 422
 423 int
 424 fetchprocinfo(struct ktr_header *kth, u_int *flags)
 425 {
 426         struct proc_info *pi;
 427
 428         switch (kth->ktr_type) {
 429         case KTR_PROCCTOR:
 430                 TAILQ_FOREACH(pi, &trace_procs, info) {
 431                         if (pi->pid == kth->ktr_pid) {
 432                                 TAILQ_REMOVE(&trace_procs, pi, info);
 433                                 break;
 434                         }
 435                 }
 436                 pi = malloc(sizeof(struct proc_info));
 437                 if (pi == NULL)
 438                         errx(1, "%s", strerror(ENOMEM));
 439                 pi->sv_flags = *flags;
 440                 pi->pid = kth->ktr_pid;
 441                 TAILQ_INSERT_TAIL(&trace_procs, pi, info);
 442                 return (1);
 443
 444         case KTR_PROCDTOR:
 445                 TAILQ_FOREACH(pi, &trace_procs, info) {
 446                         if (pi->pid == kth->ktr_pid) {
 447                                 TAILQ_REMOVE(&trace_procs, pi, info);
 448                                 free(pi);
 449                                 break;
 450                         }
 451                 }
 452                 return (1);
 453         }
 454
 455         return (0);
 456 }
 457
 458 u_int
 459 abidump(struct ktr_header *kth)
 460 {
 461         struct proc_info *pi;
 462         const char *abi;
 463         const char *arch;
 464         u_int flags = 0;
 465
 466         TAILQ_FOREACH(pi, &trace_procs, info) {
 467                 if (pi->pid == kth->ktr_pid) {
 468                         flags = pi->sv_flags;
 469                         break;
 470                 }
 471         }
 472
 473         if (abiflag == 0)
 474                 return (flags);
 475
 476         switch (flags & SV_ABI_MASK) {
 477         case SV_ABI_LINUX:
 478                 abi = "L";
 479                 break;
 480         case SV_ABI_FREEBSD:
 481                 abi = "F";
 482                 break;
 483         default:
 484                 abi = "U";
 485                 break;
 486         }
 487
 488         if (flags != 0) {
 489                 if (flags & SV_LP64)
 490                         arch = "64";
 491                 else
 492                         arch = "32";
 493         } else
 494                 arch = "00";
 495
 496         printf("%s%s  ", abi, arch);
 497
 498         return (flags);
 499 }
 500
 501 void
 502 dumpheader(struct ktr_header *kth)
 503 {
 504         static char unknown[64];
 505         static struct timeval prevtime, temp;
 506         const char *type;
 507
 508         switch (kth->ktr_type) {
 509         case KTR_SYSCALL:
 510                 type = "CALL";
 511                 break;
 512         case KTR_SYSRET:
 513                 type = "RET ";
 514                 break;
 515         case KTR_NAMEI:
 516                 type = "NAMI";
 517                 break;
 518         case KTR_GENIO:
 519                 type = "GIO ";
 520                 break;
 521         case KTR_PSIG:
 522                 type = "PSIG";
 523                 break;
 524         case KTR_CSW:
 525                 type = "CSW ";
 526                 break;
 527         case KTR_USER:
 528                 type = "USER";
 529                 break;
 530         case KTR_STRUCT:
 531                 type = "STRU";
 532                 break;
 533         case KTR_SYSCTL:
 534                 type = "SCTL";
 535                 break;
 536         case KTR_PROCCTOR:
 537                 /* FALLTHROUGH */
 538         case KTR_PROCDTOR:
 539                 return;
 540         case KTR_CAPFAIL:
 541                 type = "CAP ";
 542                 break;
 543         case KTR_FAULT:
 544                 type = "PFLT";
 545                 break;
 546         case KTR_FAULTEND:
 547                 type = "PRET";
 548                 break;
 549         default:
 550                 sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type);
 551                 type = unknown;
 552         }
 553
 554         /*
 555          * The ktr_tid field was previously the ktr_buffer field, which held
 556          * the kernel pointer value for the buffer associated with data
 557          * following the record header.  It now holds a threadid, but only
 558          * for trace files after the change.  Older trace files still contain
 559          * kernel pointers.  Detect this and suppress the results by printing
 560          * negative tid's as 0.
 561          */
 562         if (threads)
 563                 printf("%6jd %6jd %-8.*s ", (intmax_t)kth->ktr_pid,
 564                     kth->ktr_tid > 0 ? (intmax_t)kth->ktr_tid : 0,
 565                     MAXCOMLEN, kth->ktr_comm);
 566         else
 567                 printf("%6jd %-8.*s ", (intmax_t)kth->ktr_pid, MAXCOMLEN,
 568                     kth->ktr_comm);
 569         if (timestamp) {
 570                 if (timestamp == 3) {
 571                         if (prevtime.tv_sec == 0)
 572                                 prevtime = kth->ktr_time;
 573                         timevalsub(&kth->ktr_time, &prevtime);
 574                 }
 575                 if (timestamp == 2) {
 576                         temp = kth->ktr_time;
 577                         timevalsub(&kth->ktr_time, &prevtime);
 578                         prevtime = temp;
 579                 }
 580                 printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec,
 581                     kth->ktr_time.tv_usec);
 582         }
 583         printf("%s  ", type);
 584 }
 585
 586 #include <sys/syscall.h>
 587 #define KTRACE
 588 #include <sys/kern/syscalls.c>
 589 #undef KTRACE
 590 int nsyscalls = sizeof (syscallnames) / sizeof (syscallnames[0]);
 591
 592 void
 593 ktrsyscall(struct ktr_syscall *ktr, u_int flags)
 594 {
 595         int narg = ktr->ktr_narg;
 596         register_t *ip;
 597         intmax_t arg;
 598
 599         if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) ||
 600             (ktr->ktr_code >= nsyscalls || ktr->ktr_code < 0))
 601                 printf("[%d]", ktr->ktr_code);
 602         else
 603                 printf("%s", syscallnames[ktr->ktr_code]);
 604         ip = &ktr->ktr_args[0];
 605         if (narg) {
 606                 char c = '(';
 607                 if (fancy &&
 608                     (flags == 0 || (flags & SV_ABI_MASK) == SV_ABI_FREEBSD)) {
 609                         switch (ktr->ktr_code) {
 610                         case SYS_bindat:
 611                         case SYS_connectat:
 612                         case SYS_faccessat:
 613                         case SYS_fchmodat:
 614                         case SYS_fchownat:
 615                         case SYS_fstatat:
 616                         case SYS_futimesat:
 617                         case SYS_linkat:
 618                         case SYS_mkdirat:
 619                         case SYS_mkfifoat:
 620                         case SYS_mknodat:
 621                         case SYS_openat:
 622                         case SYS_readlinkat:
 623                         case SYS_renameat:
 624                         case SYS_unlinkat:
 625                                 putchar('(');
 626                                 atfdname(*ip, decimal);
 627                                 c = ',';
 628                                 ip++;
 629                                 narg--;
 630                                 break;
 631                         }
 632                         switch (ktr->ktr_code) {
 633                         case SYS_ioctl: {
 634                                 print_number(ip, narg, c);
 635                                 putchar(c);
 636                                 ioctlname(*ip, decimal);
 637                                 c = ',';
 638                                 ip++;
 639                                 narg--;
 640                                 break;
 641                         }
 642                         case SYS_ptrace:
 643                                 putchar('(');
 644                                 ptraceopname(*ip);
 645                                 c = ',';
 646                                 ip++;
 647                                 narg--;
 648                                 break;
 649                         case SYS_access:
 650                         case SYS_eaccess:
 651                         case SYS_faccessat:
 652                                 print_number(ip, narg, c);
 653                                 putchar(',');
 654                                 accessmodename(*ip);
 655                                 ip++;
 656                                 narg--;
 657                                 break;
 658                         case SYS_open:
 659                         case SYS_openat:
 660                                 print_number(ip, narg, c);
 661                                 putchar(',');
 662                                 flagsandmodename(ip[0], ip[1], decimal);
 663                                 ip += 2;
 664                                 narg -= 2;
 665                                 break;
 666                         case SYS_wait4:
 667                                 print_number(ip, narg, c);
 668                                 print_number(ip, narg, c);
 669                                 putchar(',');
 670                                 wait4optname(*ip);
 671                                 ip++;
 672                                 narg--;
 673                                 break;
 674                         case SYS_chmod:
 675                         case SYS_fchmod:
 676                         case SYS_lchmod:
 677                                 print_number(ip, narg, c);
 678                                 putchar(',');
 679                                 modename(*ip);
 680                                 ip++;
 681                                 narg--;
 682                                 break;
 683                         case SYS_mknod:
 684                         case SYS_mknodat:
 685                                 print_number(ip, narg, c);
 686                                 putchar(',');
 687                                 modename(*ip);
 688                                 ip++;
 689                                 narg--;
 690                                 break;
 691                         case SYS_getfsstat:
 692                                 print_number(ip, narg, c);
 693                                 print_number(ip, narg, c);
 694                                 putchar(',');
 695                                 getfsstatflagsname(*ip);
 696                                 ip++;
 697                                 narg--;
 698                                 break;
 699                         case SYS_mount:
 700                                 print_number(ip, narg, c);
 701                                 print_number(ip, narg, c);
 702                                 putchar(',');
 703                                 mountflagsname(*ip);
 704                                 ip++;
 705                                 narg--;
 706                                 break;
 707                         case SYS_unmount:
 708                                 print_number(ip, narg, c);
 709                                 putchar(',');
 710                                 mountflagsname(*ip);
 711                                 ip++;
 712                                 narg--;
 713                                 break;
 714                         case SYS_recvmsg:
 715                         case SYS_sendmsg:
 716                                 print_number(ip, narg, c);
 717                                 print_number(ip, narg, c);
 718                                 putchar(',');
 719                                 sendrecvflagsname(*ip);
 720                                 ip++;
 721                                 narg--;
 722                                 break;
 723                         case SYS_recvfrom:
 724                         case SYS_sendto:
 725                                 print_number(ip, narg, c);
 726                                 print_number(ip, narg, c);
 727                                 print_number(ip, narg, c);
 728                                 putchar(',');
 729                                 sendrecvflagsname(*ip);
 730                                 ip++;
 731                                 narg--;
 732                                 break;
 733                         case SYS_chflags:
 734                         case SYS_fchflags:
 735                         case SYS_lchflags:
 736                                 print_number(ip, narg, c);
 737                                 putchar(',');
 738                                 modename(*ip);
 739                                 ip++;
 740                                 narg--;
 741                                 break;
 742                         case SYS_kill:
 743                                 print_number(ip, narg, c);
 744                                 putchar(',');
 745                                 signame(*ip);
 746                                 ip++;
 747                                 narg--;
 748                                 break;
 749                         case SYS_reboot:
 750                                 putchar('(');
 751                                 rebootoptname(*ip);
 752                                 ip++;
 753                                 narg--;
 754                                 break;
 755                         case SYS_umask:
 756                                 putchar('(');
 757                                 modename(*ip);
 758                                 ip++;
 759                                 narg--;
 760                                 break;
 761                         case SYS_msync:
 762                                 print_number(ip, narg, c);
 763                                 print_number(ip, narg, c);
 764                                 putchar(',');
 765                                 msyncflagsname(*ip);
 766                                 ip++;
 767                                 narg--;
 768                                 break;
 769 #ifdef SYS_freebsd6_mmap
 770                         case SYS_freebsd6_mmap:
 771                                 print_number(ip, narg, c);
 772                                 print_number(ip, narg, c);
 773                                 putchar(',');
 774                                 mmapprotname(*ip);
 775                                 putchar(',');
 776                                 ip++;
 777                                 narg--;
 778                                 mmapflagsname(*ip);
 779                                 ip++;
 780                                 narg--;
 781                                 break;
 782 #endif
 783                         case SYS_mmap:
 784                                 print_number(ip, narg, c);
 785                                 print_number(ip, narg, c);
 786                                 putchar(',');
 787                                 mmapprotname(*ip);
 788                                 putchar(',');
 789                                 ip++;
 790                                 narg--;
 791                                 mmapflagsname(*ip);
 792                                 ip++;
 793                                 narg--;
 794                                 break;
 795                         case SYS_mprotect:
 796                                 print_number(ip, narg, c);
 797                                 print_number(ip, narg, c);
 798                                 putchar(',');
 799                                 mmapprotname(*ip);
 800                                 ip++;
 801                                 narg--;
 802                                 break;
 803                         case SYS_madvise:
 804                                 print_number(ip, narg, c);
 805                                 print_number(ip, narg, c);
 806                                 putchar(',');
 807                                 madvisebehavname(*ip);
 808                                 ip++;
 809                                 narg--;
 810                                 break;
 811                         case SYS_setpriority:
 812                                 print_number(ip, narg, c);
 813                                 print_number(ip, narg, c);
 814                                 putchar(',');
 815                                 prioname(*ip);
 816                                 ip++;
 817                                 narg--;
 818                                 break;
 819                         case SYS_fcntl:
 820                                 print_number(ip, narg, c);
 821                                 putchar(',');
 822                                 fcntlcmdname(ip[0], ip[1], decimal);
 823                                 ip += 2;
 824                                 narg -= 2;
 825                                 break;
 826                         case SYS_socket: {
 827                                 int sockdomain;
 828                                 putchar('(');
 829                                 sockdomain = *ip;
 830                                 sockdomainname(sockdomain);
 831                                 ip++;
 832                                 narg--;
 833                                 putchar(',');
 834                                 socktypenamewithflags(*ip);
 835                                 ip++;
 836                                 narg--;
 837                                 if (sockdomain == PF_INET ||
 838                                     sockdomain == PF_INET6) {
 839                                         putchar(',');
 840                                         sockipprotoname(*ip);
 841                                         ip++;
 842                                         narg--;
 843                                 }
 844                                 c = ',';
 845                                 break;
 846                         }
 847                         case SYS_setsockopt:
 848                         case SYS_getsockopt:
 849                                 print_number(ip, narg, c);
 850                                 putchar(',');
 851                                 sockoptlevelname(*ip, decimal);
 852                                 if (*ip == SOL_SOCKET) {
 853                                         ip++;
 854                                         narg--;
 855                                         putchar(',');
 856                                         sockoptname(*ip);
 857                                 }
 858                                 ip++;
 859                                 narg--;
 860                                 break;
 861 #ifdef SYS_freebsd6_lseek
 862                         case SYS_freebsd6_lseek:
 863                                 print_number(ip, narg, c);
 864                                 /* Hidden 'pad' argument, not in lseek(2) */
 865                                 print_number(ip, narg, c);
 866                                 print_number(ip, narg, c);
 867                                 putchar(',');
 868                                 whencename(*ip);
 869                                 ip++;
 870                                 narg--;
 871                                 break;
 872 #endif
 873                         case SYS_lseek:
 874                                 print_number(ip, narg, c);
 875                                 /* Hidden 'pad' argument, not in lseek(2) */
 876                                 print_number(ip, narg, c);
 877                                 putchar(',');
 878                                 whencename(*ip);
 879                                 ip++;
 880                                 narg--;
 881                                 break;
 882                         case SYS_flock:
 883                                 print_number(ip, narg, c);
 884                                 putchar(',');
 885                                 flockname(*ip);
 886                                 ip++;
 887                                 narg--;
 888                                 break;
 889                         case SYS_mkfifo:
 890                         case SYS_mkfifoat:
 891                         case SYS_mkdir:
 892                         case SYS_mkdirat:
 893                                 print_number(ip, narg, c);
 894                                 putchar(',');
 895                                 modename(*ip);
 896                                 ip++;
 897                                 narg--;
 898                                 break;
 899                         case SYS_shutdown:
 900                                 print_number(ip, narg, c);
 901                                 putchar(',');
 902                                 shutdownhowname(*ip);
 903                                 ip++;
 904                                 narg--;
 905                                 break;
 906                         case SYS_socketpair:
 907                                 putchar('(');
 908                                 sockdomainname(*ip);
 909                                 ip++;
 910                                 narg--;
 911                                 putchar(',');
 912                                 socktypenamewithflags(*ip);
 913                                 ip++;
 914                                 narg--;
 915                                 c = ',';
 916                                 break;
 917                         case SYS_getrlimit:
 918                         case SYS_setrlimit:
 919                                 putchar('(');
 920                                 rlimitname(*ip);
 921                                 ip++;
 922                                 narg--;
 923                                 c = ',';
 924                                 break;
 925                         case SYS_quotactl:
 926                                 print_number(ip, narg, c);
 927                                 putchar(',');
 928                                 quotactlname(*ip);
 929                                 ip++;
 930                                 narg--;
 931                                 c = ',';
 932                                 break;
 933                         case SYS_nfssvc:
 934                                 putchar('(');
 935                                 nfssvcname(*ip);
 936                                 ip++;
 937                                 narg--;
 938                                 c = ',';
 939                                 break;
 940                         case SYS_rtprio:
 941                                 putchar('(');
 942                                 rtprioname(*ip);
 943                                 ip++;
 944                                 narg--;
 945                                 c = ',';
 946                                 break;
 947                         case SYS___semctl:
 948                                 print_number(ip, narg, c);
 949                                 print_number(ip, narg, c);
 950                                 putchar(',');
 951                                 semctlname(*ip);
 952                                 ip++;
 953                                 narg--;
 954                                 break;
 955                         case SYS_semget:
 956                                 print_number(ip, narg, c);
 957                                 print_number(ip, narg, c);
 958                                 putchar(',');
 959                                 semgetname(*ip);
 960                                 ip++;
 961                                 narg--;
 962                                 break;
 963                         case SYS_msgctl:
 964                                 print_number(ip, narg, c);
 965                                 putchar(',');
 966                                 shmctlname(*ip);
 967                                 ip++;
 968                                 narg--;
 969                                 break;
 970                         case SYS_shmat:
 971                                 print_number(ip, narg, c);
 972                                 print_number(ip, narg, c);
 973                                 putchar(',');
 974                                 shmatname(*ip);
 975                                 ip++;
 976                                 narg--;
 977                                 break;
 978                         case SYS_shmctl:
 979                                 print_number(ip, narg, c);
 980                                 putchar(',');
 981                                 shmctlname(*ip);
 982                                 ip++;
 983                                 narg--;
 984                                 break;
 985                         case SYS_minherit:
 986                                 print_number(ip, narg, c);
 987                                 print_number(ip, narg, c);
 988                                 putchar(',');
 989                                 minheritname(*ip);
 990                                 ip++;
 991                                 narg--;
 992                                 break;
 993                         case SYS_rfork:
 994                                 putchar('(');
 995                                 rforkname(*ip);
 996                                 ip++;
 997                                 narg--;
 998                                 c = ',';
 999                                 break;
1000                         case SYS_lio_listio:
1001                                 putchar('(');
1002                                 lio_listioname(*ip);
1003                                 ip++;
1004                                 narg--;
1005                                 c = ',';
1006                                 break;
1007                         case SYS_mlockall:
1008                                 putchar('(');
1009                                 mlockallname(*ip);
1010                                 ip++;
1011                                 narg--;
1012                                 break;
1013                         case SYS_sched_setscheduler:
1014                                 print_number(ip, narg, c);
1015                                 putchar(',');
1016                                 schedpolicyname(*ip);
1017                                 ip++;
1018                                 narg--;
1019                                 break;
1020                         case SYS_sched_get_priority_max:
1021                         case SYS_sched_get_priority_min:
1022                                 putchar('(');
1023                                 schedpolicyname(*ip);
1024                                 ip++;
1025                                 narg--;
1026                                 break;
1027                         case SYS_sendfile:
1028                                 print_number(ip, narg, c);
1029                                 print_number(ip, narg, c);
1030                                 print_number(ip, narg, c);
1031                                 print_number(ip, narg, c);
1032                                 print_number(ip, narg, c);
1033                                 print_number(ip, narg, c);
1034                                 putchar(',');
1035                                 sendfileflagsname(*ip);
1036                                 ip++;
1037                                 narg--;
1038                                 break;
1039                         case SYS_kldsym:
1040                                 print_number(ip, narg, c);
1041                                 putchar(',');
1042                                 kldsymcmdname(*ip);
1043                                 ip++;
1044                                 narg--;
1045                                 break;
1046                         case SYS_sigprocmask:
1047                                 putchar('(');
1048                                 sigprocmaskhowname(*ip);
1049                                 ip++;
1050                                 narg--;
1051                                 c = ',';
1052                                 break;
1053                         case SYS___acl_get_file:
1054                         case SYS___acl_set_file:
1055                         case SYS___acl_get_fd:
1056                         case SYS___acl_set_fd:
1057                         case SYS___acl_delete_file:
1058                         case SYS___acl_delete_fd:
1059                         case SYS___acl_aclcheck_file:
1060                         case SYS___acl_aclcheck_fd:
1061                         case SYS___acl_get_link:
1062                         case SYS___acl_set_link:
1063                         case SYS___acl_delete_link:
1064                         case SYS___acl_aclcheck_link:
1065                                 print_number(ip, narg, c);
1066                                 putchar(',');
1067                                 acltypename(*ip);
1068                                 ip++;
1069                                 narg--;
1070                                 break;
1071                         case SYS_sigaction:
1072                                 putchar('(');
1073                                 signame(*ip);
1074                                 ip++;
1075                                 narg--;
1076                                 c = ',';
1077                                 break;
1078                         case SYS_extattrctl:
1079                                 print_number(ip, narg, c);
1080                                 putchar(',');
1081                                 extattrctlname(*ip);
1082                                 ip++;
1083                                 narg--;
1084                                 break;
1085                         case SYS_nmount:
1086                                 print_number(ip, narg, c);
1087                                 print_number(ip, narg, c);
1088                                 putchar(',');
1089                                 mountflagsname(*ip);
1090                                 ip++;
1091                                 narg--;
1092                                 break;
1093                         case SYS_thr_create:
1094                                 print_number(ip, narg, c);
1095                                 print_number(ip, narg, c);
1096                                 putchar(',');
1097                                 thrcreateflagsname(*ip);
1098                                 ip++;
1099                                 narg--;
1100                                 break;
1101                         case SYS_thr_kill:
1102                                 print_number(ip, narg, c);
1103                                 putchar(',');
1104                                 signame(*ip);
1105                                 ip++;
1106                                 narg--;
1107                                 break;
1108                         case SYS_kldunloadf:
1109                                 print_number(ip, narg, c);
1110                                 putchar(',');
1111                                 kldunloadfflagsname(*ip);
1112                                 ip++;
1113                                 narg--;
1114                                 break;
1115                         case SYS_linkat:
1116                         case SYS_renameat:
1117                         case SYS_symlinkat:
1118                                 print_number(ip, narg, c);
1119                                 putchar(',');
1120                                 atfdname(*ip, decimal);
1121                                 ip++;
1122                                 narg--;
1123                                 break;
1124                         case SYS_cap_fcntls_limit:
1125                                 print_number(ip, narg, c);
1126                                 putchar(',');
1127                                 arg = *ip;
1128                                 ip++;
1129                                 narg--;
1130                                 capfcntlname(arg);
1131                                 break;
1132                         case SYS_posix_fadvise:
1133                                 print_number(ip, narg, c);
1134                                 print_number(ip, narg, c);
1135                                 print_number(ip, narg, c);
1136                                 (void)putchar(',');
1137                                 fadvisebehavname((int)*ip);
1138                                 ip++;
1139                                 narg--;
1140                                 break;
1141                         }
1142                 }
1143                 while (narg > 0) {
1144                         print_number(ip, narg, c);
1145                 }
1146                 putchar(')');
1147         }
1148         putchar('\n');
1149 }
1150
1151 void
1152 ktrsysret(struct ktr_sysret *ktr, u_int flags)
1153 {
1154         register_t ret = ktr->ktr_retval;
1155         int error = ktr->ktr_error;
1156         int code = ktr->ktr_code;
1157
1158         if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) ||
1159             (code >= nsyscalls || code < 0))
1160                 printf("[%d] ", code);
1161         else
1162                 printf("%s ", syscallnames[code]);
1163
1164         if (error == 0) {
1165                 if (fancy) {
1166                         printf("%ld", (long)ret);
1167                         if (ret < 0 || ret > 9)
1168                                 printf("/%#lx", (unsigned long)ret);
1169                 } else {
1170                         if (decimal)
1171                                 printf("%ld", (long)ret);
1172                         else
1173                                 printf("%#lx", (unsigned long)ret);
1174                 }
1175         } else if (error == ERESTART)
1176                 printf("RESTART");
1177         else if (error == EJUSTRETURN)
1178                 printf("JUSTRETURN");
1179         else {
1180                 printf("-1 errno %d", ktr->ktr_error);
1181                 if (fancy)
1182                         printf(" %s", strerror(ktr->ktr_error));
1183         }
1184         putchar('\n');
1185 }
1186
1187 void
1188 ktrnamei(char *cp, int len)
1189 {
1190         printf("\"%.*s\"\n", len, cp);
1191 }
1192
1193 void
1194 hexdump(char *p, int len, int screenwidth)
1195 {
1196         int n, i;
1197         int width;
1198
1199         width = 0;
1200         do {
1201                 width += 2;
1202                 i = 13;                 /* base offset */
1203                 i += (width / 2) + 1;   /* spaces every second byte */
1204                 i += (width * 2);       /* width of bytes */
1205                 i += 3;                 /* "  |" */
1206                 i += width;             /* each byte */
1207                 i += 1;                 /* "|" */
1208         } while (i < screenwidth);
1209         width -= 2;
1210
1211         for (n = 0; n < len; n += width) {
1212                 for (i = n; i < n + width; i++) {
1213                         if ((i % width) == 0) { /* beginning of line */
1214                                 printf("       0x%04x", i);
1215                         }
1216                         if ((i % 2) == 0) {
1217                                 printf(" ");
1218                         }
1219                         if (i < len)
1220                                 printf("%02x", p[i] & 0xff);
1221                         else
1222                                 printf("  ");
1223                 }
1224                 printf("  |");
1225                 for (i = n; i < n + width; i++) {
1226                         if (i >= len)
1227                                 break;
1228                         if (p[i] >= ' ' && p[i] <= '~')
1229                                 printf("%c", p[i]);
1230                         else
1231                                 printf(".");
1232                 }
1233                 printf("|\n");
1234         }
1235         if ((i % width) != 0)
1236                 printf("\n");
1237 }
1238
1239 void
1240 visdump(char *dp, int datalen, int screenwidth)
1241 {
1242         int col = 0;
1243         char *cp;
1244         int width;
1245         char visbuf[5];
1246
1247         printf("       \"");
1248         col = 8;
1249         for (;datalen > 0; datalen--, dp++) {
1250                  vis(visbuf, *dp, VIS_CSTYLE, *(dp+1));
1251                 cp = visbuf;
1252                 /*
1253                  * Keep track of printables and
1254                  * space chars (like fold(1)).
1255                  */
1256                 if (col == 0) {
1257                         putchar('\t');
1258                         col = 8;
1259                 }
1260                 switch(*cp) {
1261                 case '\n':
1262                         col = 0;
1263                         putchar('\n');
1264                         continue;
1265                 case '\t':
1266                         width = 8 - (col&07);
1267                         break;
1268                 default:
1269                         width = strlen(cp);
1270                 }
1271                 if (col + width > (screenwidth-2)) {
1272                         printf("\\\n\t");
1273                         col = 8;
1274                 }
1275                 col += width;
1276                 do {
1277                         putchar(*cp++);
1278                 } while (*cp);
1279         }
1280         if (col == 0)
1281                 printf("       ");
1282         printf("\"\n");
1283 }
1284
1285 void
1286 ktrgenio(struct ktr_genio *ktr, int len)
1287 {
1288         int datalen = len - sizeof (struct ktr_genio);
1289         char *dp = (char *)ktr + sizeof (struct ktr_genio);
1290         static int screenwidth = 0;
1291         int i, binary;
1292
1293         printf("fd %d %s %d byte%s\n", ktr->ktr_fd,
1294                 ktr->ktr_rw == UIO_READ ? "read" : "wrote", datalen,
1295                 datalen == 1 ? "" : "s");
1296         if (suppressdata)
1297                 return;
1298         if (screenwidth == 0) {
1299                 struct winsize ws;
1300
1301                 if (fancy && ioctl(fileno(stderr), TIOCGWINSZ, &ws) != -1 &&
1302                     ws.ws_col > 8)
1303                         screenwidth = ws.ws_col;
1304                 else
1305                         screenwidth = 80;
1306         }
1307         if (maxdata && datalen > maxdata)
1308                 datalen = maxdata;
1309
1310         for (i = 0, binary = 0; i < datalen && binary == 0; i++)  {
1311                 if (dp[i] >= 32 && dp[i] < 127)
1312                         continue;
1313                 if (dp[i] == 10 || dp[i] == 13 || dp[i] == 0 || dp[i] == 9)
1314                         continue;
1315                 binary = 1;
1316         }
1317         if (binary)
1318                 hexdump(dp, datalen, screenwidth);
1319         else
1320                 visdump(dp, datalen, screenwidth);
1321 }
1322
1323 const char *signames[] = {
1324         "NULL", "HUP", "INT", "QUIT", "ILL", "TRAP", "IOT",     /*  1 - 6  */
1325         "EMT", "FPE", "KILL", "BUS", "SEGV", "SYS",             /*  7 - 12 */
1326         "PIPE", "ALRM",  "TERM", "URG", "STOP", "TSTP",         /* 13 - 18 */
1327         "CONT", "CHLD", "TTIN", "TTOU", "IO", "XCPU",           /* 19 - 24 */
1328         "XFSZ", "VTALRM", "PROF", "WINCH", "29", "USR1",        /* 25 - 30 */
1329         "USR2", NULL,                                           /* 31 - 32 */
1330 };
1331
1332 void
1333 ktrpsig(struct ktr_psig *psig)
1334 {
1335         if (psig->signo > 0 && psig->signo < NSIG)
1336                 printf("SIG%s ", signames[psig->signo]);
1337         else
1338                 printf("SIG %d ", psig->signo);
1339         if (psig->action == SIG_DFL) {
1340                 printf("SIG_DFL code=");
1341                 sigcodename(psig->signo, psig->code);
1342                 putchar('\n');
1343         } else {
1344                 printf("caught handler=0x%lx mask=0x%x code=",
1345                     (u_long)psig->action, psig->mask.__bits[0]);
1346                 sigcodename(psig->signo, psig->code);
1347                 putchar('\n');
1348         }
1349 }
1350
1351 void
1352 ktrcsw_old(struct ktr_csw_old *cs)
1353 {
1354         printf("%s %s\n", cs->out ? "stop" : "resume",
1355                 cs->user ? "user" : "kernel");
1356 }
1357
1358 void
1359 ktrcsw(struct ktr_csw *cs)
1360 {
1361         printf("%s %s \"%s\"\n", cs->out ? "stop" : "resume",
1362             cs->user ? "user" : "kernel", cs->wmesg);
1363 }
1364
1365 #define UTRACE_DLOPEN_START             1
1366 #define UTRACE_DLOPEN_STOP              2
1367 #define UTRACE_DLCLOSE_START            3
1368 #define UTRACE_DLCLOSE_STOP             4
1369 #define UTRACE_LOAD_OBJECT              5
1370 #define UTRACE_UNLOAD_OBJECT            6
1371 #define UTRACE_ADD_RUNDEP               7
1372 #define UTRACE_PRELOAD_FINISHED         8
1373 #define UTRACE_INIT_CALL                9
1374 #define UTRACE_FINI_CALL                10
1375
1376 struct utrace_rtld {
1377         char sig[4];                            /* 'RTLD' */
1378         int event;
1379         void *handle;
1380         void *mapbase;
1381         size_t mapsize;
1382         int refcnt;
1383         char name[MAXPATHLEN];
1384 };
1385
1386 void
1387 ktruser_rtld(int len, unsigned char *p)
1388 {
1389         struct utrace_rtld *ut = (struct utrace_rtld *)p;
1390         void *parent;
1391         int mode;
1392
1393         switch (ut->event) {
1394         case UTRACE_DLOPEN_START:
1395                 mode = ut->refcnt;
1396                 printf("dlopen(%s, ", ut->name);
1397                 switch (mode & RTLD_MODEMASK) {
1398                 case RTLD_NOW:
1399                         printf("RTLD_NOW");
1400                         break;
1401                 case RTLD_LAZY:
1402                         printf("RTLD_LAZY");
1403                         break;
1404                 default:
1405                         printf("%#x", mode & RTLD_MODEMASK);
1406                 }
1407                 if (mode & RTLD_GLOBAL)
1408                         printf(" | RTLD_GLOBAL");
1409                 if (mode & RTLD_TRACE)
1410                         printf(" | RTLD_TRACE");
1411                 if (mode & ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE))
1412                         printf(" | %#x", mode &
1413                             ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE));
1414                 printf(")\n");
1415                 break;
1416         case UTRACE_DLOPEN_STOP:
1417                 printf("%p = dlopen(%s) ref %d\n", ut->handle, ut->name,
1418                     ut->refcnt);
1419                 break;
1420         case UTRACE_DLCLOSE_START:
1421                 printf("dlclose(%p) (%s, %d)\n", ut->handle, ut->name,
1422                     ut->refcnt);
1423                 break;
1424         case UTRACE_DLCLOSE_STOP:
1425                 printf("dlclose(%p) finished\n", ut->handle);
1426                 break;
1427         case UTRACE_LOAD_OBJECT:
1428                 printf("RTLD: loaded   %p @ %p - %p (%s)\n", ut->handle,
1429                     ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1,
1430                     ut->name);
1431                 break;
1432         case UTRACE_UNLOAD_OBJECT:
1433                 printf("RTLD: unloaded %p @ %p - %p (%s)\n", ut->handle,
1434                     ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1,
1435                     ut->name);
1436                 break;
1437         case UTRACE_ADD_RUNDEP:
1438                 parent = ut->mapbase;
1439                 printf("RTLD: %p now depends on %p (%s, %d)\n", parent,
1440                     ut->handle, ut->name, ut->refcnt);
1441                 break;
1442         case UTRACE_PRELOAD_FINISHED:
1443                 printf("RTLD: LD_PRELOAD finished\n");
1444                 break;
1445         case UTRACE_INIT_CALL:
1446                 printf("RTLD: init %p for %p (%s)\n", ut->mapbase, ut->handle,
1447                     ut->name);
1448                 break;
1449         case UTRACE_FINI_CALL:
1450                 printf("RTLD: fini %p for %p (%s)\n", ut->mapbase, ut->handle,
1451                     ut->name);
1452                 break;
1453         default:
1454                 p += 4;
1455                 len -= 4;
1456                 printf("RTLD: %d ", len);
1457                 while (len--)
1458                         if (decimal)
1459                                 printf(" %d", *p++);
1460                         else
1461                                 printf(" %02x", *p++);
1462                 printf("\n");
1463         }
1464 }
1465
1466 struct utrace_malloc {
1467         void *p;
1468         size_t s;
1469         void *r;
1470 };
1471
1472 void
1473 ktruser_malloc(unsigned char *p)
1474 {
1475         struct utrace_malloc *ut = (struct utrace_malloc *)p;
1476
1477         if (ut->p == (void *)(intptr_t)(-1))
1478                 printf("malloc_init()\n");
1479         else if (ut->s == 0)
1480                 printf("free(%p)\n", ut->p);
1481         else if (ut->p == NULL)
1482                 printf("%p = malloc(%zu)\n", ut->r, ut->s);
1483         else
1484                 printf("%p = realloc(%p, %zu)\n", ut->r, ut->p, ut->s);
1485 }
1486
1487 void
1488 ktruser(int len, unsigned char *p)
1489 {
1490
1491         if (len >= 8 && bcmp(p, "RTLD", 4) == 0) {
1492                 ktruser_rtld(len, p);
1493                 return;
1494         }
1495
1496         if (len == sizeof(struct utrace_malloc)) {
1497                 ktruser_malloc(p);
1498                 return;
1499         }
1500
1501         printf("%d ", len);
1502         while (len--)
1503                 if (decimal)
1504                         printf(" %d", *p++);
1505                 else
1506                         printf(" %02x", *p++);
1507         printf("\n");
1508 }
1509
1510 void
1511 ktrcaprights(cap_rights_t *rightsp)
1512 {
1513
1514         printf("cap_rights_t ");
1515         capname(rightsp);
1516         printf("\n");
1517 }
1518
1519 void
1520 ktrsockaddr(struct sockaddr *sa)
1521 {
1522 /*
1523  TODO: Support additional address families
1524         #include <netnatm/natm.h>
1525         struct sockaddr_natm    *natm;
1526         #include <netsmb/netbios.h>
1527         struct sockaddr_nb      *nb;
1528 */
1529         char addr[64];
1530
1531         /*
1532          * note: ktrstruct() has already verified that sa points to a
1533          * buffer at least sizeof(struct sockaddr) bytes long and exactly
1534          * sa->sa_len bytes long.
1535          */
1536         printf("struct sockaddr { ");
1537         sockfamilyname(sa->sa_family);
1538         printf(", ");
1539
1540 #define check_sockaddr_len(n)                                   \
1541         if (sa_##n.s##n##_len < sizeof(struct sockaddr_##n)) {  \
1542                 printf("invalid");                              \
1543                 break;                                          \
1544         }
1545
1546         switch(sa->sa_family) {
1547         case AF_INET: {
1548                 struct sockaddr_in sa_in;
1549
1550                 memset(&sa_in, 0, sizeof(sa_in));
1551                 memcpy(&sa_in, sa, sa->sa_len);
1552                 check_sockaddr_len(in);
1553                 inet_ntop(AF_INET, &sa_in.sin_addr, addr, sizeof addr);
1554                 printf("%s:%u", addr, ntohs(sa_in.sin_port));
1555                 break;
1556         }
1557 #ifdef NETATALK
1558         case AF_APPLETALK: {
1559                 struct sockaddr_at      sa_at;
1560                 struct netrange         *nr;
1561
1562                 memset(&sa_at, 0, sizeof(sa_at));
1563                 memcpy(&sa_at, sa, sa->sa_len);
1564                 check_sockaddr_len(at);
1565                 nr = &sa_at.sat_range.r_netrange;
1566                 printf("%d.%d, %d-%d, %d", ntohs(sa_at.sat_addr.s_net),
1567                         sa_at.sat_addr.s_node, ntohs(nr->nr_firstnet),
1568                         ntohs(nr->nr_lastnet), nr->nr_phase);
1569                 break;
1570         }
1571 #endif
1572         case AF_INET6: {
1573                 struct sockaddr_in6 sa_in6;
1574
1575                 memset(&sa_in6, 0, sizeof(sa_in6));
1576                 memcpy(&sa_in6, sa, sa->sa_len);
1577                 check_sockaddr_len(in6);
1578                 getnameinfo((struct sockaddr *)&sa_in6, sizeof(sa_in6),
1579                     addr, sizeof(addr), NULL, 0, NI_NUMERICHOST);
1580                 printf("[%s]:%u", addr, htons(sa_in6.sin6_port));
1581                 break;
1582         }
1583 #ifdef IPX
1584         case AF_IPX: {
1585                 struct sockaddr_ipx sa_ipx;
1586
1587                 memset(&sa_ipx, 0, sizeof(sa_ipx));
1588                 memcpy(&sa_ipx, sa, sa->sa_len);
1589                 check_sockaddr_len(ipx);
1590                 /* XXX wish we had ipx_ntop */
1591                 printf("%s", ipx_ntoa(sa_ipx.sipx_addr));
1592                 free(sa_ipx);
1593                 break;
1594         }
1595 #endif
1596         case AF_UNIX: {
1597                 struct sockaddr_un sa_un;
1598
1599                 memset(&sa_un, 0, sizeof(sa_un));
1600                 memcpy(&sa_un, sa, sa->sa_len);
1601                 printf("%.*s", (int)sizeof(sa_un.sun_path), sa_un.sun_path);
1602                 break;
1603         }
1604         default:
1605                 printf("unknown address family");
1606         }
1607         printf(" }\n");
1608 }
1609
1610 void
1611 ktrstat(struct stat *statp)
1612 {
1613         char mode[12], timestr[PATH_MAX + 4];
1614         struct passwd *pwd;
1615         struct group  *grp;
1616         struct tm *tm;
1617
1618         /*
1619          * note: ktrstruct() has already verified that statp points to a
1620          * buffer exactly sizeof(struct stat) bytes long.
1621          */
1622         printf("struct stat {");
1623         strmode(statp->st_mode, mode);
1624         printf("dev=%ju, ino=%ju, mode=%s, nlink=%ju, ",
1625                 (uintmax_t)statp->st_dev, (uintmax_t)statp->st_ino, mode,
1626                 (uintmax_t)statp->st_nlink);
1627         if (resolv == 0 || (pwd = getpwuid(statp->st_uid)) == NULL)
1628                 printf("uid=%ju, ", (uintmax_t)statp->st_uid);
1629         else
1630                 printf("uid=\"%s\", ", pwd->pw_name);
1631         if (resolv == 0 || (grp = getgrgid(statp->st_gid)) == NULL)
1632                 printf("gid=%ju, ", (uintmax_t)statp->st_gid);
1633         else
1634                 printf("gid=\"%s\", ", grp->gr_name);
1635         printf("rdev=%ju, ", (uintmax_t)statp->st_rdev);
1636         printf("atime=");
1637         if (resolv == 0)
1638                 printf("%jd", (intmax_t)statp->st_atim.tv_sec);
1639         else {
1640                 tm = localtime(&statp->st_atim.tv_sec);
1641                 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1642                 printf("\"%s\"", timestr);
1643         }
1644         if (statp->st_atim.tv_nsec != 0)
1645                 printf(".%09ld, ", statp->st_atim.tv_nsec);
1646         else
1647                 printf(", ");
1648         printf("stime=");
1649         if (resolv == 0)
1650                 printf("%jd", (intmax_t)statp->st_mtim.tv_sec);
1651         else {
1652                 tm = localtime(&statp->st_mtim.tv_sec);
1653                 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1654                 printf("\"%s\"", timestr);
1655         }
1656         if (statp->st_mtim.tv_nsec != 0)
1657                 printf(".%09ld, ", statp->st_mtim.tv_nsec);
1658         else
1659                 printf(", ");
1660         printf("ctime=");
1661         if (resolv == 0)
1662                 printf("%jd", (intmax_t)statp->st_ctim.tv_sec);
1663         else {
1664                 tm = localtime(&statp->st_ctim.tv_sec);
1665                 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1666                 printf("\"%s\"", timestr);
1667         }
1668         if (statp->st_ctim.tv_nsec != 0)
1669                 printf(".%09ld, ", statp->st_ctim.tv_nsec);
1670         else
1671                 printf(", ");
1672         printf("birthtime=");
1673         if (resolv == 0)
1674                 printf("%jd", (intmax_t)statp->st_birthtim.tv_sec);
1675         else {
1676                 tm = localtime(&statp->st_birthtim.tv_sec);
1677                 strftime(timestr, sizeof(timestr), TIME_FORMAT, tm);
1678                 printf("\"%s\"", timestr);
1679         }
1680         if (statp->st_birthtim.tv_nsec != 0)
1681                 printf(".%09ld, ", statp->st_birthtim.tv_nsec);
1682         else
1683                 printf(", ");
1684         printf("size=%jd, blksize=%ju, blocks=%jd, flags=0x%x",
1685                 (uintmax_t)statp->st_size, (uintmax_t)statp->st_blksize,
1686                 (intmax_t)statp->st_blocks, statp->st_flags);
1687         printf(" }\n");
1688 }
1689
1690 void
1691 ktrstruct(char *buf, size_t buflen)
1692 {
1693         char *name, *data;
1694         size_t namelen, datalen;
1695         int i;
1696         cap_rights_t rights;
1697         struct stat sb;
1698         struct sockaddr_storage ss;
1699
1700         for (name = buf, namelen = 0;
1701              namelen < buflen && name[namelen] != '\0';
1702              ++namelen)
1703                 /* nothing */;
1704         if (namelen == buflen)
1705                 goto invalid;
1706         if (name[namelen] != '\0')
1707                 goto invalid;
1708         data = buf + namelen + 1;
1709         datalen = buflen - namelen - 1;
1710         if (datalen == 0)
1711                 goto invalid;
1712         /* sanity check */
1713         for (i = 0; i < (int)namelen; ++i)
1714                 if (!isalpha(name[i]))
1715                         goto invalid;
1716         if (strcmp(name, "caprights") == 0) {
1717                 if (datalen != sizeof(cap_rights_t))
1718                         goto invalid;
1719                 memcpy(&rights, data, datalen);
1720                 ktrcaprights(&rights);
1721         } else if (strcmp(name, "stat") == 0) {
1722                 if (datalen != sizeof(struct stat))
1723                         goto invalid;
1724                 memcpy(&sb, data, datalen);
1725                 ktrstat(&sb);
1726         } else if (strcmp(name, "sockaddr") == 0) {
1727                 if (datalen > sizeof(ss))
1728                         goto invalid;
1729                 memcpy(&ss, data, datalen);
1730                 if (datalen != ss.ss_len)
1731                         goto invalid;
1732                 ktrsockaddr((struct sockaddr *)&ss);
1733         } else {
1734                 printf("unknown structure\n");
1735         }
1736         return;
1737 invalid:
1738         printf("invalid record\n");
1739 }
1740
1741 void
1742 ktrcapfail(struct ktr_cap_fail *ktr)
1743 {
1744         switch (ktr->cap_type) {
1745         case CAPFAIL_NOTCAPABLE:
1746                 /* operation on fd with insufficient capabilities */
1747                 printf("operation requires ");
1748                 capname(&ktr->cap_needed);
1749                 printf(", process holds ");
1750                 capname(&ktr->cap_held);
1751                 break;
1752         case CAPFAIL_INCREASE:
1753                 /* requested more capabilities than fd already has */
1754                 printf("attempt to increase capabilities from ");
1755                 capname(&ktr->cap_held);
1756                 printf(" to ");
1757                 capname(&ktr->cap_needed);
1758                 break;
1759         case CAPFAIL_SYSCALL:
1760                 /* called restricted syscall */
1761                 printf("disallowed system call");
1762                 break;
1763         case CAPFAIL_LOOKUP:
1764                 /* used ".." in strict-relative mode */
1765                 printf("restricted VFS lookup");
1766                 break;
1767         default:
1768                 printf("unknown capability failure: ");
1769                 capname(&ktr->cap_needed);
1770                 printf(" ");
1771                 capname(&ktr->cap_held);
1772                 break;
1773         }
1774         printf("\n");
1775 }
1776
1777 void
1778 ktrfault(struct ktr_fault *ktr)
1779 {
1780
1781         printf("0x%jx ", ktr->vaddr);
1782         vmprotname(ktr->type);
1783         printf("\n");
1784 }
1785
1786 void
1787 ktrfaultend(struct ktr_faultend *ktr)
1788 {
1789
1790         vmresultname(ktr->result);
1791         printf("\n");
1792 }
1793
1794 #if defined(__amd64__) || defined(__i386__)
1795 void
1796 linux_ktrsyscall(struct ktr_syscall *ktr)
1797 {
1798         int narg = ktr->ktr_narg;
1799         register_t *ip;
1800
1801         if (ktr->ktr_code >= nlinux_syscalls || ktr->ktr_code < 0)
1802                 printf("[%d]", ktr->ktr_code);
1803         else
1804                 printf("%s", linux_syscallnames[ktr->ktr_code]);
1805         ip = &ktr->ktr_args[0];
1806         if (narg) {
1807                 char c = '(';
1808                 while (narg > 0)
1809                         print_number(ip, narg, c);
1810                 putchar(')');
1811         }
1812         putchar('\n');
1813 }
1814
1815 void
1816 linux_ktrsysret(struct ktr_sysret *ktr)
1817 {
1818         register_t ret = ktr->ktr_retval;
1819         int error = ktr->ktr_error;
1820         int code = ktr->ktr_code;
1821
1822         if (code >= nlinux_syscalls || code < 0)
1823                 printf("[%d] ", code);
1824         else
1825                 printf("%s ", linux_syscallnames[code]);
1826
1827         if (error == 0) {
1828                 if (fancy) {
1829                         printf("%ld", (long)ret);
1830                         if (ret < 0 || ret > 9)
1831                                 printf("/%#lx", (unsigned long)ret);
1832                 } else {
1833                         if (decimal)
1834                                 printf("%ld", (long)ret);
1835                         else
1836                                 printf("%#lx", (unsigned long)ret);
1837                 }
1838         } else if (error == ERESTART)
1839                 printf("RESTART");
1840         else if (error == EJUSTRETURN)
1841                 printf("JUSTRETURN");
1842         else {
1843                 if (ktr->ktr_error <= ELAST + 1)
1844                         error = abs(bsd_to_linux_errno[ktr->ktr_error]);
1845                 else
1846                         error = 999;
1847                 printf("-1 errno %d", error);
1848                 if (fancy)
1849                         printf(" %s", strerror(ktr->ktr_error));
1850         }
1851         putchar('\n');
1852 }
1853 #endif
1854
1855 void
1856 usage(void)
1857 {
1858         fprintf(stderr, "usage: kdump [-dEnlHRrsTA] [-f trfile] "
1859             "[-m maxdata] [-p pid] [-t trstr]\n");
1860         exit(1);
1861 }