From owner-freebsd-hackers@FreeBSD.ORG Wed May 19 14:13:52 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D8AE1065676; Wed, 19 May 2010 14:13:52 +0000 (UTC) (envelope-from dkmcnulty@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.155]) by mx1.freebsd.org (Postfix) with ESMTP id 017408FC16; Wed, 19 May 2010 14:13:51 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id 22so2028492fge.13 for ; Wed, 19 May 2010 07:13:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=aTc3BKd5XTfaxoRDN8mfYcmqoO1iwVSZajm/vTwsqVo=; b=nneutToY4LPELlcdSrsIRXG6+5TXke+ixwqjgaDoW7ZJFjEHhLciqq5lDYBuBdQvx5 3XJuFO4t3rxzcslXUy2M+IMat76O/AmXRsD+EYL+j5XISgOv2EqPDv/uKU9jrpK8nawY 4QpQrdatk6jkavY/4YCoADSjXp143CIhkUY80= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=i/6m57IkHtoZMzgLfzsASmQt2P4q3GPAZqz6sDRZwqexcnKfiYwnFjTIWMM+Ur6ctP zxhKI/P+EBZedl/6EBihzK+skETQ+HZlIyUtXYrRSvx5ld6JcltftOYsj+0vvPG94+I9 +NOhvUBAM1NVqprfknAVP/rM/O+Bo5cpdcOWs= MIME-Version: 1.0 Received: by 10.239.188.202 with SMTP id q10mr889850hbh.126.1274278430502; Wed, 19 May 2010 07:13:50 -0700 (PDT) Received: by 10.239.153.198 with HTTP; Wed, 19 May 2010 07:13:50 -0700 (PDT) In-Reply-To: <20100518074054.GE6175@elvis.mu.org> References: <20100518074054.GE6175@elvis.mu.org> Date: Wed, 19 May 2010 09:13:50 -0500 Message-ID: From: Dan McNulty To: Alfred Perlstein Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-hackers@freebsd.org Subject: Re: Efficient way to determine when a child process forks or calls exec X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 May 2010 14:13:52 -0000 Thanks for all the great suggestions! It looks like the kevent system call is the closest to what I need. However, I didn't mention this, but I would like the process being traced to be stopped on entrance to fork, exec, etc. This would be similar to Linux's ptrace interface which sends a SIGTRAP to the traced process on exec, fork, etc. From what I could tell so far, kevent doesn't provide this functionality. Am I missing something? Is there a way to get kevent to stop the process when events occur? Thanks again for your help, -Dan On Tue, May 18, 2010 at 2:40 AM, Alfred Perlstein wrote: > * Dan McNulty [100517 08:02] wrote: >> Hi all, >> >> I have been experimenting with ptrace to determine when a child >> process forks or calls exec. Particularly, I have explored tracing >> every system call entry and exit similar to what the truss utility >> does, and for my case, the performance impact of tracing every system >> call is too great. >> >> Is there a more efficient way than tracing every system call entry and >> exit to determine when a child process forks, calls exec, or creates a >> new LWP? >> >> Thanks a lot for your help! > > kevent has some hooks, have you looked at that? > > -- > - Alfred Perlstein > .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10 > .- FreeBSD committer >