From d6c6e13796435f9e1e59fec891aa53680748a2d7 Mon Sep 17 00:00:00 2001 From: We-unite <3205135446@qq.com> Date: Tue, 30 Jul 2024 19:37:48 +0800 Subject: Try to use kernel connector --- connector/hello.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 connector/hello.c (limited to 'connector/hello.c') diff --git a/connector/hello.c b/connector/hello.c new file mode 100644 index 0000000..5240c15 --- /dev/null +++ b/connector/hello.c @@ -0,0 +1,162 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +// #include +#include +#include +#include +#include "cn_proc.h" + +typedef struct __attribute__((aligned(NLMSG_ALIGNTO))) +{ + struct nlmsghdr nl_hdr; + struct __attribute__((__packed__)) + { + struct cn_msg cn_msg; + enum proc_cn_mcast_op cn_mcast; + }; +} register_msg_t; + +typedef struct __attribute__((aligned(NLMSG_ALIGNTO))) +{ + struct nlmsghdr nl_hdr; + struct __attribute__((__packed__)) + { + struct cn_msg cn_msg; + struct proc_event proc_ev; + }; +} event_msg_t; + +event_msg_t proc_msg; + +void Now() +{ + struct timespec ts; + struct tm *tm_info; + char buffer[64]; + + if (clock_gettime(CLOCK_REALTIME, &ts) == -1) + { + perror("clock_gettime"); + return; + } + + tm_info = localtime(&ts.tv_sec); + strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", tm_info); + printf("Localtime %s.%03ld ", buffer, ts.tv_nsec / 1000000); +} + +void printEvent() +{ + union unnamed *procEvent = &proc_msg.proc_ev.event_data; + switch (proc_msg.proc_ev.what) + { + case PROC_EVENT_FORK: + Now(); + printf("Fork\t%6d\t%6d\t%6d\t%6d\n", procEvent->fork.parent_pid, procEvent->fork.parent_tgid, procEvent->fork.child_pid, procEvent->fork.child_tgid); + break; + case PROC_EVENT_EXIT: + Now(); + printf("Exit\t%6d\t%6d\t%6d\t%6d\n", procEvent->exit.process_pid, procEvent->exit.process_tgid, procEvent->exit.exit_code, procEvent->exit.exit_signal); + break; + case PROC_EVENT_EXEC: + default: + break; + } +} + +int main() +{ + int s = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR); + + register_msg_t nlcn_msg; + struct sockaddr_nl l_local; + l_local.nl_family = AF_NETLINK; + l_local.nl_groups = 12345; + l_local.nl_pid = 0; + + if (bind(s, (struct sockaddr *)&l_local, sizeof(struct sockaddr_nl)) == -1) + { + perror(bind); + close(s); + return -1; + } + + // int on = l_local.nl_groups; + // setsockopt(s,270,1,&on,sizeof(on)); + memset(&nlcn_msg, 0, sizeof(nlcn_msg)); + nlcn_msg.nl_hdr.nlmsg_len = sizeof(nlcn_msg); + nlcn_msg.nl_hdr.nlmsg_pid = getpid(); + nlcn_msg.nl_hdr.nlmsg_type = NLMSG_DONE; + + nlcn_msg.cn_msg.id.idx = CN_IDX_PROC; + nlcn_msg.cn_msg.id.val = CN_VAL_PROC; + nlcn_msg.cn_msg.len = sizeof(enum proc_cn_mcast_op); + + nlcn_msg.cn_mcast = PROC_CN_MCAST_LISTEN; + + if (send(s, &nlcn_msg, sizeof(nlcn_msg), 0) == -1) + { + perror("can't register to netlink"); + close(s); + return -1; + } + + // 震惊,拿到socket了,开听! + printf("Hello, kernel-connector!\n"); + // fd_set readfds; + // struct timeval tv = { + // .tv_sec = 5, + // .tv_usec = 0}; + struct pollfd fds; + + fds.fd = s; + fds.events = POLLIN; + int rc; + + while (1) + { + // FD_ZERO(&readfds); + // FD_SET(s, &readfds); + + // int rc = select(s + 1, &readfds, NULL, NULL, &tv); + rc = poll(&fds, 1, 5000); + + if (rc == -1) + { + if (errno == EINTR) + { + continue; + } + fprintf(stderr, "Failed to listen to netlink socket: %s\n", strerror(errno)); + return -1; + } + else if (rc == 0) + { + printf("No message in 5s...\n"); + } + else + { + rc = recv(s, &proc_msg, sizeof(proc_msg), 0); + if (rc == -1) + { + if (errno == EINTR) + { + continue; + } + fprintf(stderr, "Failed to listen to netlink socket: %s\n", strerror(errno)); + } + else + { + printEvent(); + } + } + } +} \ No newline at end of file -- cgit v1.2.3-70-g09d2