diff options
| -rw-r--r-- | .gitmodules | 3 | ||||
| -rw-r--r-- | connector/cn_proc.h | 129 | ||||
| -rw-r--r-- | hello/go.mod | 3 | ||||
| -rw-r--r-- | hello/go.sum | 0 | ||||
| -rw-r--r-- | hello/go.work | 6 | ||||
| -rw-r--r-- | hello/hello.go | 36 | ||||
| m--------- | hello/netlink | 0 |
7 files changed, 129 insertions, 48 deletions
diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index b0620c9..0000000 --- a/.gitmodules +++ /dev/null | |||
| @@ -1,3 +0,0 @@ | |||
| 1 | [submodule "hello/netlink"] | ||
| 2 | path = hello/netlink | ||
| 3 | url = https://github.com/We-unite/netlink | ||
diff --git a/connector/cn_proc.h b/connector/cn_proc.h new file mode 100644 index 0000000..78aa17a --- /dev/null +++ b/connector/cn_proc.h | |||
| @@ -0,0 +1,129 @@ | |||
| 1 | /* | ||
| 2 | * cn_proc.h - process events connector | ||
| 3 | * | ||
| 4 | * Copyright (C) Matt Helsley, IBM Corp. 2005 | ||
| 5 | * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin | ||
| 6 | * Copyright (C) 2005 Nguyen Anh Quynh <aquynh@gmail.com> | ||
| 7 | * Copyright (C) 2005 Guillaume Thouvenin <guillaume.thouvenin@bull.net> | ||
| 8 | * | ||
| 9 | * This program is free software; you can redistribute it and/or modify it | ||
| 10 | * under the terms of version 2.1 of the GNU Lesser General Public License | ||
| 11 | * as published by the Free Software Foundation. | ||
| 12 | * | ||
| 13 | * This program is distributed in the hope that it would be useful, but | ||
| 14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #ifndef _UAPICN_PROC_H | ||
| 19 | #define _UAPICN_PROC_H | ||
| 20 | |||
| 21 | #include <linux/types.h> | ||
| 22 | |||
| 23 | /* | ||
| 24 | * Userspace sends this enum to register with the kernel that it is listening | ||
| 25 | * for events on the connector. | ||
| 26 | */ | ||
| 27 | enum proc_cn_mcast_op { | ||
| 28 | PROC_CN_MCAST_LISTEN = 1, | ||
| 29 | PROC_CN_MCAST_IGNORE = 2 | ||
| 30 | }; | ||
| 31 | |||
| 32 | /* | ||
| 33 | * From the user's point of view, the process | ||
| 34 | * ID is the thread group ID and thread ID is the internal | ||
| 35 | * kernel "pid". So, fields are assigned as follow: | ||
| 36 | * | ||
| 37 | * In user space - In kernel space | ||
| 38 | * | ||
| 39 | * parent process ID = parent->tgid | ||
| 40 | * parent thread ID = parent->pid | ||
| 41 | * child process ID = child->tgid | ||
| 42 | * child thread ID = child->pid | ||
| 43 | */ | ||
| 44 | |||
| 45 | struct proc_event { | ||
| 46 | enum what { | ||
| 47 | /* Use successive bits so the enums can be used to record | ||
| 48 | * sets of events as well | ||
| 49 | */ | ||
| 50 | PROC_EVENT_NONE = 0x00000000, | ||
| 51 | PROC_EVENT_FORK = 0x00000001, | ||
| 52 | PROC_EVENT_EXEC = 0x00000002, | ||
| 53 | PROC_EVENT_UID = 0x00000004, | ||
| 54 | PROC_EVENT_GID = 0x00000040, | ||
| 55 | PROC_EVENT_SID = 0x00000080, | ||
| 56 | PROC_EVENT_PTRACE = 0x00000100, | ||
| 57 | PROC_EVENT_COMM = 0x00000200, | ||
| 58 | /* "next" should be 0x00000400 */ | ||
| 59 | /* "last" is the last process event: exit, | ||
| 60 | * while "next to last" is coredumping event */ | ||
| 61 | PROC_EVENT_COREDUMP = 0x40000000, | ||
| 62 | PROC_EVENT_EXIT = 0x80000000 | ||
| 63 | } what; | ||
| 64 | __u32 cpu; | ||
| 65 | __u64 __attribute__((aligned(8))) timestamp_ns; | ||
| 66 | /* Number of nano seconds since system boot */ | ||
| 67 | union unnamed{ /* must be last field of proc_event struct */ | ||
| 68 | struct { | ||
| 69 | __u32 err; | ||
| 70 | } ack; | ||
| 71 | |||
| 72 | struct fork_proc_event { | ||
| 73 | __kernel_pid_t parent_pid; | ||
| 74 | __kernel_pid_t parent_tgid; | ||
| 75 | __kernel_pid_t child_pid; | ||
| 76 | __kernel_pid_t child_tgid; | ||
| 77 | } fork; | ||
| 78 | |||
| 79 | struct exec_proc_event { | ||
| 80 | __kernel_pid_t process_pid; | ||
| 81 | __kernel_pid_t process_tgid; | ||
| 82 | } exec; | ||
| 83 | |||
| 84 | struct id_proc_event { | ||
| 85 | __kernel_pid_t process_pid; | ||
| 86 | __kernel_pid_t process_tgid; | ||
| 87 | union { | ||
| 88 | __u32 ruid; /* task uid */ | ||
| 89 | __u32 rgid; /* task gid */ | ||
| 90 | } r; | ||
| 91 | union { | ||
| 92 | __u32 euid; | ||
| 93 | __u32 egid; | ||
| 94 | } e; | ||
| 95 | } id; | ||
| 96 | |||
| 97 | struct sid_proc_event { | ||
| 98 | __kernel_pid_t process_pid; | ||
| 99 | __kernel_pid_t process_tgid; | ||
| 100 | } sid; | ||
| 101 | |||
| 102 | struct ptrace_proc_event { | ||
| 103 | __kernel_pid_t process_pid; | ||
| 104 | __kernel_pid_t process_tgid; | ||
| 105 | __kernel_pid_t tracer_pid; | ||
| 106 | __kernel_pid_t tracer_tgid; | ||
| 107 | } ptrace; | ||
| 108 | |||
| 109 | struct comm_proc_event { | ||
| 110 | __kernel_pid_t process_pid; | ||
| 111 | __kernel_pid_t process_tgid; | ||
| 112 | char comm[16]; | ||
| 113 | } comm; | ||
| 114 | |||
| 115 | struct coredump_proc_event { | ||
| 116 | __kernel_pid_t process_pid; | ||
| 117 | __kernel_pid_t process_tgid; | ||
| 118 | } coredump; | ||
| 119 | |||
| 120 | struct exit_proc_event { | ||
| 121 | __kernel_pid_t process_pid; | ||
| 122 | __kernel_pid_t process_tgid; | ||
| 123 | __u32 exit_code, exit_signal; | ||
| 124 | } exit; | ||
| 125 | |||
| 126 | } event_data; | ||
| 127 | }; | ||
| 128 | |||
| 129 | #endif /* _UAPICN_PROC_H */ | ||
diff --git a/hello/go.mod b/hello/go.mod deleted file mode 100644 index 8960798..0000000 --- a/hello/go.mod +++ /dev/null | |||
| @@ -1,3 +0,0 @@ | |||
| 1 | module hello | ||
| 2 | |||
| 3 | go 1.21.5 | ||
diff --git a/hello/go.sum b/hello/go.sum deleted file mode 100644 index e69de29..0000000 --- a/hello/go.sum +++ /dev/null | |||
diff --git a/hello/go.work b/hello/go.work deleted file mode 100644 index d35eff2..0000000 --- a/hello/go.work +++ /dev/null | |||
| @@ -1,6 +0,0 @@ | |||
| 1 | go 1.21.5 | ||
| 2 | |||
| 3 | use ( | ||
| 4 | ./ | ||
| 5 | ./netlink | ||
| 6 | ) \ No newline at end of file | ||
diff --git a/hello/hello.go b/hello/hello.go deleted file mode 100644 index de496d7..0000000 --- a/hello/hello.go +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | package main | ||
| 2 | |||
| 3 | import ( | ||
| 4 | "fmt" | ||
| 5 | "syscall" | ||
| 6 | "time" | ||
| 7 | |||
| 8 | "netlink" | ||
| 9 | ) | ||
| 10 | |||
| 11 | func main() { | ||
| 12 | ns, err := netlink.NewNetlinkSocket(syscall.NETLINK_CONNECTOR, 12345) | ||
| 13 | if err != nil { | ||
| 14 | fmt.Printf("Error creating socket: %v\n", err) | ||
| 15 | } | ||
| 16 | defer ns.Close() | ||
| 17 | for { | ||
| 18 | res, err := ns.Receive() | ||
| 19 | if err != nil { | ||
| 20 | fmt.Printf("Error recv: %v\n", err) | ||
| 21 | continue | ||
| 22 | } | ||
| 23 | for i := 0; i < len(res); i++ { | ||
| 24 | procEvent := netlink.ParseProcEvent(res[i].Data) | ||
| 25 | switch procEvent.What { | ||
| 26 | case netlink.PROC_EVENT_FORK: | ||
| 27 | data := procEvent.Data.(netlink.ProcEventFork) | ||
| 28 | fmt.Printf("%v\tFork\t%d\t%d\t%d\t%d\n", time.Now(), data.ParentPid, data.ParentTgid, data.ChildPid, data.ChildTgid) | ||
| 29 | case netlink.PROC_EVENT_EXIT: | ||
| 30 | data := procEvent.Data.(netlink.ProcEventExit) | ||
| 31 | fmt.Printf("%v\tExit\t%d\t%d\t%d\t%d\n", time.Now(), data.ProcessPid, data.ProcessTgid, data.ExitCode, data.ExitSignal) | ||
| 32 | default: | ||
| 33 | } | ||
| 34 | } | ||
| 35 | } | ||
| 36 | } | ||
diff --git a/hello/netlink b/hello/netlink deleted file mode 160000 | |||
| Subproject a0d9c85e38f44c4eac8460ea8ed273f7884c5d2 | |||