implement working example app

Author: konstantin89

EventCallbackData.h

@@ -5,10 +5,21 @@
 
 struct EventCallbackData
 {
-
     using EventCallback = std::function<void(ProcessEvent, void*)>;
 
+    EventCallbackData(EventCallback aCallback, void* aContext, uint64_t aId)
+    {
+        callback = aCallback;
+        context = aContext;
+        id = aId;
+    }
+
+    ~EventCallbackData()
+    {
+        /* EMPTY */
+    }
+
     EventCallback callback;
     void* context;
-    int id;
+    uint64_t id;
 };

IdGenerator.h

@@ -0,0 +1,26 @@
+#pragma once
+
+#include <inttypes.h>
+
+class IdGenerator
+{
+public:
+
+    uint64_t GenerateId()
+    {
+        auto lReturnedId = mNextId;
+        mNextId++;
+        return lReturnedId;
+    }
+
+    void Reset()
+    {
+        mNextId = 0;
+    }
+
+
+private:
+
+    uint64_t mNextId;
+
+};

ProcessEvent.h

@@ -1,15 +1,16 @@
 #pragma once
 
-#include <chrono>
 #include <linux/cn_proc.h>
 
 class ProcessEvent
 {
 public:
 
     struct proc_event eventData;
-    uint64_t arrivalTime;
-
-private:
+   
+   uint64_t GetTimeStamp()
+   {
+       return eventData.timestamp_ns;
+   }
 
 };

ProcessMonitor.cpp

@@ -63,7 +63,17 @@ int ProcessMonitor::Stop()
     return SUCCESS_CODE;
 }
 
+uint64_t ProcessMonitor::AddCallback(EventCallback aEventCallback, void* context)
+{
+    auto lCallbackID = mCallbackIdGenerator.GenerateId();
+    mEventCallbacks.emplace_back(aEventCallback, context, lCallbackID);
+    return lCallbackID;
+}
+
+int ProcessMonitor::RemoveCallback(uint64_t aCallbackId)
+{
 
+}
 
 int ProcessMonitor::connectToNetlinkSocket()
 {
@@ -173,8 +183,6 @@ void ProcessMonitor::netlinkClient(ProcessMonitor* aProcessMonitor)
 
         rc = recv(aProcessMonitor->mNetlinkSock, &nlcn_msg, sizeof(nlcn_msg), 0);
 
-        auto lEventArrivalTime = std::chrono::system_clock::now();
-
         if (rc == 0) {
             /* shutdown? */
             return;
@@ -185,7 +193,6 @@ void ProcessMonitor::netlinkClient(ProcessMonitor* aProcessMonitor)
         }
 
         ProcessEvent lProcEvent;
-        lProcEvent.arrivalTime = lEventArrivalTime.time_since_epoch().count(); 
         lProcEvent.eventData = nlcn_msg.proc_ev;
 
         aProcessMonitor->mProcEventsList.PushBack(lProcEvent);

ProcessMonitor.h

@@ -7,6 +7,7 @@
 #include "utils/ThreadSafeList.h"
 #include "ProcessEvent.h"
 #include "EventCallbackData.h"
+#include "IdGenerator.h"
 
 #define INVALID_SOCKET -1
 #define SUCCESS_CODE 0
@@ -16,6 +17,8 @@ class ProcessMonitor
 {
 public:
 
+    using EventCallback = EventCallbackData::EventCallback;
+
     ProcessMonitor();
     ~ProcessMonitor();
 
@@ -24,9 +27,9 @@ class ProcessMonitor
     /**
      * @returns - Callback ID.
      */
-    int AddCallback(EventCallbackData aEventCallback);
+    uint64_t AddCallback(EventCallback aEventCallback, void* context);
 
-    int RemoveCallback(int aCallbackId);
+    int RemoveCallback(uint64_t aCallbackId);
 
     int Start();
 
@@ -61,6 +64,8 @@ class ProcessMonitor
 
     std::thread mCallbackRunnerThread;
 
+    IdGenerator mCallbackIdGenerator;
+
 private:
 
     static void netlinkClient(ProcessMonitor* aProcessMonitor);

main.cpp

@@ -3,15 +3,65 @@
 
 #include "ProcessMonitor.h"
 
-int main()
+#define UNUSED_PARAMETER(x) (void)(x)
+
+void logCallbackExample(ProcessEvent aEvent, void* aContext)
 {
-    std::cout << "[ ] starting process monitor" << std::endl;
+    UNUSED_PARAMETER(aContext);
+
+    std::cout << aEvent.GetTimeStamp() << std::endl;
+
+     switch (aEvent.eventData.what) {
+            case proc_event::PROC_EVENT_NONE:
+                printf("set mcast listen ok\n");
+                break;
+            case proc_event::PROC_EVENT_FORK:
+                printf("fork: parent tid=%d pid=%d, child tid=%d pid=%d \n",
+                        aEvent.eventData.event_data.fork.parent_pid,
+                        aEvent.eventData.event_data.fork.parent_tgid,
+                        aEvent.eventData.event_data.fork.child_pid,
+                        aEvent.eventData.event_data.fork.child_tgid);
+                break;
+            case proc_event::PROC_EVENT_EXEC:
+                printf("exec: tid=%d pid=%d\n",
+                        aEvent.eventData.event_data.exec.process_pid,
+                        aEvent.eventData.event_data.exec.process_tgid);
+                break;
+            case proc_event::PROC_EVENT_UID:
+                printf("uid change: tid=%d pid=%d from %d to %d\n",
+                        aEvent.eventData.event_data.id.process_pid,
+                        aEvent.eventData.event_data.id.process_tgid,
+                        aEvent.eventData.event_data.id.r.ruid,
+                        aEvent.eventData.event_data.id.e.euid);
+                break;
+            case proc_event::PROC_EVENT_GID:
+                printf("gid change: tid=%d pid=%d from %d to %d\n",
+                        aEvent.eventData.event_data.id.process_pid,
+                        aEvent.eventData.event_data.id.process_tgid,
+                        aEvent.eventData.event_data.id.r.rgid,
+                        aEvent.eventData.event_data.id.e.egid);
+                break;
+            case proc_event::PROC_EVENT_EXIT:
+                printf("exit: tid=%d pid=%d exit_code=%d\n",
+                        aEvent.eventData.event_data.exit.process_pid,
+                        aEvent.eventData.event_data.exit.process_tgid,
+                        aEvent.eventData.event_data.exit.exit_code);
+                break;
+            default:
+                printf("unhandled proc event\n");
+                break;
+        }
+}
 
+int main()
+{
     ProcessMonitor lProcMon;
 
+    auto lCallbackId = lProcMon.AddCallback(logCallbackExample, NULL);
+
     if(lProcMon.Connect() != SUCCESS_CODE)
     {
-        std::cout << "[X] ProcessMonitor::Connect failed" << std::endl;
+        std::cout << "[X] ProcessMonitor::Connect failed (make sure to use sudo)" << std::endl;
         return 1;
     }
 
@@ -23,6 +73,8 @@ int main()
 
     std::this_thread::sleep_for(std::chrono::seconds(1));
 
+    lProcMon.RemoveCallback(lCallbackId);
+    
     if(lProcMon.Stop() != SUCCESS_CODE)
     {
         std::cout << "[X] ProcessMonitor::Stop failed" << std::endl;