From 7a6c58831c28a1212121bdc2ea61f297743c0755 Mon Sep 17 00:00:00 2001 From: Laurent Ghigonis Date: Thu, 29 Nov 2012 19:00:03 +0100 Subject: send process event message through glouglou ! --- glouglou_trackproc/gg_trackproc.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'glouglou_trackproc/gg_trackproc.c') diff --git a/glouglou_trackproc/gg_trackproc.c b/glouglou_trackproc/gg_trackproc.c index 8622717..8e934d7 100644 --- a/glouglou_trackproc/gg_trackproc.c +++ b/glouglou_trackproc/gg_trackproc.c @@ -152,6 +152,7 @@ void cb_nl(evutil_socket_t fd, short what, void *arg) }; } nlcn_msg; static char *cmd; + struct gg_packet pkt; rc = recv(fd, &nlcn_msg, sizeof(nlcn_msg), 0); if (rc == 0) { @@ -168,6 +169,7 @@ void cb_nl(evutil_socket_t fd, short what, void *arg) return; } + pkt.ver = PACKET_VERSION; /* see /usr/include/linux/cn_proc.h for struct proc_event */ switch (nlcn_msg.proc_ev.what) { case PROC_EVENT_NONE: @@ -193,6 +195,11 @@ void cb_nl(evutil_socket_t fd, short what, void *arg) cmd, nlcn_msg.proc_ev.event_data.fork.parent_pid, nlcn_msg.proc_ev.event_data.fork.child_pid); + pkt.type = PACKET_PROC_FORK; + pkt.proc_pid = htonl(nlcn_msg.proc_ev.event_data.fork.parent_pid); + pkt.proc_fork_ppid = htonl(nlcn_msg.proc_ev.event_data.fork.parent_pid); + pkt.proc_fork_cpid = htonl(nlcn_msg.proc_ev.event_data.fork.child_pid); + pkt.proc_fork_tgid = htonl(nlcn_msg.proc_ev.event_data.fork.child_tgid); break; case PROC_EVENT_EXEC: @@ -202,6 +209,10 @@ void cb_nl(evutil_socket_t fd, short what, void *arg) get_current_date(), nlcn_msg.proc_ev.event_data.exec.process_pid, cmd); + pkt.type = PACKET_PROC_EXEC; + pkt.proc_pid = htonl(nlcn_msg.proc_ev.event_data.fork.parent_pid); + pkt.proc_exec_cmdlen = htons(strnlen(cmd, GG_PKTARG_MAX)); + strncpy((char *)pkt.proc_exec_cmd, cmd, GG_PKTARG_MAX); break; #if 0 case PROC_EVENT_UID: @@ -232,6 +243,8 @@ void cb_nl(evutil_socket_t fd, short what, void *arg) break; #endif } + + gg_client_send(ggcli, &pkt); } static void on_sigint(int unused) -- cgit v1.2.3-59-g8ed1b