You can now hook onto any traced kernel event using a
simple function:
trace_register_callback()
The following module hooks onto network traffic:
------------------------------------------------------
#define MODULE
#include <linux/module.h>
#include <linux/trace.h>
int my_callback(uint8_t pmEventID, void* pmStruct)
{ printk("Something happened on the network \n");
}
int init_module(void)
{ trace_register_callback(&my_callback, TRACE_EV_NETWORK);
return 0;
}
void cleanup_module(void)
{ trace_unregister_callback(&my_callback, TRACE_EV_NETWORK);
}
------------------------------------------------------
my_callback gets called every time a packet goes out or
comes in. Take a look at include/linux/trace.h to see all
the events that you can hook onto and their details if
they have subevents.
This is going to be helpfull to all you security freaks
out there (me not included).
You don't need to have the trace module running for this
or trace daemon. Simply patch the kernel, reboot and
load you event analyzing module.
This one is for Jamal. I had an idea about how to do
it, but he had a clear idea about it. Thanks Jamal.
Have fun :)
P.S.: I've targizzepd the patch otherwise it gets refused
on the kernel mailing list.
P.P.S.: This isn't part of the current Linux Trace Toolkit
release, but it will be very soon.
===================================================
Karim Yaghmour
karym@opersys.com
Operating System Consultant
(Linux kernel, real-time and distributed systems)
===================================================
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:13 EST