I would know is there any way to inspect/intercept IO operations on FreeBSD. Like ktrace but if I don't know the process (which takes some big time for example).
Asked
Active
Viewed 830 times
3 Answers
5
For monitoring and performance analysis, you have a very powerful semi-programmable tool called dtrace.
dtrace allows to build command line or small programs that will allow you to follow must of the system calls.
It is somewhat powerful and complex. and you can find some examples around including a very interesting book Systems Performance: Enterprise and the Cloud
From the DTrace Tools page:
DTrace, an implementation of dynamic tracing that is available in different OSes (Solaris, Mac OS X, FreeBSD, ...). DTrace helps troubleshoot problems on servers by providing new detailed views of application and system internals, to a level that was previously difficult or impossible to access. It provides a language to write DTrace scripts that is similar to C and awk and is event based.
# Files opened by process: dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' # Read bytes by process: dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' # Write bytes by process: dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' # Read size distribution by process: dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' # Write size distribution by process: dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }'
Rui F Ribeiro
- 55,929
- 26
- 146
- 227
-
1Unfortunately, sysinfo provider is not available under FreeBSD. You can list all probes by running `dtrace -l`. For this task it is possible to use syscall and vfs providers, but syscall arguments are OS specific. – citrin Aug 20 '16 at 12:57
-
I found that dtrace is a port of linux dtrace. But i really want own freebsd implementation of something of that, but thanks to reply – Sergey Efimov Aug 24 '16 at 05:53
-
dtrace comes from solaris and, lacking others is a rather powerful tool. I used to use it, however nowadays sysdig is more supported in linux. – Rui F Ribeiro Aug 24 '16 at 05:56
-
I remember hearing about a port of aysdig from linux to freebsd. – Rui F Ribeiro Aug 24 '16 at 06:14
-
Interesting, how do freebsd developers debug their own system? how the development is going at all? i think they dont add log lines to drivers/system tools when fetching source tree and doing some enchancements, but fixes or new things – Sergey Efimov Aug 29 '16 at 17:43
5
As said in other answer DTrace is powerful tool for tracing system activity and can be used for this task too.
Some Dtrace scripts are portable but many are OS-specific. Many useful scripts can be found in the Dtrace Toolkit, but rwsnoot and opensnoop not yet work under FreeBSD.
To monitor open syscalls this script can be used:
#!/usr/sbin/dtrace -s
dtrace:::BEGIN
{
printf("%5s %5s %s","UID","PID", "Command Path");
}
syscall::open*:entry
{
printf("%5d %5d %s %s", uid, pid, execname,
probefunc == "open" ? copyinstr(arg0) : copyinstr(arg1));
}
Simple (but not very useful) script for read/write
#!/usr/sbin/dtrace -s
syscall::*read:entry,
syscall::*write:entry
{
printf("%5d %s CALL %s(%d, .., %d)", pid, execname, probefunc, arg0, arg2);
self->fd = arg0;
}
syscall::*readv:entry,
syscall::*writev:entry
{
printf("%5d %s CALL %s(%d, ...)", pid, execname, probefunc, arg0);
}
syscall::*read*:return
{
printf("%5d %s fd %d read %d bytes", pid, execname, self->fd, arg0);
self->fd = 0;
}
syscall::*write*:return
{
printf("%5d %s fd %d wrote %d bytes", pid, execname, self->fd, arg0);
self->fd = 0;
}
You probably will need some filter. E. g. don't trace dtrace self:
syscall::foobar:entry
/execname != "dtrace"/
{
...
}
citrin
- 151
- 4
-
I found that dtrace is a port of linux dtrace. But i really want own freebsd implementation of something of that, but thanks to reply – Sergey Efimov Aug 24 '16 at 05:54
-
1Dtrace was ported from Solaris to the FreeBSD, and then to the Linux. Same for the scripts in Dtrace toolkit - scripts was written for Solaris and then some of them was ported to other OSes. There are a few scripts written for FreeBSD, they can be found in /usr/share/dtrace/ – citrin Aug 26 '16 at 19:49
-
Interesting, how do freebsd developers debug their own system? how the development is going at all? i think they dont add log lines to drivers/system tools when fetching source tree and doing some enchancements, but fixes or new things – Sergey Efimov Aug 29 '16 at 17:43
-
1. There are debugging options besides DTrace: https://software.intel.com/sites/default/files/profiling_debugging_freebsd_kernel_321772.pdf 2. Each bug is unique in some way so for debugging developers often write short one-time Dtrace scripts for particular problem. – citrin Sep 01 '16 at 20:09
