Another strace useful option

lis 8, 2022 #linux, #path, #process, #strace, #syscall autorstwa Rafał

This article will be really quick. I found another useful strace option. It allows to track system calls related to specified path -P. It is part of strace utility, so we can assume, it will be much more efficient than grepping the output.

As an example I can show you tracing all data sent by communication program to another device connected via RS-485 (/dev/ttyO4)

# strace -p 313 -x -e trace=write,read -P /dev/ttyO4
Process 313 attached
read(6, "\xff\xff\x01\x03\xd0\x07\x00\x00\xab\x01", 256) = 10
read(6, "\x00\x00\xb6\x01\x00\x00\x9e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10", 256) = 21
read(6, "\x07\x10\x00\x00\x00\x00\x00\x3b\x99\xff\x02", 256) = 11
write(6, "\xff\x01\x01\x06\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xeb\xf0\xff"..., 33) = 33
read(6, "\xff\xff\x01\x01\xd0\x07\x00\x00", 256) = 8
read(6, "\x9d\x01\x00\x00\xa6\x01\x00\x00\x90\x01\x00\x00\x00", 256) = 13
read(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00", 256) = 12
read(6, "\x00\x00\x00\x00\x00\x11\x41\xff\x02", 256) = 9
write(6, "\xff\x01\x02\x06\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x33\x06\xff"..., 33) = 33
read(6, "\xff\xff\x01\x02\xd0\x07", 256) = 6

Program works on PID 313 (-p 313), we want to show data in hexadecimal form (-x) and trace only write and read syscalls (-e trace=write,read). Finally the option specifying the right path is -P /dev/ttyO4. As we can see, only file descriptor 6. To proof that it’s the right one, let’s list all file descriptors used by the process:

# ls -la /proc/313/fd
total 0
dr-x------    2 root     root             0 Nov  8 08:03 .
dr-xr-xr-x    8 root     root             0 Nov  8 08:03 ..
lr-x------    1 root     root            64 Nov  8 08:03 0 -> /dev/null
l-wx------    1 root     root            64 Nov  8 08:03 1 -> /dev/null
l-wx------    1 root     root            64 Nov  8 08:03 2 -> /dev/null
lrwx------    1 root     root            64 Nov  8 08:03 3 -> socket:[8861]
lrwx------    1 root     root            64 Nov  8 08:03 4 -> anon_inode:[timerfd]
lrwx------    1 root     root            64 Nov  8 08:03 5 -> anon_inode:[timerfd]
lrwx------    1 root     root            64 Nov  8 08:04 6 -> /dev/ttyO4
lrwx------    1 root     root            64 Nov  8 08:04 7 -> /dev/pts/0

File descriptor number 6 is linked to our resource – /dev/ttyO4. This option is very useful in solving wide range of problems. Hope it will help.

Tag: #syscall

Another strace useful option