Это рабочий пример того, как подписаться и использовать события PROC_EVENT_EXIT / PROC_EVENT_FORK.
Проверено на ядре 3.3.8
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <linux/connector.h>
#include <linux/cn_proc.h>
#include <stdio.h>
#include <unistd.h>
#include <strings.h>
#include <errno.h>
#define NL_MESSAGE_SIZE (sizeof(struct nlmsghdr) + sizeof(struct cn_msg) + \
sizeof(int))
static int nl_sock;
int connect_to_netlink()
{
struct sockaddr_nl sa_nl; /* netlink interface info */
char buff[NL_MESSAGE_SIZE];
struct nlmsghdr *hdr; /* for telling netlink what we want */
struct cn_msg *msg; /* the actual connector message */
/* connect to netlink socket */
nl_sock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
if (-1 == nl_sock) {
perror("socket failed");
return errno;
}
bzero(&sa_nl, sizeof(sa_nl));
sa_nl.nl_family = AF_NETLINK;
sa_nl.nl_groups = CN_IDX_PROC;
sa_nl.nl_pid = getpid();
if (-1 == bind(nl_sock, (struct sockaddr *)&sa_nl, sizeof(sa_nl))) {
perror("bind failed");
return errno;
}
/* Fill header */
hdr = (struct nlmsghdr *)buff;
hdr->nlmsg_len = NL_MESSAGE_SIZE;
hdr->nlmsg_type = NLMSG_DONE;
hdr->nlmsg_flags = 0;
hdr->nlmsg_seq = 0;
hdr->nlmsg_pid = getpid();
/* Fill message */
msg = (struct cn_msg *)NLMSG_DATA(hdr);
msg->id.idx = CN_IDX_PROC; /* Connecting to process information */
msg->id.val = CN_VAL_PROC;
msg->seq = 0;
msg->ack = 0;
msg->flags = 0;
msg->len = sizeof(int);
*(int*)msg->data = PROC_CN_MCAST_LISTEN;
if (-1 == send(nl_sock, hdr, hdr->nlmsg_len, 0)) {
perror("send failed");
return errno;
}
return 0;
}
void handle_events()
{
char buff[CONNECTOR_MAX_MSG_SIZE];
struct nlmsghdr *hdr;
struct proc_event *event;
fd_set fds;
while (1) {
FD_ZERO(&fds);
FD_SET(nl_sock, &fds);
if (0 > select(nl_sock + 1, &fds, NULL, NULL, NULL)) {
perror("select failed");
return ;
}
/* If there were no events detected, return */
if (! FD_ISSET(nl_sock, &fds)) {
return ;
}
/* if there are events, make calls */
if (-1 == recv(nl_sock, buff, sizeof(buff), 0)) {
perror("recv failed");
return ;
}
hdr = (struct nlmsghdr *)buff;
if (NLMSG_ERROR == hdr->nlmsg_type) {
perror("NLMSG_ERROR");
} else if (NLMSG_DONE == hdr->nlmsg_type) {
event = (struct proc_event *)((struct cn_msg *)NLMSG_DATA(hdr))->data;
switch(event->what) {
case proc_event::PROC_EVENT_EXIT:
printf("Process %d (tgid %d) exit with code %d, signal %d\n",
event->event_data.exit.process_pid,
event->event_data.exit.process_tgid,
event->event_data.exit.exit_code,
event->event_data.exit.exit_signal);
break;
case proc_event::PROC_EVENT_FORK:
printf("New process %d (tgid %d), parent %d (tgid %d)\n",
event->event_data.fork.child_pid,
event->event_data.fork.child_tgid,
event->event_data.fork.parent_pid,
event->event_data.fork.parent_tgid);
break;
default:
break;
}
}
}
}
int main(int argc, char *argv[])
{
if (!connect_to_netlink()) {
handle_events();
}
return 0;
}
Компиляция и запуск:
# g++ -o psev psev.cpp
# ./psev
Выход:
New process 27465 (tgid 27465), parent 2351 (tgid 2351)
Process 27465 (tgid 27465) exit with code 0, signal 17