Subject: Re: Show sysctl activity in ktrace
To: None <>
From: Christos Zoulas <>
List: tech-kern
Date: 09/21/2006 12:21:11
In article <200609210506.BAA27071@Sparkle.Rodents.Montreal.QC.CA>,
der Mouse  <mouse@Rodents.Montreal.QC.CA> wrote:
>>> ktrace tends to be useless when dealing with sysctl calls.
>And many others, such as connect() and various ioctls.
>>>   108      1 sysctl   CALL  __sysctl(0xbfbfecb0,3,0xbfbfdad0, 0xbfbfdacc,0,0)
>>>   108      1 sysctl   MIB   1.1118.1120
>This is more generally symptomatic of a fairly pervasive problem with
>ktrace: it shows just the arguments to syscalls, not what those
>arguments point to.
>There are workarounds for some of the most common calls, such as
>open/readlink/etc (via NAMI entries) and write (via GIO entries); all
>you're doing is adding one more special-case kludge onto the pile for
>Wouldn't it be better to fix them all, by making ktracers find out
>about data the kernel reads from places pointed to by syscalls?  Then
>kdump can juggle the formatting however it thinks appropriate for the
>call in question.  Yes, this means a bit more work (syscalls that chase
>user-level pointers would have to use a routine that creates ktrace
>entries as well as reading the data), but it's really the right fix.
>No, this doesn't mean I'm volunteering.  Just that I want to make sure
>people are aware that this is yet another kludge-around to make a
>symptom go away, not a real fix to the underlying problem.

If you want that, you can compile strace from pkgsrc.