Ioctl

Ioctl stands for input/output control. It is used to interface with the kernel via descriptors. Every device, file or socket opened has its own set of ioctl control codes that one can set or gather information to/from the kernel.

Here is an example of a ktrace of an pfctl -ss, it opens the /dev/pf device on descriptor 3 and gets a listing of DIOCGETALTQS and DIOCGETSTATES, the fact that it has GET in the names and not SET is indicative that it is querying information.

... 27668 pfctl   CALL  open(0x54e000,0,0) 27668 pfctl   NAMI  "/dev/pf" 27668 pfctl   RET   open 3 27668 pfctl   CALL  ioctl(0x3,DIOCGETALTQS,0x7f7ffffd02e0) 27668 pfctl   RET   ioctl 0 27668 pfctl   CALL  ioctl(0x3,DIOCGETSTATES,0x7f7ffffd0350) 27668 pfctl   RET   ioctl 0 ...

Like with any syscall it returns 0 on success and -1 on error.