cn_proc.h source code [linux/include/uapi/linux/cn_proc.h]

1	/ SPDX-License-Identifier: LGPL-2.1 WITH Linux-syscall-note /
2	/*
3	* cn_proc.h - process events connector
4	*
5	* Copyright (C) Matt Helsley, IBM Corp. 2005
6	* Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
7	* Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com>
8	* Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net>
9	*
10	* This program is free software; you can redistribute it and/or modify it
11	* under the terms of version 2.1 of the GNU Lesser General Public License
12	* as published by the Free Software Foundation.
13	*
14	* This program is distributed in the hope that it would be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17	*/
18
19	#ifndef _UAPICN_PROC_H
20	#define _UAPICN_PROC_H
21
22	#include <linux/types.h>
23
24	/*
25	* Userspace sends this enum to register with the kernel that it is listening
26	* for events on the connector.
27	*/
28	enum proc_cn_mcast_op {
29	PROC_CN_MCAST_LISTEN = `1`,
30	PROC_CN_MCAST_IGNORE = `2`
31	};
32
33	#define PROC_EVENT_ALL (PROC_EVENT_FORK \| PROC_EVENT_EXEC \| PROC_EVENT_UID \| \
34	PROC_EVENT_GID \| PROC_EVENT_SID \| PROC_EVENT_PTRACE \| \
35	PROC_EVENT_COMM \| PROC_EVENT_NONZERO_EXIT \| \
36	PROC_EVENT_COREDUMP \| PROC_EVENT_EXIT)
37
38	/*
39	* If you add an entry in proc_cn_event, make sure you add it in
40	* PROC_EVENT_ALL above as well.
41	*/
42	enum proc_cn_event {
43	/ Use successive bits so the enums can be used to record*
44	* sets of events as well
45	*/
46	PROC_EVENT_NONE = `0x00000000`,
47	PROC_EVENT_FORK = `0x00000001`,
48	PROC_EVENT_EXEC = `0x00000002`,
49	PROC_EVENT_UID = `0x00000004`,
50	PROC_EVENT_GID = `0x00000040`,
51	PROC_EVENT_SID = `0x00000080`,
52	PROC_EVENT_PTRACE = `0x00000100`,
53	PROC_EVENT_COMM = `0x00000200`,
54	/ "next" should be 0x00000400 /
55	/ "last" is the last process event: exit,*
56	* while "next to last" is coredumping event
57	* before that is report only if process dies
58	* with non-zero exit status
59	*/
60	PROC_EVENT_NONZERO_EXIT = `0x20000000`,
61	PROC_EVENT_COREDUMP = `0x40000000`,
62	PROC_EVENT_EXIT = `0x80000000`
63	};
64
65	struct proc_input {
66	enum proc_cn_mcast_op mcast_op;
67	enum proc_cn_event event_type;
68	};
69
70	static inline enum proc_cn_event valid_event(enum proc_cn_event ev_type)
71	{
72	ev_type &= PROC_EVENT_ALL;
73	return ev_type;
74	}
75
76	/*
77	* From the user's point of view, the process
78	* ID is the thread group ID and thread ID is the internal
79	* kernel "pid". So, fields are assigned as follow:
80	*
81	* In user space - In kernel space
82	*
83	* parent process ID = parent->tgid
84	* parent thread ID = parent->pid
85	* child process ID = child->tgid
86	* child thread ID = child->pid
87	*/
88
89	struct proc_event {
90	enum proc_cn_event what;
91	__u32 cpu;
92	__u64 __attribute__((aligned(`8`))) timestamp_ns;
93	/ Number of nano seconds since system boot /
94	union { / must be last field of proc_event struct /
95	struct {
96	__u32 err;
97	} ack;
98
99	struct fork_proc_event {
100	__kernel_pid_t parent_pid;
101	__kernel_pid_t parent_tgid;
102	__kernel_pid_t child_pid;
103	__kernel_pid_t child_tgid;
104	} fork;
105
106	struct exec_proc_event {
107	__kernel_pid_t process_pid;
108	__kernel_pid_t process_tgid;
109	} exec;
110
111	struct id_proc_event {
112	__kernel_pid_t process_pid;
113	__kernel_pid_t process_tgid;
114	union {
115	__u32 ruid; / task uid /
116	__u32 rgid; / task gid /
117	} r;
118	union {
119	__u32 euid;
120	__u32 egid;
121	} e;
122	} id;
123
124	struct sid_proc_event {
125	__kernel_pid_t process_pid;
126	__kernel_pid_t process_tgid;
127	} sid;
128
129	struct ptrace_proc_event {
130	__kernel_pid_t process_pid;
131	__kernel_pid_t process_tgid;
132	__kernel_pid_t tracer_pid;
133	__kernel_pid_t tracer_tgid;
134	} ptrace;
135
136	struct comm_proc_event {
137	__kernel_pid_t process_pid;
138	__kernel_pid_t process_tgid;
139	char comm[`16`];
140	} comm;
141
142	struct coredump_proc_event {
143	__kernel_pid_t process_pid;
144	__kernel_pid_t process_tgid;
145	__kernel_pid_t parent_pid;
146	__kernel_pid_t parent_tgid;
147	} coredump;
148
149	struct exit_proc_event {
150	__kernel_pid_t process_pid;
151	__kernel_pid_t process_tgid;
152	__u32 exit_code, exit_signal;
153	__kernel_pid_t parent_pid;
154	__kernel_pid_t parent_tgid;
155	} exit;
156
157	} event_data;
158	};
159
160	#endif /* _UAPICN_PROC_H */
161

source code of linux/include/uapi/linux/cn_proc.h