Dr Andrew Scott
G7VAV
Senior Lecturer
School of Computing
and Communications
D35 InfoLab21
Lancaster University
Lancaster, LA1 4WA
United Kingdom
School of Computing
and Communications
D35 InfoLab21
Lancaster University
Lancaster, LA1 4WA
United Kingdom
| November 2025 | ||||||
| Mo | Tu | We | Th | Fr | Sa | Su |
| 27 | 28 | 29 | 30 | 31 | 1 | 2 |
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
cn_proc.h
001: /* 002: * cn_proc.h - process events connector 003: * 004: * Copyright (C) Matt Helsley, IBM Corp. 2005 005: * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin 006: * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com> 007: * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net> 008: * 009: * This program is free software; you can redistribute it and/or modify it 010: * under the terms of version 2.1 of the GNU Lesser General Public License 011: * as published by the Free Software Foundation. 012: * 013: * This program is distributed in the hope that it would be useful, but 014: * WITHOUT ANY WARRANTY; without even the implied warranty of 015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 016: */ 017: 018: #ifndef CN_PROC_H 019: #define CN_PROC_H 020: 021: #include <linux/types.h> 022: 023: /* 024: * Userspace sends this enum to register with the kernel that it is listening 025: * for events on the connector. 026: */ 027: enum proc_cn_mcast_op { 028: PROC_CN_MCAST_LISTEN = 1, 029: PROC_CN_MCAST_IGNORE = 2 030: }; 031: 032: /* 033: * From the user's point of view, the process 034: * ID is the thread group ID and thread ID is the internal 035: * kernel "pid". So, fields are assigned as follow: 036: * 037: * In user space - In kernel space 038: * 039: * parent process ID = parent->tgid 040: * parent thread ID = parent->pid 041: * child process ID = child->tgid 042: * child thread ID = child->pid 043: */ 044: 045: struct proc_event { 046: enum what { 047: /* Use successive bits so the enums can be used to record 048: * sets of events as well 049: */ 050: PROC_EVENT_NONE = 0x00000000, 051: PROC_EVENT_FORK = 0x00000001, 052: PROC_EVENT_EXEC = 0x00000002, 053: PROC_EVENT_UID = 0x00000004, 054: PROC_EVENT_GID = 0x00000040, 055: PROC_EVENT_SID = 0x00000080, 056: PROC_EVENT_PTRACE = 0x00000100, 057: PROC_EVENT_COMM = 0x00000200, 058: /* "next" should be 0x00000400 */ 059: /* "last" is the last process event: exit */ 060: PROC_EVENT_EXIT = 0x80000000 061: } what; 062: __u32 cpu; 063: __u64 __attribute__((aligned(8))) timestamp_ns; 064: /* Number of nano seconds since system boot */ 065: union { /* must be last field of proc_event struct */ 066: struct { 067: __u32 err; 068: } ack; 069: 070: struct fork_proc_event { 071: __kernel_pid_t parent_pid; 072: __kernel_pid_t parent_tgid; 073: __kernel_pid_t child_pid; 074: __kernel_pid_t child_tgid; 075: } fork; 076: 077: struct exec_proc_event { 078: __kernel_pid_t process_pid; 079: __kernel_pid_t process_tgid; 080: } exec; 081: 082: struct id_proc_event { 083: __kernel_pid_t process_pid; 084: __kernel_pid_t process_tgid; 085: union { 086: __u32 ruid; /* task uid */ 087: __u32 rgid; /* task gid */ 088: } r; 089: union { 090: __u32 euid; 091: __u32 egid; 092: } e; 093: } id; 094: 095: struct sid_proc_event { 096: __kernel_pid_t process_pid; 097: __kernel_pid_t process_tgid; 098: } sid; 099: 100: struct ptrace_proc_event { 101: __kernel_pid_t process_pid; 102: __kernel_pid_t process_tgid; 103: __kernel_pid_t tracer_pid; 104: __kernel_pid_t tracer_tgid; 105: } ptrace; 106: 107: struct comm_proc_event { 108: __kernel_pid_t process_pid; 109: __kernel_pid_t process_tgid; 110: char comm[16]; 111: } comm; 112: 113: struct exit_proc_event { 114: __kernel_pid_t process_pid; 115: __kernel_pid_t process_tgid; 116: __u32 exit_code, exit_signal; 117: } exit; 118: } event_data; 119: }; 120: 121: #endif /* CN_PROC_H */ 122:
for client
(none)
© Andrew Scott 2006 -
2025,
All Rights Reserved
All Rights Reserved
Andrew Scott