1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#ifndef CN_PROC_H
19#define CN_PROC_H
20
21#include <linux/types.h>
22
23
24
25
26
27enum proc_cn_mcast_op {
28 PROC_CN_MCAST_LISTEN = 1,
29 PROC_CN_MCAST_IGNORE = 2
30};
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45struct proc_event {
46 enum what {
47
48
49
50 PROC_EVENT_NONE = 0x00000000,
51 PROC_EVENT_FORK = 0x00000001,
52 PROC_EVENT_EXEC = 0x00000002,
53 PROC_EVENT_UID = 0x00000004,
54 PROC_EVENT_GID = 0x00000040,
55 PROC_EVENT_SID = 0x00000080,
56
57
58 PROC_EVENT_EXIT = 0x80000000
59 } what;
60 __u32 cpu;
61 __u64 __attribute__((aligned(8))) timestamp_ns;
62
63 union {
64 struct {
65 __u32 err;
66 } ack;
67
68 struct fork_proc_event {
69 __kernel_pid_t parent_pid;
70 __kernel_pid_t parent_tgid;
71 __kernel_pid_t child_pid;
72 __kernel_pid_t child_tgid;
73 } fork;
74
75 struct exec_proc_event {
76 __kernel_pid_t process_pid;
77 __kernel_pid_t process_tgid;
78 } exec;
79
80 struct id_proc_event {
81 __kernel_pid_t process_pid;
82 __kernel_pid_t process_tgid;
83 union {
84 __u32 ruid;
85 __u32 rgid;
86 } r;
87 union {
88 __u32 euid;
89 __u32 egid;
90 } e;
91 } id;
92
93 struct sid_proc_event {
94 __kernel_pid_t process_pid;
95 __kernel_pid_t process_tgid;
96 } sid;
97
98 struct exit_proc_event {
99 __kernel_pid_t process_pid;
100 __kernel_pid_t process_tgid;
101 __u32 exit_code, exit_signal;
102 } exit;
103 } event_data;
104};
105
106#ifdef __KERNEL__
107#ifdef CONFIG_PROC_EVENTS
108void proc_fork_connector(struct task_struct *task);
109void proc_exec_connector(struct task_struct *task);
110void proc_id_connector(struct task_struct *task, int which_id);
111void proc_sid_connector(struct task_struct *task);
112void proc_exit_connector(struct task_struct *task);
113#else
114static inline void proc_fork_connector(struct task_struct *task)
115{}
116
117static inline void proc_exec_connector(struct task_struct *task)
118{}
119
120static inline void proc_id_connector(struct task_struct *task,
121 int which_id)
122{}
123
124static inline void proc_sid_connector(struct task_struct *task)
125{}
126
127static inline void proc_exit_connector(struct task_struct *task)
128{}
129#endif
130#endif
131#endif
132