Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
cn_proc.h
Go to the documentation of this file.
1 /*
2  * cn_proc.h - process events connector
3  *
4  * Copyright (C) Matt Helsley, IBM Corp. 2005
5  * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
6  * Copyright (C) 2005 Nguyen Anh Quynh <[email protected]>
7  * Copyright (C) 2005 Guillaume Thouvenin <[email protected]>
8  *
9  * This program is free software; you can redistribute it and/or modify it
10  * under the terms of version 2.1 of the GNU Lesser General Public License
11  * as published by the Free Software Foundation.
12  *
13  * This program is distributed in the hope that it would be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
16  */
17 
18 #ifndef _UAPICN_PROC_H
19 #define _UAPICN_PROC_H
20 
21 #include <linux/types.h>
22 
23 /*
24  * Userspace sends this enum to register with the kernel that it is listening
25  * for events on the connector.
26  */
27 enum proc_cn_mcast_op {
28  PROC_CN_MCAST_LISTEN = 1,
29  PROC_CN_MCAST_IGNORE = 2
30 };
31 
32 /*
33  * From the user's point of view, the process
34  * ID is the thread group ID and thread ID is the internal
35  * kernel "pid". So, fields are assigned as follow:
36  *
37  * In user space - In kernel space
38  *
39  * parent process ID = parent->tgid
40  * parent thread ID = parent->pid
41  * child process ID = child->tgid
42  * child thread ID = child->pid
43  */
44 
45 struct proc_event {
46  enum what {
47  /* Use successive bits so the enums can be used to record
48  * sets of events as well
49  */
50  PROC_EVENT_NONE = 0x00000000,
51  PROC_EVENT_FORK = 0x00000001,
52  PROC_EVENT_EXEC = 0x00000002,
53  PROC_EVENT_UID = 0x00000004,
54  PROC_EVENT_GID = 0x00000040,
55  PROC_EVENT_SID = 0x00000080,
56  PROC_EVENT_PTRACE = 0x00000100,
57  PROC_EVENT_COMM = 0x00000200,
58  /* "next" should be 0x00000400 */
59  /* "last" is the last process event: exit */
60  PROC_EVENT_EXIT = 0x80000000
61  } what;
62  __u32 cpu;
63  __u64 __attribute__((aligned(8))) timestamp_ns;
64  /* Number of nano seconds since system boot */
65  union { /* must be last field of proc_event struct */
66  struct {
67  __u32 err;
68  } ack;
69 
70  struct fork_proc_event {
71  __kernel_pid_t parent_pid;
72  __kernel_pid_t parent_tgid;
73  __kernel_pid_t child_pid;
74  __kernel_pid_t child_tgid;
75  } fork;
76 
77  struct exec_proc_event {
78  __kernel_pid_t process_pid;
79  __kernel_pid_t process_tgid;
80  } exec;
81 
82  struct id_proc_event {
83  __kernel_pid_t process_pid;
84  __kernel_pid_t process_tgid;
85  union {
86  __u32 ruid; /* task uid */
87  __u32 rgid; /* task gid */
88  } r;
89  union {
90  __u32 euid;
91  __u32 egid;
92  } e;
93  } id;
94 
95  struct sid_proc_event {
96  __kernel_pid_t process_pid;
97  __kernel_pid_t process_tgid;
98  } sid;
99 
100  struct ptrace_proc_event {
101  __kernel_pid_t process_pid;
102  __kernel_pid_t process_tgid;
103  __kernel_pid_t tracer_pid;
104  __kernel_pid_t tracer_tgid;
105  } ptrace;
106 
107  struct comm_proc_event {
108  __kernel_pid_t process_pid;
109  __kernel_pid_t process_tgid;
110  char comm[16];
111  } comm;
112 
113  struct exit_proc_event {
114  __kernel_pid_t process_pid;
115  __kernel_pid_t process_tgid;
116  __u32 exit_code, exit_signal;
117  } exit;
118  } event_data;
119 };
120 
121 #endif /* _UAPICN_PROC_H */
Generated on Thu Jan 10 2013 14:51:13 for Linux Kernel by   doxygen 1.8.2