btrace on OpenBSD
Status
Jan 2020: btrace is still disabled by default.
You have been warned, there be dragons.
Enabling btrace
Compile a kernel with option NDT defined, and pseudo-device dt enabled.
Add kern.allowdt=1 to /etc/sysctl.conf.
Build and install btrace.
Examples
All syscalls made until Ctrl-C is hit. In this case ~8sec.
# time btrace all_syscalls.bt
^C@map[conky]: 6856
@map[sh]: 5034
@map[whoami]: 746
@map[cut]: 671
@map[sysctl]: 399
@map[ntpd]: 235
@map[Xorg]: 225
@map[chrome]: 146
@map[sensorsd]: 97
@map[xterm]: 38
@map[pflogd]: 33
@map[dbus-daemon]: 32
@map[syslogd]: 9
@map[apmd]: 2
0m08.18s real 0m00.03s user 0m00.07s system
Forking another process.
# btrace who_is_forking.bt
1580156214143317063 ksh is forking. pid 68164 tid 342274
1580156214146972144 ksh is forking. pid 7769 tid 131739
1580156214148033754 ksh is forking. pid 7769 tid 131739
1580156214149103953 ksh is forking. pid 7769 tid 131739
1580156214198182664 ksh is forking. pid 68164 tid 342274
1580156216101819839 conky is forking. pid 79331 tid 302709
1580156216113248431 sh is forking. pid 67258 tid 388961
1580156216124913749 conky is forking. pid 79331 tid 302709
1580156216135938612 sh is forking. pid 68395 tid 4902
1580156216136774304 sh is forking. pid 68395 tid 4902
^C@map[ksh]: 5
@map[sh]: 3
@map[conky]: 2
Calling pledge or unveil
# btrace calling_unveil.bt
^C@map[chrome]: 178
@map[sysctl]: 43
@map[doas]: 9
# btrace calling_pledge.bt
sh calling pledge
doas calling pledge
doas calling pledge
doas calling pledge
env calling pledge
sh calling pledge
chrome calling pledge
sh calling pledge
whoami calling pledge
sh calling pledge
cut calling pledge
cut calling pledge
chrome calling pledge
chrome calling pledge
chrome calling pledge
sh calling pledge
grep calling pledge
grep calling pledge
grep calling pledge
uname calling pledge
sh calling pledge
grep calling pledge
chrome calling pledge
chrome calling pledge
grep calling pledge
grep calling pledge
uname calling pledge
awk calling pledge
cut calling pledge
cut calling pledge
basename calling pledge
grep calling pledge
cut calling pledge
cut calling pledge
which calling pledge
readlink calling pledge
chrome calling pledge
chrome calling pledge
chrome calling pledge
sh calling pledge
whoami calling pledge
sh calling pledge
cut calling pledge
cut calling pledge
sh calling pledge
whoami calling pledge
sh calling pledge
cut calling pledge
cut calling pledge
sh calling pledge
grep calling pledge
grep calling pledge
grep calling pledge
uname calling pledge
sh calling pledge
grep calling pledge
grep calling pledge
grep calling pledge
uname calling pledge
cut calling pledge
cut calling pledge
awk calling pledge
basename calling pledge
grep calling pledge
cut calling pledge
cut calling pledge
which calling pledge
readlink calling pledge
sh calling pledge
whoami calling pledge
sh calling pledge
cut calling pledge
cut calling pledge
^C@map[cut]: 16
@map[sh]: 14
@map[chrome]: 9
@map[whoami]: 4
@map[doas]: 3
@map[which]: 2
@map[env]: 1