5

I would know is there any way to inspect/intercept IO operations on FreeBSD. Like ktrace but if I don't know the process (which takes some big time for example).

Improve this question

3 Answers 3

Reset to default
5

For monitoring and performance analysis, you have a very powerful semi-programmable tool called dtrace.

dtrace allows to build command line or small programs that will allow you to follow must of the system calls.

It is somewhat powerful and complex. and you can find some examples around including a very interesting book Systems Performance: Enterprise and the Cloud

From the DTrace Tools page:

DTrace, an implementation of dynamic tracing that is available in different OSes (Solaris, Mac OS X, FreeBSD, ...). DTrace helps troubleshoot problems on servers by providing new detailed views of application and system internals, to a level that was previously difficult or impossible to access. It provides a language to write DTrace scripts that is similar to C and awk and is event based.

# Files opened by process:
dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'

# Read bytes by process:
dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }'

# Write bytes by process:
dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }'

# Read size distribution by process:
dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }'

# Write size distribution by process:
dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }'
Improve this answer
5
  • 1
    Unfortunately, sysinfo provider is not available under FreeBSD. You can list all probes by running dtrace -l. For this task it is possible to use syscall and vfs providers, but syscall arguments are OS specific. Commented Aug 20, 2016 at 12:57
  • I found that dtrace is a port of linux dtrace. But i really want own freebsd implementation of something of that, but thanks to reply Commented Aug 24, 2016 at 5:53
  • dtrace comes from solaris and, lacking others is a rather powerful tool. I used to use it, however nowadays sysdig is more supported in linux. Commented Aug 24, 2016 at 5:56
  • I remember hearing about a port of aysdig from linux to freebsd. Commented Aug 24, 2016 at 6:14
  • Interesting, how do freebsd developers debug their own system? how the development is going at all? i think they dont add log lines to drivers/system tools when fetching source tree and doing some enchancements, but fixes or new things Commented Aug 29, 2016 at 17:43
5

As said in other answer DTrace is powerful tool for tracing system activity and can be used for this task too.

Some Dtrace scripts are portable but many are OS-specific. Many useful scripts can be found in the Dtrace Toolkit, but rwsnoot and opensnoop not yet work under FreeBSD.

To monitor open syscalls this script can be used:

#!/usr/sbin/dtrace -s

dtrace:::BEGIN
{
    printf("%5s %5s %s","UID","PID", "Command  Path");
}

syscall::open*:entry
{
    printf("%5d %5d %s %s", uid, pid, execname,
                    probefunc == "open" ? copyinstr(arg0) : copyinstr(arg1));
}

Simple (but not very useful) script for read/write

#!/usr/sbin/dtrace -s

syscall::*read:entry,
syscall::*write:entry
{
    printf("%5d %s CALL %s(%d, .., %d)", pid, execname, probefunc, arg0, arg2);
    self->fd = arg0;
}

syscall::*readv:entry,
syscall::*writev:entry
{
     printf("%5d %s CALL %s(%d, ...)", pid, execname, probefunc, arg0);
}

syscall::*read*:return
{
    printf("%5d %s fd %d read %d bytes", pid, execname, self->fd, arg0);
    self->fd = 0;
}

syscall::*write*:return
{
    printf("%5d %s fd %d wrote %d bytes", pid, execname, self->fd, arg0);
    self->fd = 0;
}

You probably will need some filter. E. g. don't trace dtrace self:

syscall::foobar:entry
/execname != "dtrace"/
{
    ...
}
Improve this answer
4
  • I found that dtrace is a port of linux dtrace. But i really want own freebsd implementation of something of that, but thanks to reply Commented Aug 24, 2016 at 5:54
  • 1
    Dtrace was ported from Solaris to the FreeBSD, and then to the Linux. Same for the scripts in Dtrace toolkit - scripts was written for Solaris and then some of them was ported to other OSes. There are a few scripts written for FreeBSD, they can be found in /usr/share/dtrace/ Commented Aug 26, 2016 at 19:49
  • Interesting, how do freebsd developers debug their own system? how the development is going at all? i think they dont add log lines to drivers/system tools when fetching source tree and doing some enchancements, but fixes or new things Commented Aug 29, 2016 at 17:43
  • 1. There are debugging options besides DTrace: software.intel.com/sites/default/files/… 2. Each bug is unique in some way so for debugging developers often write short one-time Dtrace scripts for particular problem. Commented Sep 1, 2016 at 20:09
1

Personally, I tend to use top -m io.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.