From 41ee443a4a32b60e732a0d39d6b89ed929f945f7 Mon Sep 17 00:00:00 2001 From: We-unite <3205135446@qq.com> Date: Thu, 1 Aug 2024 10:15:24 +0800 Subject: Fuck! --- .gitmodules | 3 -- connector/cn_proc.h | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++++ hello/go.mod | 3 -- hello/go.sum | 0 hello/go.work | 6 --- hello/hello.go | 36 --------------- hello/netlink | 1 - 7 files changed, 129 insertions(+), 49 deletions(-) delete mode 100644 .gitmodules create mode 100644 connector/cn_proc.h delete mode 100644 hello/go.mod delete mode 100644 hello/go.sum delete mode 100644 hello/go.work delete mode 100644 hello/hello.go delete mode 160000 hello/netlink diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index b0620c9..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "hello/netlink"] - path = hello/netlink - url = https://github.com/We-unite/netlink diff --git a/connector/cn_proc.h b/connector/cn_proc.h new file mode 100644 index 0000000..78aa17a --- /dev/null +++ b/connector/cn_proc.h @@ -0,0 +1,129 @@ +/* + * cn_proc.h - process events connector + * + * Copyright (C) Matt Helsley, IBM Corp. 2005 + * Based on cn_fork.h by Nguyen Anh Quynh and Guillaume Thouvenin + * Copyright (C) 2005 Nguyen Anh Quynh + * Copyright (C) 2005 Guillaume Thouvenin + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +#ifndef _UAPICN_PROC_H +#define _UAPICN_PROC_H + +#include + +/* + * Userspace sends this enum to register with the kernel that it is listening + * for events on the connector. + */ +enum proc_cn_mcast_op { + PROC_CN_MCAST_LISTEN = 1, + PROC_CN_MCAST_IGNORE = 2 +}; + +/* + * From the user's point of view, the process + * ID is the thread group ID and thread ID is the internal + * kernel "pid". So, fields are assigned as follow: + * + * In user space - In kernel space + * + * parent process ID = parent->tgid + * parent thread ID = parent->pid + * child process ID = child->tgid + * child thread ID = child->pid + */ + +struct proc_event { + enum what { + /* Use successive bits so the enums can be used to record + * sets of events as well + */ + PROC_EVENT_NONE = 0x00000000, + PROC_EVENT_FORK = 0x00000001, + PROC_EVENT_EXEC = 0x00000002, + PROC_EVENT_UID = 0x00000004, + PROC_EVENT_GID = 0x00000040, + PROC_EVENT_SID = 0x00000080, + PROC_EVENT_PTRACE = 0x00000100, + PROC_EVENT_COMM = 0x00000200, + /* "next" should be 0x00000400 */ + /* "last" is the last process event: exit, + * while "next to last" is coredumping event */ + PROC_EVENT_COREDUMP = 0x40000000, + PROC_EVENT_EXIT = 0x80000000 + } what; + __u32 cpu; + __u64 __attribute__((aligned(8))) timestamp_ns; + /* Number of nano seconds since system boot */ + union unnamed{ /* must be last field of proc_event struct */ + struct { + __u32 err; + } ack; + + struct fork_proc_event { + __kernel_pid_t parent_pid; + __kernel_pid_t parent_tgid; + __kernel_pid_t child_pid; + __kernel_pid_t child_tgid; + } fork; + + struct exec_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + } exec; + + struct id_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + union { + __u32 ruid; /* task uid */ + __u32 rgid; /* task gid */ + } r; + union { + __u32 euid; + __u32 egid; + } e; + } id; + + struct sid_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + } sid; + + struct ptrace_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + __kernel_pid_t tracer_pid; + __kernel_pid_t tracer_tgid; + } ptrace; + + struct comm_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + char comm[16]; + } comm; + + struct coredump_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + } coredump; + + struct exit_proc_event { + __kernel_pid_t process_pid; + __kernel_pid_t process_tgid; + __u32 exit_code, exit_signal; + } exit; + + } event_data; +}; + +#endif /* _UAPICN_PROC_H */ diff --git a/hello/go.mod b/hello/go.mod deleted file mode 100644 index 8960798..0000000 --- a/hello/go.mod +++ /dev/null @@ -1,3 +0,0 @@ -module hello - -go 1.21.5 diff --git a/hello/go.sum b/hello/go.sum deleted file mode 100644 index e69de29..0000000 diff --git a/hello/go.work b/hello/go.work deleted file mode 100644 index d35eff2..0000000 --- a/hello/go.work +++ /dev/null @@ -1,6 +0,0 @@ -go 1.21.5 - -use ( - ./ - ./netlink -) \ No newline at end of file diff --git a/hello/hello.go b/hello/hello.go deleted file mode 100644 index de496d7..0000000 --- a/hello/hello.go +++ /dev/null @@ -1,36 +0,0 @@ -package main - -import ( - "fmt" - "syscall" - "time" - - "netlink" -) - -func main() { - ns, err := netlink.NewNetlinkSocket(syscall.NETLINK_CONNECTOR, 12345) - if err != nil { - fmt.Printf("Error creating socket: %v\n", err) - } - defer ns.Close() - for { - res, err := ns.Receive() - if err != nil { - fmt.Printf("Error recv: %v\n", err) - continue - } - for i := 0; i < len(res); i++ { - procEvent := netlink.ParseProcEvent(res[i].Data) - switch procEvent.What { - case netlink.PROC_EVENT_FORK: - data := procEvent.Data.(netlink.ProcEventFork) - fmt.Printf("%v\tFork\t%d\t%d\t%d\t%d\n", time.Now(), data.ParentPid, data.ParentTgid, data.ChildPid, data.ChildTgid) - case netlink.PROC_EVENT_EXIT: - data := procEvent.Data.(netlink.ProcEventExit) - fmt.Printf("%v\tExit\t%d\t%d\t%d\t%d\n", time.Now(), data.ProcessPid, data.ProcessTgid, data.ExitCode, data.ExitSignal) - default: - } - } - } -} diff --git a/hello/netlink b/hello/netlink deleted file mode 160000 index a0d9c85..0000000 --- a/hello/netlink +++ /dev/null @@ -1 +0,0 @@ -Subproject commit a0d9c85e38f44c4eac8460ea8ed273f7884c5d25 -- cgit v1.2.3-70-g09d2