syscall Probes
syscall provides a pair of probes for each system call: an entry probe that fires before the system call is entered, and a return probe that fires after the system call has completed but before control has transferred back to user-level. For all syscall probes, the function name is set to be the name of the instrumented system call and the module name is undefined.
The names of the system calls as provided by the
syscall provider may be found in the
/etc/name_to_sysnum file. Often, the
system call names provided by syscall correspond
to names in Section 2 of the man pages. However, some probes
provided by the syscall provider do not directly
correspond to any documented system call. The common reasons for
this discrepancy are described in this section.