blob: d03612b196e1500fcd9432ccff2a75cf9befb5a0 [file] [log] [blame]
Matt Helsley9f460802005-11-07 00:59:16 -08001/*
2 * cn_proc.h - process events connector
3 *
4 * Copyright (C) Matt Helsley, IBM Corp. 2005
5 * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
Matt Helsley9f460802005-11-07 00:59:16 -08006 * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
7 * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
8 *
Matt Helsley3fa21642006-06-23 02:05:44 -07009 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of version 2.1 of the GNU Lesser General Public License
11 * as published by the Free Software Foundation.
Matt Helsley9f460802005-11-07 00:59:16 -080012 *
Matt Helsley3fa21642006-06-23 02:05:44 -070013 * This program is distributed in the hope that it would be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Matt Helsley9f460802005-11-07 00:59:16 -080016 */
17
18#ifndef CN_PROC_H
19#define CN_PROC_H
20
21#include <linux/types.h>
Matt Helsley9f460802005-11-07 00:59:16 -080022
23/*
24 * Userspace sends this enum to register with the kernel that it is listening
25 * for events on the connector.
26 */
27enum proc_cn_mcast_op {
28 PROC_CN_MCAST_LISTEN = 1,
29 PROC_CN_MCAST_IGNORE = 2
30};
31
32/*
33 * From the user's point of view, the process
34 * ID is the thread group ID and thread ID is the internal
35 * kernel "pid". So, fields are assigned as follow:
36 *
37 * In user space - In kernel space
38 *
39 * parent process ID = parent->tgid
40 * parent thread ID = parent->pid
41 * child process ID = child->tgid
42 * child thread ID = child->pid
43 */
44
45struct proc_event {
46 enum what {
47 /* Use successive bits so the enums can be used to record
48 * sets of events as well
49 */
50 PROC_EVENT_NONE = 0x00000000,
51 PROC_EVENT_FORK = 0x00000001,
52 PROC_EVENT_EXEC = 0x00000002,
53 PROC_EVENT_UID = 0x00000004,
54 PROC_EVENT_GID = 0x00000040,
Scott James Remnant02b51df2009-09-22 16:43:44 -070055 PROC_EVENT_SID = 0x00000080,
Vladimir Zapolskiyf701e5b2011-07-15 20:45:18 +030056 PROC_EVENT_PTRACE = 0x00000100,
Vladimir Zapolskiyf786ecb2011-09-21 09:26:44 +000057 PROC_EVENT_COMM = 0x00000200,
Matt Helsley9f460802005-11-07 00:59:16 -080058 /* "next" should be 0x00000400 */
59 /* "last" is the last process event: exit */
60 PROC_EVENT_EXIT = 0x80000000
61 } what;
62 __u32 cpu;
Chandra Seetharaman822cfbff2006-07-30 03:03:04 -070063 __u64 __attribute__((aligned(8))) timestamp_ns;
64 /* Number of nano seconds since system boot */
Matt Helsley9f460802005-11-07 00:59:16 -080065 union { /* must be last field of proc_event struct */
66 struct {
67 __u32 err;
68 } ack;
69
70 struct fork_proc_event {
Arnd Bergmann85efde62009-02-26 00:51:39 +010071 __kernel_pid_t parent_pid;
72 __kernel_pid_t parent_tgid;
73 __kernel_pid_t child_pid;
74 __kernel_pid_t child_tgid;
Matt Helsley9f460802005-11-07 00:59:16 -080075 } fork;
76
77 struct exec_proc_event {
Arnd Bergmann85efde62009-02-26 00:51:39 +010078 __kernel_pid_t process_pid;
79 __kernel_pid_t process_tgid;
Matt Helsley9f460802005-11-07 00:59:16 -080080 } exec;
81
82 struct id_proc_event {
Arnd Bergmann85efde62009-02-26 00:51:39 +010083 __kernel_pid_t process_pid;
84 __kernel_pid_t process_tgid;
Matt Helsley9f460802005-11-07 00:59:16 -080085 union {
Matt Helsleydf69a602005-11-29 19:34:31 -080086 __u32 ruid; /* task uid */
87 __u32 rgid; /* task gid */
Matt Helsley9f460802005-11-07 00:59:16 -080088 } r;
89 union {
Matt Helsleydf69a602005-11-29 19:34:31 -080090 __u32 euid;
91 __u32 egid;
Matt Helsley9f460802005-11-07 00:59:16 -080092 } e;
93 } id;
94
Scott James Remnant02b51df2009-09-22 16:43:44 -070095 struct sid_proc_event {
96 __kernel_pid_t process_pid;
97 __kernel_pid_t process_tgid;
98 } sid;
99
Vladimir Zapolskiyf701e5b2011-07-15 20:45:18 +0300100 struct ptrace_proc_event {
101 __kernel_pid_t process_pid;
102 __kernel_pid_t process_tgid;
103 __kernel_pid_t tracer_pid;
104 __kernel_pid_t tracer_tgid;
105 } ptrace;
106
Vladimir Zapolskiyf786ecb2011-09-21 09:26:44 +0000107 struct comm_proc_event {
108 __kernel_pid_t process_pid;
109 __kernel_pid_t process_tgid;
110 char comm[16];
111 } comm;
112
Matt Helsley9f460802005-11-07 00:59:16 -0800113 struct exit_proc_event {
Arnd Bergmann85efde62009-02-26 00:51:39 +0100114 __kernel_pid_t process_pid;
115 __kernel_pid_t process_tgid;
Matt Helsley9f460802005-11-07 00:59:16 -0800116 __u32 exit_code, exit_signal;
117 } exit;
118 } event_data;
119};
120
121#ifdef __KERNEL__
122#ifdef CONFIG_PROC_EVENTS
123void proc_fork_connector(struct task_struct *task);
124void proc_exec_connector(struct task_struct *task);
125void proc_id_connector(struct task_struct *task, int which_id);
Scott James Remnant02b51df2009-09-22 16:43:44 -0700126void proc_sid_connector(struct task_struct *task);
Vladimir Zapolskiyf701e5b2011-07-15 20:45:18 +0300127void proc_ptrace_connector(struct task_struct *task, int which_id);
Vladimir Zapolskiyf786ecb2011-09-21 09:26:44 +0000128void proc_comm_connector(struct task_struct *task);
Matt Helsley9f460802005-11-07 00:59:16 -0800129void proc_exit_connector(struct task_struct *task);
130#else
131static inline void proc_fork_connector(struct task_struct *task)
132{}
133
134static inline void proc_exec_connector(struct task_struct *task)
135{}
136
137static inline void proc_id_connector(struct task_struct *task,
138 int which_id)
139{}
140
Scott James Remnant02b51df2009-09-22 16:43:44 -0700141static inline void proc_sid_connector(struct task_struct *task)
142{}
143
Vladimir Zapolskiyf786ecb2011-09-21 09:26:44 +0000144static inline void proc_comm_connector(struct task_struct *task)
145{}
146
Vladimir Zapolskiyf701e5b2011-07-15 20:45:18 +0300147static inline void proc_ptrace_connector(struct task_struct *task,
148 int ptrace_id)
149{}
150
Matt Helsley9f460802005-11-07 00:59:16 -0800151static inline void proc_exit_connector(struct task_struct *task)
152{}
153#endif /* CONFIG_PROC_EVENTS */
154#endif /* __KERNEL__ */
155#endif /* CN_PROC_H */