1 /* 2 * cn_proc.h - process events connector 3 * 4 * Copyright (C) Matt Helsley, IBM Corp. 2005 5 * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin 6 * Copyright (C) 2005 Nguyen Anh Quynh <aquynh (at) gmail.com> 7 * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin (at) bull.net> 8 * 9 * This program is free software; you can redistribute it and/or modify it 10 * under the terms of version 2.1 of the GNU Lesser General Public License 11 * as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it would be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 16 */ 17 18 #ifndef CN_PROC_H 19 #define CN_PROC_H 20 21 #include <linux/types.h> 22 23 /* 24 * Userspace sends this enum to register with the kernel that it is listening 25 * for events on the connector. 26 */ 27 enum proc_cn_mcast_op { 28 PROC_CN_MCAST_LISTEN = 1, 29 PROC_CN_MCAST_IGNORE = 2 30 }; 31 32 /* 33 * From the user's point of view, the process 34 * ID is the thread group ID and thread ID is the internal 35 * kernel "pid". So, fields are assigned as follow: 36 * 37 * In user space - In kernel space 38 * 39 * parent process ID = parent->tgid 40 * parent thread ID = parent->pid 41 * child process ID = child->tgid 42 * child thread ID = child->pid 43 */ 44 45 struct proc_event { 46 enum what { 47 /* Use successive bits so the enums can be used to record 48 * sets of events as well 49 */ 50 PROC_EVENT_NONE = 0x00000000, 51 PROC_EVENT_FORK = 0x00000001, 52 PROC_EVENT_EXEC = 0x00000002, 53 PROC_EVENT_UID = 0x00000004, 54 PROC_EVENT_GID = 0x00000040, 55 PROC_EVENT_SID = 0x00000080, 56 PROC_EVENT_PTRACE = 0x00000100, 57 PROC_EVENT_COMM = 0x00000200, 58 /* "next" should be 0x00000400 */ 59 /* "last" is the last process event: exit */ 60 PROC_EVENT_EXIT = 0x80000000 61 } what; 62 __u32 cpu; 63 __u64 __attribute__((aligned(8))) timestamp_ns; 64 /* Number of nano seconds since system boot */ 65 union { /* must be last field of proc_event struct */ 66 struct { 67 __u32 err; 68 } ack; 69 70 struct fork_proc_event { 71 __kernel_pid_t parent_pid; 72 __kernel_pid_t parent_tgid; 73 __kernel_pid_t child_pid; 74 __kernel_pid_t child_tgid; 75 } fork; 76 77 struct exec_proc_event { 78 __kernel_pid_t process_pid; 79 __kernel_pid_t process_tgid; 80 } exec; 81 82 struct id_proc_event { 83 __kernel_pid_t process_pid; 84 __kernel_pid_t process_tgid; 85 union { 86 __u32 ruid; /* task uid */ 87 __u32 rgid; /* task gid */ 88 } r; 89 union { 90 __u32 euid; 91 __u32 egid; 92 } e; 93 } id; 94 95 struct sid_proc_event { 96 __kernel_pid_t process_pid; 97 __kernel_pid_t process_tgid; 98 } sid; 99 100 struct ptrace_proc_event { 101 __kernel_pid_t process_pid; 102 __kernel_pid_t process_tgid; 103 __kernel_pid_t tracer_pid; 104 __kernel_pid_t tracer_tgid; 105 } ptrace; 106 107 struct comm_proc_event { 108 __kernel_pid_t process_pid; 109 __kernel_pid_t process_tgid; 110 char comm[16]; 111 } comm; 112 113 struct exit_proc_event { 114 __kernel_pid_t process_pid; 115 __kernel_pid_t process_tgid; 116 __u32 exit_code, exit_signal; 117 } exit; 118 } event_data; 119 }; 120 121 #endif /* CN_PROC_H */ 122
