trace(5)
NAME
/dev/trace − system call tracer device
DESCRIPTION
The file /dev/trace is the system call trace device. It supports the following system calls: open, close, read, ioctl, and select. The device supports 16 (configurable in sys/systrace.h as TR_USRS) simultaneous users. It uses an 8192 byte buffer for trace records. The choice of which system calls to trace is done with the ioctl system call. The select call is used for efficient reading of the device. The select call uses an 8192 byte buffer and returns when the buffer is 60% full. It is required that the user use a buffer the same size as the system buffer size defined in sys/systrace.h as TR_BUFSIZE. All ioctl operations are defined in the header file, sys/systrace.h. The ioctl calls are:
ioctlarg (pointer to)
IOTR_GETOFFint a
IOTR_GETONint a
IOTR_GETALLint a
IOTR_GETPIDSint a[10]
IOTR_GETUIDSint a[10]
IOTR_GETSYSCint a[10]
IOTR_GETPGRPint a[10]
IOTR_SETOFFint a
IOTR_SETONint a
IOTR_SETALLint a
IOTR_SETPIDSint a[10]
IOTR_SETUIDSint a[10]
IOTR_SETSYSCint a[10]
IOTR_SETPGRPint a[10]
EXAMPLES
A prototype example (with missing parts):
char cmd[BUFSIZ],buf[TR_BUFSIZ];
int pgrp[10],i;
fd = open("/dev/trace",0); /* open the device */
pgrp[0] = dofork(cmd); /* fork the command to trace */
for (i=1;i<TR_PGRP;i++) /* dofork sleeps 2 seconds while */
pgrp[i] = 0; /* we set up to do the trace */
i = ioctl(fd,IOTR_SETPGRP,pgrp);/* set up for the trace */
/* select code goes here */
read(fd,buf,sizeof(buf));