blob: d715384de7beff3296ffd31425cf0d448d9f66e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#pragma once
#include <stddef.h>
#include <stdbool.h>
#include <sys/types.h>
#include <time.h>
#include <limits.h>
//#include <pthread.h> // for the future..maybe...
#include "json.h"
struct agent_context;
typedef struct agent_context agent_context_t;
struct proc_ledger_entry {
pid_t pid;
pid_t tgid;
pid_t ppid;
char exe[PATH_MAX];
char comm[17];
char cmdline[4096];
char cwd[PATH_MAX];
uid_t uid;
uid_t euid;
gid_t gid;
gid_t egid;
time_t start_time;
unsigned long cpu_user_ticks;
unsigned long cpu_kernel_ticks;
long rss;
unsigned long vsize;
bool daemonized;
bool is_traced;
pid_t tracer_pid;
char state;
int seccomp;
unsigned long cap_eff;
unsigned int threads;
bool has_tty;
struct proc_ledger_entry *next; // for hash collisions
};
struct proc_ledger {
size_t num_buckets;
struct proc_ledger_entry **buckets;
//pthread_mutex_t lock; // for the future..maybe...
};
struct proc_ledger *proc_ledger_init(size_t num_buckets);
void proc_ledger_destroy(struct proc_ledger *ledger);
struct proc_ledger_entry *proc_ledger_find(struct proc_ledger *ledger, pid_t pid);
struct proc_ledger_entry *proc_ledger_entry_create(pid_t pid, agent_context_t *ctx);
bool proc_ledger_add(struct proc_ledger *ledger, struct proc_ledger_entry *entry);
bool proc_ledger_remove(struct proc_ledger *ledger, pid_t pid);
bool proc_ledger_replace(struct proc_ledger *ledger, struct proc_ledger_entry *new_entry);
json_t proc_ledger_entry_to_json(struct proc_ledger_entry *entry,
const char *event_type,
struct agent_context *ctx);
void proc_ledger_hydrate(agent_context_t *ctx);
size_t proc_ledger_bucket(struct proc_ledger *ledger, pid_t pid);
|
