include/uapi/linux/cn_proc.h

   1 /*
   2  * cn_proc.h - process events connector
   3  *
   4  * Copyright (C) Matt Helsley, IBM Corp. 2005
   5  * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin
   6  * Copyright (C) 2005 Nguyen Anh Quynh <[email protected]>
   7  * Copyright (C) 2005 Guillaume Thouvenin <[email protected]>
   8  *
   9  * This program is free software; you can redistribute it and/or modify it
  10  * under the terms of version 2.1 of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation.
  12  *
  13  * This program is distributed in the hope that it would be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  16  */
  17
  18 #ifndef _UAPICN_PROC_H
  19 #define _UAPICN_PROC_H
  20
  21 #include <linux/types.h>
  22
  23 /*
  24  * Userspace sends this enum to register with the kernel that it is listening
  25  * for events on the connector.
  26  */
  27 enum proc_cn_mcast_op {
  28         PROC_CN_MCAST_LISTEN = 1,
  29         PROC_CN_MCAST_IGNORE = 2
  30 };
  31
  32 /*
  33  * From the user's point of view, the process
  34  * ID is the thread group ID and thread ID is the internal
  35  * kernel "pid". So, fields are assigned as follow:
  36  *
  37  *  In user space     -  In  kernel space
  38  *
  39  * parent process ID  =  parent->tgid
  40  * parent thread  ID  =  parent->pid
  41  * child  process ID  =  child->tgid
  42  * child  thread  ID  =  child->pid
  43  */
  44
  45 struct proc_event {
  46         enum what {
  47                 /* Use successive bits so the enums can be used to record
  48                  * sets of events as well
  49                  */
  50                 PROC_EVENT_NONE = 0x00000000,
  51                 PROC_EVENT_FORK = 0x00000001,
  52                 PROC_EVENT_EXEC = 0x00000002,
  53                 PROC_EVENT_UID  = 0x00000004,
  54                 PROC_EVENT_GID  = 0x00000040,
  55                 PROC_EVENT_SID  = 0x00000080,
  56                 PROC_EVENT_PTRACE = 0x00000100,
  57                 PROC_EVENT_COMM = 0x00000200,
  58                 /* "next" should be 0x00000400 */
  59                 /* "last" is the last process event: exit,
  60                  * while "next to last" is coredumping event */
  61                 PROC_EVENT_COREDUMP = 0x40000000,
  62                 PROC_EVENT_EXIT = 0x80000000
  63         } what;
  64         __u32 cpu;
  65         __u64 __attribute__((aligned(8))) timestamp_ns;
  66                 /* Number of nano seconds since system boot */
  67         union { /* must be last field of proc_event struct */
  68                 struct {
  69                         __u32 err;
  70                 } ack;
  71
  72                 struct fork_proc_event {
  73                         __kernel_pid_t parent_pid;
  74                         __kernel_pid_t parent_tgid;
  75                         __kernel_pid_t child_pid;
  76                         __kernel_pid_t child_tgid;
  77                 } fork;
  78
  79                 struct exec_proc_event {
  80                         __kernel_pid_t process_pid;
  81                         __kernel_pid_t process_tgid;
  82                 } exec;
  83
  84                 struct id_proc_event {
  85                         __kernel_pid_t process_pid;
  86                         __kernel_pid_t process_tgid;
  87                         union {
  88                                 __u32 ruid; /* task uid */
  89                                 __u32 rgid; /* task gid */
  90                         } r;
  91                         union {
  92                                 __u32 euid;
  93                                 __u32 egid;
  94                         } e;
  95                 } id;
  96
  97                 struct sid_proc_event {
  98                         __kernel_pid_t process_pid;
  99                         __kernel_pid_t process_tgid;
 100                 } sid;
 101
 102                 struct ptrace_proc_event {
 103                         __kernel_pid_t process_pid;
 104                         __kernel_pid_t process_tgid;
 105                         __kernel_pid_t tracer_pid;
 106                         __kernel_pid_t tracer_tgid;
 107                 } ptrace;
 108
 109                 struct comm_proc_event {
 110                         __kernel_pid_t process_pid;
 111                         __kernel_pid_t process_tgid;
 112                         char           comm[16];
 113                 } comm;
 114
 115                 struct coredump_proc_event {
 116                         __kernel_pid_t process_pid;
 117                         __kernel_pid_t process_tgid;
 118                 } coredump;
 119
 120                 struct exit_proc_event {
 121                         __kernel_pid_t process_pid;
 122                         __kernel_pid_t process_tgid;
 123                         __u32 exit_code, exit_signal;
 124                 } exit;
 125
 126         } event_data;
 127 };
 128
 129 #endif /* _UAPICN_PROC_H */