1 /* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */ 2 #ifndef __EXECSNOOP_H 3 #define __EXECSNOOP_H 4 5 #define ARGSIZE 128 6 #define TASK_COMM_LEN 16 7 #define TOTAL_MAX_ARGS 60 8 #define DEFAULT_MAXARGS 20 9 #define FULL_MAX_ARGS_ARR (TOTAL_MAX_ARGS * ARGSIZE) 10 #define INVALID_UID ((uid_t)-1) 11 #define BASE_EVENT_SIZE (size_t)(&((struct event*)0)->args) 12 #define EVENT_SIZE(e) (BASE_EVENT_SIZE + e->args_size) 13 #define LAST_ARG (FULL_MAX_ARGS_ARR - ARGSIZE) 14 15 struct event { 16 pid_t pid; 17 pid_t ppid; 18 uid_t uid; 19 int retval; 20 int args_count; 21 unsigned int args_size; 22 char comm[TASK_COMM_LEN]; 23 char args[FULL_MAX_ARGS_ARR]; 24 }; 25 26 #endif /* __EXECSNOOP_H */ 27