aboutsummaryrefslogtreecommitdiffstats
path: root/glouglou_trackproc/gg_trackproc.c
diff options
context:
space:
mode:
authorLaurent Ghigonis <laurent@p1sec.com>2012-11-29 19:00:03 +0100
committerLaurent Ghigonis <laurent@p1sec.com>2012-11-29 19:00:03 +0100
commit7a6c58831c28a1212121bdc2ea61f297743c0755 (patch)
tree79291870c052c5b9890df6cbe6e89079080ba7d3 /glouglou_trackproc/gg_trackproc.c
parentbasic process event message handling (diff)
downloadglouglou-7a6c58831c28a1212121bdc2ea61f297743c0755.tar.xz
glouglou-7a6c58831c28a1212121bdc2ea61f297743c0755.zip
send process event message through glouglou !
Diffstat (limited to 'glouglou_trackproc/gg_trackproc.c')
-rw-r--r--glouglou_trackproc/gg_trackproc.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/glouglou_trackproc/gg_trackproc.c b/glouglou_trackproc/gg_trackproc.c
index 8622717..8e934d7 100644
--- a/glouglou_trackproc/gg_trackproc.c
+++ b/glouglou_trackproc/gg_trackproc.c
@@ -152,6 +152,7 @@ void cb_nl(evutil_socket_t fd, short what, void *arg)
};
} nlcn_msg;
static char *cmd;
+ struct gg_packet pkt;
rc = recv(fd, &nlcn_msg, sizeof(nlcn_msg), 0);
if (rc == 0) {
@@ -168,6 +169,7 @@ void cb_nl(evutil_socket_t fd, short what, void *arg)
return;
}
+ pkt.ver = PACKET_VERSION;
/* see /usr/include/linux/cn_proc.h for struct proc_event */
switch (nlcn_msg.proc_ev.what) {
case PROC_EVENT_NONE:
@@ -193,6 +195,11 @@ void cb_nl(evutil_socket_t fd, short what, void *arg)
cmd,
nlcn_msg.proc_ev.event_data.fork.parent_pid,
nlcn_msg.proc_ev.event_data.fork.child_pid);
+ pkt.type = PACKET_PROC_FORK;
+ pkt.proc_pid = htonl(nlcn_msg.proc_ev.event_data.fork.parent_pid);
+ pkt.proc_fork_ppid = htonl(nlcn_msg.proc_ev.event_data.fork.parent_pid);
+ pkt.proc_fork_cpid = htonl(nlcn_msg.proc_ev.event_data.fork.child_pid);
+ pkt.proc_fork_tgid = htonl(nlcn_msg.proc_ev.event_data.fork.child_tgid);
break;
case PROC_EVENT_EXEC:
@@ -202,6 +209,10 @@ void cb_nl(evutil_socket_t fd, short what, void *arg)
get_current_date(),
nlcn_msg.proc_ev.event_data.exec.process_pid,
cmd);
+ pkt.type = PACKET_PROC_EXEC;
+ pkt.proc_pid = htonl(nlcn_msg.proc_ev.event_data.fork.parent_pid);
+ pkt.proc_exec_cmdlen = htons(strnlen(cmd, GG_PKTARG_MAX));
+ strncpy((char *)pkt.proc_exec_cmd, cmd, GG_PKTARG_MAX);
break;
#if 0
case PROC_EVENT_UID:
@@ -232,6 +243,8 @@ void cb_nl(evutil_socket_t fd, short what, void *arg)
break;
#endif
}
+
+ gg_client_send(ggcli, &pkt);
}
static void on_sigint(int unused)