PERFORCE change 125131 for review

dongmei dongmei at FreeBSD.org
Tue Aug 14 01:45:04 PDT 2007 

http://perforce.freebsd.org/chv.cgi?CH=125131

Change 125131 by dongmei at dongmei2007 on 2007/08/14 08:44:27

	add the support for lively audit log reading

Affected files ...

.. //depot/projects/soc2007/dongmei-auditanalyzer/Makefile#3 edit
.. //depot/projects/soc2007/dongmei-auditanalyzer/capture.c#1 add
.. //depot/projects/soc2007/dongmei-auditanalyzer/capture.h#1 add
.. //depot/projects/soc2007/dongmei-auditanalyzer/gtk/menu.c#3 edit
.. //depot/projects/soc2007/dongmei-auditanalyzer/tfile.c#3 edit
.. //depot/projects/soc2007/dongmei-auditanalyzer/tfile.h#2 edit

Differences ...

==== //depot/projects/soc2007/dongmei-auditanalyzer/Makefile#3 (text+ko) ====

@@ -3,15 +3,15 @@
 .PATH:	${.CURDIR}/gtk
 .PATH:  ${.CURDIR}/image
 	
-SOURCES = main.c  menu.c list_view.c tree_view.c file_dlg.c gui_utils.c simple_dialog.c trail_file_dlg.c filesystem.c buffer.c except.c file_access.c strerror.c tfile.c tsess.c file_util.c
+SOURCES = main.c  menu.c list_view.c tree_view.c file_dlg.c gui_utils.c simple_dialog.c trail_file_dlg.c filesystem.c buffer.c except.c file_access.c strerror.c tfile.c tsess.c file_util.c capture.c
 OBJS    = ${SOURCES:.c=.o}
 CFLAGS  = `pkg-config gtk+-2.0 --cflags` -D_U_=""
-LDADD   = `pkg-config gtk+-2.0 --libs` -lbsm
+LDADD   = `pkg-config gtk+-2.0  gthread-2.0 --libs` -lbsm
 CC      = gcc
 PACKAGE = auanalyzer
 
 all: ${OBJS}
-	${CC} -o ${PACKAGE} ${OBJS} ${LDADD}
+	${CC} -g -o ${PACKAGE} ${OBJS} ${LDADD}
 
 .c.o:
 	${CC} ${CFLAGS} -c $<
@@ -19,3 +19,4 @@
 	rm ${PACKAGE} ${OBJS}
 # end of file
 
+#gthread-2.0

==== //depot/projects/soc2007/dongmei-auditanalyzer/gtk/menu.c#3 (text+ko) ====

@@ -2,7 +2,7 @@
 #include <string.h>
 #include "compat_macros.h"
 #include "trail_file_dlg.h" 
-
+#include "../capture.h"
 #define GTK_MENU_FUNC(a) ((GtkItemFactoryCallback)(a))
 
 /* main menu */
@@ -33,6 +33,11 @@
 //    ITEM_FACTORY_ENTRY("/View/log _Details", NULL, tree_view_show_cb, 0, "<CheckItem>", NULL),
 //    ITEM_FACTORY_ENTRY("/View/log _Bytes", NULL, byte_view_show_cb, 0, "<CheckItem>", NULL),
     ITEM_FACTORY_ENTRY("/_Capture", NULL, NULL, 0, "<Branch>", NULL),
+    ITEM_FACTORY_STOCK_ENTRY("/Capture/_Start...", "<control>O", capture_start_cb,
+                             0, GTK_STOCK_OPEN),
+    ITEM_FACTORY_STOCK_ENTRY("/Capture/_Stop...", "<control>O", capture_stop_cb,
+                             0, GTK_STOCK_OPEN),
+
     ITEM_FACTORY_ENTRY("/_Analyze", NULL, NULL, 0, "<Branch>", NULL),
     ITEM_FACTORY_ENTRY("/_Statistics", NULL, NULL, 0, "<Branch>", NULL),
     ITEM_FACTORY_ENTRY("/_Help", NULL, NULL, 0, "<Branch>", NULL)

==== //depot/projects/soc2007/dongmei-auditanalyzer/tfile.c#3 (text+ko) ====

@@ -8,11 +8,20 @@
 #include <bsm/libbsm.h>
 #include "exceptions.h"
 #include "gtk/tree_view.h"
+#include <stdbool.h>
 
 /* Update the progress bar this many times when reading a file. */
 #define N_PROGBAR_UPDATES	100
 #define	RECORD_DATA_CHUNK_SIZE	1024
 
+extern bool fstop;
+typedef struct _carg carg;
+struct _carg {
+	trailer_file *tf;
+	gint64 offset;
+	u_char *buf;
+	int reclen;
+};
 
 static guint32 cum_bytes = 0;
 void
@@ -108,11 +117,46 @@
 	return CF_ERROR;
 
 }
+tf_status_t
+tf_open_auditpipe(trailer_file *tf, gboolean is_tempfile, int *err)
+{
+	gchar       *err_info;
+	tsess       *ts;
 
-void
-record_list_append_test(tokenstr_t *data,gint32 number)
-{
-	printf("%d\n",data->tt.hdr32.size);
+	ts=tsess_open_online(err,&err_info,FALSE);
+	if (ts==NULL)
+		goto fail;
+		
+	tf_reset_state(tf);
+	/* We're about to start reading the file. */
+	tf->state = FILE_READ_IN_PROGRESS;
+
+	tf->f_datalen = 0;
+
+	/* Set the file name because we need it to set the follow stream filter.
+	 XXX - is that still true?  We need it for other reasons, though,
+	 in any case. */
+	tf->filename = g_strdup(DEFAULT_AUDIT_TRAIL);
+
+	/* Indicate whether it's a permanent or temporary file. */
+	tf->is_tempfile = is_tempfile;
+
+	/* If it's a temporary capture buffer file, mark it as not saved. */
+	tf->user_saved = !is_tempfile;
+
+	tf->count     = 0;
+
+	tf->rlist_chunk = g_mem_chunk_new("record_data_chunk",
+	sizeof(record_data),
+	RECORD_DATA_CHUNK_SIZE * sizeof(record_data),
+	G_ALLOC_AND_FREE);
+	g_assert(tf->rlist_chunk);
+	tf->ts=ts;
+	return CF_OK;
+
+fail:
+	return CF_ERROR;
+
 }
 
 /* */
@@ -173,7 +217,9 @@
 
 	tf->count++;
 	rdata->num = tf->count;
+	gdk_threads_enter();
 	add_record_to_record_list(rdata,tf);
+	gdk_threads_leave();
 	return 0;
 
 }
@@ -182,7 +228,86 @@
 {
     main_window_exit();
 }
+/* read in a new record */
+/* returns the row of the new record in the record list or -1 if not displayed */
+int read_record_thread(carg *arg)
+{
+	record_data   *rdata;
+	record_data   *rlist_end;
+	int recsize=0;
+	//Allocate the next list entry, and add it to the list. 
+	rdata = g_mem_chunk_alloc(arg->tf->rlist_chunk);
+	rdata->num = 0;
+	rdata->next = NULL;
+	rdata->prev = NULL;
+	rdata->record_len  = arg->reclen;
+
+	recsize=arg->reclen*sizeof(u_char);
+	if (arg->buf == NULL)
+		return (-1);
+	rdata->buf=(u_char *) malloc(recsize);	
+	memcpy(rdata->buf,arg->buf,recsize);
+	  
+	rdata->file_off = arg->offset;
+	
+	//construct double link list record_data
+
+	rlist_end =arg->tf->rlist_end;
+	rdata->prev = rlist_end;
+	if (rlist_end != NULL)
+	  rlist_end->next = rdata;
+	else
+	  arg->tf->rlist = rdata;
+	arg->tf->rlist_end = rdata;
+
+	arg->tf->count++;
+	rdata->num = arg->tf->count;
+	gdk_threads_enter();
+	add_record_to_record_list(rdata,arg->tf);
+	gdk_threads_leave();
+	return 0;
+
+}
+/*
+int read_record_thread(trailer_file *tf,gint64 offset,u_char *buf,int reclen)
+{
+	record_data   *rdata;
+	record_data   *rlist_end;
+	int recsize=0;
+	// Allocate the next list entry, and add it to the list. 
+	rdata = g_mem_chunk_alloc(tf->rlist_chunk);
+	rdata->num = 0;
+	rdata->next = NULL;
+	rdata->prev = NULL;
+	rdata->record_len  = reclen;
 
+	recsize=reclen*sizeof(u_char);
+	if (buf == NULL)
+		return (-1);
+	rdata->buf=(u_char *) malloc(recsize);	
+	memcpy(rdata->buf,buf,recsize);
+	  
+	rdata->file_off = offset;
+	
+   //construct double link list record_data
+
+	rlist_end =tf->rlist_end;
+	rdata->prev = rlist_end;
+	if (rlist_end != NULL)
+	  rlist_end->next = rdata;
+	else
+	  tf->rlist = rdata;
+	tf->rlist_end = rdata;
+
+	tf->count++;
+	rdata->num = tf->count;
+	gdk_threads_enter();
+	add_record_to_record_list(rdata,tf);
+	gdk_threads_leave();
+	return 0;
+
+}
+*/
 tf_read_status_t
 tf_read(trailer_file *tf)
 {
@@ -265,6 +390,92 @@
   } else
 	return CF_READ_OK;
 }
+
+tf_read_status_t
+tf_read_auditpipe(trailer_file *tf)
+{
+	int         err=0;
+	gchar       *err_info;
+	const gchar *name_ptr;
+	const char  *errmsg;
+	char         errmsg_errno[1024+1];
+	gchar        err_str[2048+1];
+	gint64       data_offset;
+	gboolean     stop_flag;
+	gint64       size, file_pos;
+	GTimeVal     start_time;
+	gchar        status_str[100];
+
+	cum_bytes=0;
+    printf("1\n");
+	name_ptr = get_basename(tf->filename);
+
+	/* Find the size of the file. */
+	size = tsess_file_size(tf->ts, NULL);
+	printf("size=%d\n",size);
+	stop_flag = FALSE;
+	g_get_current_time(&start_time);
+
+	u_char *buf;
+	tokenstr_t tok;
+	int reclen;
+ 	data_offset=0;
+	while ((reclen = au_read_rec(tf->ts->fh, &buf)) != -1 && !fstop) {
+		data_offset = data_offset+reclen;
+		TRY {
+			printf("%d\n",reclen);
+			gdk_threads_enter();
+		    read_record(tf,data_offset,buf,reclen);
+		    gdk_threads_leave();
+			free(buf);
+		}
+		CATCH(OutOfMemoryError) {
+			gpointer dialog;
+
+			dialog = simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,
+				  "%sOut Of Memory!%s\n"
+				  "\n"
+				  "Sorry, but Wireshark has to terminate now!\n"
+				  "\n"
+				  "Some infos / workarounds can be found at:\n"
+				  "http://wiki.wireshark.org/KnownBugs/OutOfMemory",
+				  simple_dialog_primary_start(), simple_dialog_primary_end());
+			/* we have to terminate, as we cannot recover from the memory error */
+			simple_dialog_set_cb(dialog, outofmemory_cb, NULL);
+			while(1) {
+				main_window_update();
+				/* XXX - how to avoid a busy wait? */
+				/* Sleep(100); */
+			};
+			break;
+		}
+		ENDTRY;
+	}
+  /* We're done reading sequentially through the file. */
+  tf->state = FILE_READ_DONE;
+
+  tf->current_record = tf->first_displayed;
+
+  if (err != 0) {
+    /* Put up a message box noting that the read failed somewhere along
+       the line.  Don't throw out the stuff we managed to read, though,
+       if any. */
+    switch (err) {
+    default:
+      g_snprintf(errmsg_errno, sizeof(errmsg_errno),
+	       "An error occurred while reading the"
+	       " capture file: %s.", strerror(err));
+      errmsg = errmsg_errno;
+      break;
+    }
+    g_snprintf(err_str, sizeof err_str, errmsg);
+    simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK, err_str);
+    return CF_READ_ERROR;
+  } else
+	return CF_READ_OK;
+	
+}
+
 /* Select the record on a given num. */
 void
 tf_select_record(trailer_file *tf, int num)

==== //depot/projects/soc2007/dongmei-auditanalyzer/tfile.h#2 (text+ko) ====

@@ -52,3 +52,5 @@
 	CF_READ_ABORTED		/**< operation aborted by user */
 } tf_read_status_t;
 
+tf_read_status_t tf_read_auditpipe(trailer_file *tf);
+

More information about the p4-projects mailing list