1 /* 2 * cn_proc.h - process events connector 3 * 4 * Copyright (C) Matt Helsley, IBM Corp. 2005 5 * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin 6 * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com> 7 * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net> 8 * 9 * This program is free software; you can redistribute it and/or modify it 10 * under the terms of version 2.1 of the GNU Lesser General Public License 11 * as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it would be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 16 */ 17 18 #ifndef _UAPICN_PROC_H 19 #define _UAPICN_PROC_H 20 21 #include <linux/types.h> 22 23 /* 24 * Userspace sends this enum to register with the kernel that it is listening 25 * for events on the connector. 26 */ 27 enum proc_cn_mcast_op { 28 PROC_CN_MCAST_LISTEN = 1, 29 PROC_CN_MCAST_IGNORE = 2 30 }; 31 32 /* 33 * From the user's point of view, the process 34 * ID is the thread group ID and thread ID is the internal 35 * kernel "pid". So, fields are assigned as follow: 36 * 37 * In user space - In kernel space 38 * 39 * parent process ID = parent->tgid 40 * parent thread ID = parent->pid 41 * child process ID = child->tgid 42 * child thread ID = child->pid 43 */ 44 45 struct proc_event { 46 enum what { 47 /* Use successive bits so the enums can be used to record 48 * sets of events as well 49 */ 50 PROC_EVENT_NONE = 0x00000000, 51 PROC_EVENT_FORK = 0x00000001, 52 PROC_EVENT_EXEC = 0x00000002, 53 PROC_EVENT_UID = 0x00000004, 54 PROC_EVENT_GID = 0x00000040, 55 PROC_EVENT_SID = 0x00000080, 56 PROC_EVENT_PTRACE = 0x00000100, 57 PROC_EVENT_COMM = 0x00000200, 58 /* "next" should be 0x00000400 */ 59 /* "last" is the last process event: exit, 60 * while "next to last" is coredumping event */ 61 PROC_EVENT_COREDUMP = 0x40000000, 62 PROC_EVENT_EXIT = 0x80000000 63 } what; 64 __u32 cpu; 65 __u64 __attribute__((aligned(8))) timestamp_ns; 66 /* Number of nano seconds since system boot */ 67 union { /* must be last field of proc_event struct */ 68 struct { 69 __u32 err; 70 } ack; 71 72 struct fork_proc_event { 73 __kernel_pid_t parent_pid; 74 __kernel_pid_t parent_tgid; 75 __kernel_pid_t child_pid; 76 __kernel_pid_t child_tgid; 77 } fork; 78 79 struct exec_proc_event { 80 __kernel_pid_t process_pid; 81 __kernel_pid_t process_tgid; 82 } exec; 83 84 struct id_proc_event { 85 __kernel_pid_t process_pid; 86 __kernel_pid_t process_tgid; 87 union { 88 __u32 ruid; /* task uid */ 89 __u32 rgid; /* task gid */ 90 } r; 91 union { 92 __u32 euid; 93 __u32 egid; 94 } e; 95 } id; 96 97 struct sid_proc_event { 98 __kernel_pid_t process_pid; 99 __kernel_pid_t process_tgid; 100 } sid; 101 102 struct ptrace_proc_event { 103 __kernel_pid_t process_pid; 104 __kernel_pid_t process_tgid; 105 __kernel_pid_t tracer_pid; 106 __kernel_pid_t tracer_tgid; 107 } ptrace; 108 109 struct comm_proc_event { 110 __kernel_pid_t process_pid; 111 __kernel_pid_t process_tgid; 112 char comm[16]; 113 } comm; 114 115 struct coredump_proc_event { 116 __kernel_pid_t process_pid; 117 __kernel_pid_t process_tgid; 118 } coredump; 119 120 struct exit_proc_event { 121 __kernel_pid_t process_pid; 122 __kernel_pid_t process_tgid; 123 __u32 exit_code, exit_signal; 124 } exit; 125 126 } event_data; 127 }; 128 129 #endif /* _UAPICN_PROC_H */ 130