assets/doxygen/logging__types_8h_source.html

// SPDX-License-Identifier: Apache-2.0

#ifndef LOGGING_TYPES_H_

#define LOGGING_TYPES_H_

// Bindgen throws a lot of include errors with vmlinux.h

// Therefore, type declarations are pulled from here into logging.h


#include "constants.h"


enum LogLevel {

    LOG_LEVEL_OFF   = 0,

    LOG_LEVEL_ERROR = 1,

    LOG_LEVEL_WARN  = 2,

    LOG_LEVEL_INFO  = 3,

    LOG_LEVEL_DEBUG = 4,

    LOG_LEVEL_TRACE = 5,

};


enum LogReason {

    LOG_REASON_UNKNOWN = 0,

    LOG_REASON_ALLOW,

    LOG_REASON_AUDIT,

    LOG_REASON_DENY,

    LOG_REASON_DEBUG,

    LOG_REASON_ERROR,

};


enum EventType {

    EVENT_TYPE_UNKNOWN = 0,

    EVENT_TYPE_MSG,

    EVENT_TYPE_UNIX_STREAM_CONNECT,

    EVENT_TYPE_SB_UMOUNT,

    EVENT_TYPE_BPF_MAP,

    EVENT_TYPE_TASK_KILL,

    EVENT_TYPE_KERNEL_MODULE_REQUEST,

    EVENT_TYPE_KERNEL_READ_FILE,

    EVENT_TYPE_KERNEL_LOAD_DATA,

    EVENT_TYPE_PTRACE_ACCESS_CHECK,

    EVENT_TYPE_BPF_WRITE_USER,

    EVENT_TYPE_TASK_ALLOC,

    EVENT_TYPE_FILE_ACCESS,

};


enum InodeAction {

    INODE_ACTION_UNKNOWN = 0,

    FILE_OPEN,

    INODE_PERMISSION,

    INODE_UNLINK,

    INODE_RMDIR,

    INODE_RENAME,

    INODE_SETATTR,

    INODE_SETXATTR,

};


struct log_hdr {

    unsigned char  level;

    unsigned char  reason;

    unsigned short type;

    unsigned long  pid;

    unsigned long  tid;

    unsigned long  uid;

    unsigned long  pol_id;

    unsigned char  comm[COMM_LEN];

};


struct generic_msg_log {

    struct log_hdr header;

    unsigned char  msg[MAX_STR_LEN];

};


struct sb_umount_log {

    struct log_hdr header;

    unsigned long  target_dev;

};


struct bpf_map_log {

    struct log_hdr header;

    unsigned char  name[MAX_STR_LEN];

    unsigned int   map_id;

};


struct task_kill_log {

    struct log_hdr header;

    unsigned char  target_comm[COMM_LEN];

    int            target_pid;

    int            signum;

};


struct kernel_module_request_log {

    struct log_hdr header;

    unsigned char  kmod_name[MODULE_NAME_LEN];

};


struct kernel_read_file_log {

    struct log_hdr header;

    unsigned int   id;

    unsigned char  filename[MAX_STR_LEN];

};


struct kernel_load_data_log {

    struct log_hdr header;

    unsigned int   id;

};


struct ptrace_access_check_log {

    struct log_hdr header;

    int            target_pid;

    unsigned int   mode;

    unsigned char  target_comm[COMM_LEN];

};


struct inode_access_log {

    struct log_hdr header;

    unsigned int   action;

    unsigned char  name[MAX_STR_LEN];

};


#endif // LOGGING_TYPES_H_

constants.h

COMM_LEN
#define COMM_LEN
the length of task comm string
Definition constants.h:29

MAX_STR_LEN
#define MAX_STR_LEN
maximum length of strings used for logging messages
Definition constants.h:23

MODULE_NAME_LEN
#define MODULE_NAME_LEN
Copy of MODULE_PARAM_PREFIX_LEN in the kernel.
Definition constants.h:13

EventType
EventType
The link between a program's log structure and the logging system.
Definition logging_types.h:52

LogReason
LogReason
Standard reasons as to why a log is being output.
Definition logging_types.h:36

InodeAction
InodeAction
Identifies a type of action taken on an inode.
Definition logging_types.h:71

LogLevel
LogLevel
Standard log levels indicating the severity of the message.
Definition logging_types.h:21

bpf_map_log
Log for a eBPF map access via a bpf() syscall.
Definition logging_types.h:124

bpf_map_log::header
struct log_hdr header
standard log header
Definition logging_types.h:126

bpf_map_log::name
unsigned char name[MAX_STR_LEN]
the name of the map
Definition logging_types.h:128

bpf_map_log::map_id
unsigned int map_id
id number of eBPF map being accessed
Definition logging_types.h:130

generic_msg_log
Generic log with a message field.
Definition logging_types.h:108

generic_msg_log::header
struct log_hdr header
standard log header
Definition logging_types.h:110

generic_msg_log::msg
unsigned char msg[MAX_STR_LEN]
a 128 character message
Definition logging_types.h:112

inode_access_log
Log for various events that access a dentry or and inode(file_open, inode_permission)
Definition logging_types.h:186

inode_access_log::header
struct log_hdr header
standard log header
Definition logging_types.h:188

inode_access_log::action
unsigned int action
the action being taken on the inode, alias for InodeAction
Definition logging_types.h:190

inode_access_log::name
unsigned char name[MAX_STR_LEN]
the first 128 characters of file name, if known
Definition logging_types.h:192

kernel_load_data_log
Log for a kernel_load_data() LSM hook event.
Definition logging_types.h:165

kernel_load_data_log::id
unsigned int id
the type of data being loaded into the kernel
Definition logging_types.h:170

kernel_load_data_log::header
struct log_hdr header
standard log header
Definition logging_types.h:167

kernel_module_request_log
Log for a kernel_module_request() LSM hook event.
Definition logging_types.h:146

kernel_module_request_log::kmod_name
unsigned char kmod_name[MODULE_NAME_LEN]
the name of the kernel module being requested to load
Definition logging_types.h:150

kernel_module_request_log::header
struct log_hdr header
standard log header
Definition logging_types.h:148

kernel_read_file_log
Log for a kernel_read_file() LSM hook event.
Definition logging_types.h:154

kernel_read_file_log::header
struct log_hdr header
standard log header
Definition logging_types.h:156

kernel_read_file_log::id
unsigned int id
the type of data being loaded into the kernel
Definition logging_types.h:159

kernel_read_file_log::filename
unsigned char filename[MAX_STR_LEN]
the name of the file being loaded
Definition logging_types.h:161

log_hdr
Header attached to every log message.
Definition logging_types.h:88

log_hdr::pid
unsigned long pid
process id that is triggering the hook
Definition logging_types.h:96

log_hdr::reason
unsigned char reason
alias for LogReason
Definition logging_types.h:92

log_hdr::level
unsigned char level
alias for LogLevel
Definition logging_types.h:90

log_hdr::comm
unsigned char comm[COMM_LEN]
same as /proc/{pid}/comm
Definition logging_types.h:104

log_hdr::type
unsigned short type
alias for EventType
Definition logging_types.h:94

log_hdr::tid
unsigned long tid
thread id that is triggering the hook
Definition logging_types.h:98

log_hdr::pol_id
unsigned long pol_id
policy id for this object
Definition logging_types.h:102

log_hdr::uid
unsigned long uid
effective user id of the process
Definition logging_types.h:100

ptrace_access_check_log
Log for a ptrace_access_check() LSM hook event.
Definition logging_types.h:174

ptrace_access_check_log::target_comm
unsigned char target_comm[COMM_LEN]
same as /proc/{pid}/comm for traced process
Definition logging_types.h:182

ptrace_access_check_log::header
struct log_hdr header
standard log header
Definition logging_types.h:176

ptrace_access_check_log::target_pid
int target_pid
The process ID to be traced.
Definition logging_types.h:178

ptrace_access_check_log::mode
unsigned int mode
The ptrace mode used.
Definition logging_types.h:180

sb_umount_log
Log a sb_umount() syscall.
Definition logging_types.h:116

sb_umount_log::header
struct log_hdr header
standard log header
Definition logging_types.h:118

sb_umount_log::target_dev
unsigned long target_dev
device number of the superblock being unmounted
Definition logging_types.h:120

task_kill_log
Log a task_kill() LSM hook event.
Definition logging_types.h:134

task_kill_log::target_pid
int target_pid
process id of the PID receiving the signal
Definition logging_types.h:140

task_kill_log::signum
int signum
id of the signal being sent
Definition logging_types.h:142

task_kill_log::target_comm
unsigned char target_comm[COMM_LEN]
same as /proc/{pid}/comm
Definition logging_types.h:138

task_kill_log::header
struct log_hdr header
standard log header
Definition logging_types.h:136