1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#ifndef _UAPICN_PROC_H
19#define _UAPICN_PROC_H
20
21#include <linux/types.h>
22
23
24
25
26
27enum proc_cn_mcast_op {
28 PROC_CN_MCAST_LISTEN = 1,
29 PROC_CN_MCAST_IGNORE = 2
30};
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45struct proc_event {
46 enum what {
47
48
49
50 PROC_EVENT_NONE = 0x00000000,
51 PROC_EVENT_FORK = 0x00000001,
52 PROC_EVENT_EXEC = 0x00000002,
53 PROC_EVENT_UID = 0x00000004,
54 PROC_EVENT_GID = 0x00000040,
55 PROC_EVENT_SID = 0x00000080,
56 PROC_EVENT_PTRACE = 0x00000100,
57 PROC_EVENT_COMM = 0x00000200,
58
59
60
61 PROC_EVENT_COREDUMP = 0x40000000,
62 PROC_EVENT_EXIT = 0x80000000
63 } what;
64 __u32 cpu;
65 __u64 __attribute__((aligned(8))) timestamp_ns;
66
67 union {
68 struct {
69 __u32 err;
70 } ack;
71
72 struct fork_proc_event {
73 __kernel_pid_t parent_pid;
74 __kernel_pid_t parent_tgid;
75 __kernel_pid_t child_pid;
76 __kernel_pid_t child_tgid;
77 } fork;
78
79 struct exec_proc_event {
80 __kernel_pid_t process_pid;
81 __kernel_pid_t process_tgid;
82 } exec;
83
84 struct id_proc_event {
85 __kernel_pid_t process_pid;
86 __kernel_pid_t process_tgid;
87 union {
88 __u32 ruid;
89 __u32 rgid;
90 } r;
91 union {
92 __u32 euid;
93 __u32 egid;
94 } e;
95 } id;
96
97 struct sid_proc_event {
98 __kernel_pid_t process_pid;
99 __kernel_pid_t process_tgid;
100 } sid;
101
102 struct ptrace_proc_event {
103 __kernel_pid_t process_pid;
104 __kernel_pid_t process_tgid;
105 __kernel_pid_t tracer_pid;
106 __kernel_pid_t tracer_tgid;
107 } ptrace;
108
109 struct comm_proc_event {
110 __kernel_pid_t process_pid;
111 __kernel_pid_t process_tgid;
112 char comm[16];
113 } comm;
114
115 struct coredump_proc_event {
116 __kernel_pid_t process_pid;
117 __kernel_pid_t process_tgid;
118 } coredump;
119
120 struct exit_proc_event {
121 __kernel_pid_t process_pid;
122 __kernel_pid_t process_tgid;
123 __u32 exit_code, exit_signal;
124 } exit;
125
126 } event_data;
127};
128
129#endif
130