PERFORCE change 135602 for review

Sun Feb 17 14:44:51 PST 2008

http://perforce.freebsd.org/chv.cgi?CH=135602

Change 135602 by alm at alm_praetorian on 2008/02/17 22:44:28

	Clean up component and configuration file parsing, beginning of
	support for src network components.

Affected files ...

.. //depot/projects/trustedbsd/netauditd/netauditd.c#4 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.conf#2 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/netauditd/netauditd.c#4 (text+ko) ====

@@ -52,8 +52,9 @@
 	int		(*c_func)(args_t *);
 } conftab[] = {
 	{ "src", "pipe", 4, conf_parse_src_pipe },
+	{ "src", "net", 5, conf_parse_net },
 	{ "dst", "trail", 5, conf_parse_dst_trail },
-	{ "dst", "net", 6, conf_parse_dst_net },
+	{ "dst", "net", 6, conf_parse_net },
 	{ NULL, NULL, 0, NULL }
 };
 
@@ -64,6 +65,77 @@
 TAILQ_HEAD(au_dstlist, au_cmpnt)	au_dstlist;
 
 struct au_cmpnt *
+component_init(int is_src, char *type, char *name)
+{
+	struct au_cmpnt *new;
+
+	new = malloc(sizeof(struct au_cmpnt));
+	if (new == NULL)
+		return (NULL);
+	memset(new, 0, sizeof(struct au_cmpnt));
+	if (is_src) {
+		if (strcmp(type, "net") == 0)
+			new->ac_type = NETAUDIT_SRC_NET;
+		else if (strcmp(type, "pipe") == 0)
+			new->ac_type = NETAUDIT_SRC_PIPE;
+		else {
+			free(new);
+			return (NULL);
+		}
+	}
+	else {
+		if (strcmp(type, "net") == 0)
+			new->ac_type = NETAUDIT_DST_NET;
+		else if (strcmp(type, "trail") == 0)
+			new->ac_type = NETAUDIT_DST_TRAIL;
+		else {
+			free(new);
+			return (NULL);
+		}
+	}
+	if ((new->ac_name = strdup(name)) == NULL) {
+		free(new);
+		return (NULL);
+	}
+	TAILQ_INIT(&new->ac_oq);
+	return (new);
+}
+
+int
+component_clear_oq(struct au_cmpnt *ptr)
+{
+	struct au_queue_ent *a, *b;
+
+	if (TAILQ_EMPTY(&ptr->ac_oq))
+		return (0);
+	TAILQ_FOREACH_SAFE(a, &ptr->ac_oq, aq_glue, b) {
+		TAILQ_REMOVE(&ptr->ac_oq, a, aq_glue);
+		a->aq_ptr->ar_refcount--;
+		if (a->aq_ptr->ar_refcount == 0) {
+			free(a->aq_ptr->ar_sbuf);
+			free(a->aq_ptr);
+		}
+		free(a);
+	}
+	return (1);
+}
+
+void
+component_destroy(struct au_cmpnt *ptr)
+{
+	if (ptr->ac_name != NULL)
+		free(ptr->ac_name);
+	if (ptr->ac_path != NULL)
+		free(ptr->ac_path);
+	if (ptr->ac_ainfo != NULL)
+		freeaddrinfo(ptr->ac_ainfo);
+	if (ptr->ac_consumers != NULL)
+		free(ptr->ac_consumers);
+	component_clear_oq(ptr);
+	free(ptr);
+}
+
+struct au_cmpnt *
 conf_get_src(char *name)
 {
 	struct au_cmpnt *ret;
@@ -76,12 +148,53 @@
 }
 
 int
+conf_parse_net(args_t *a)
+{
+	struct addrinfo hints;
+	struct au_cmpnt *new;
+	char *host, *svc;
+	int is_src = 0;
+
+	if (strcmp(a->args[0], "src") == 0)
+		is_src = 1;
+	else if (strcmp(a->args[0], "dst") != 0)
+		return (-1);
+	host = a->args[3];
+	svc = a->args[4];
+	if ((new = component_init(is_src, a->args[2], a->args[1])) == NULL)
+		exit(2);
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_STREAM;
+	if (is_src) {
+		hints.ai_flags = AI_PASSIVE;
+		new->ac_type = NETAUDIT_SRC_NET;
+	}
+	else
+		new->ac_type = NETAUDIT_DST_NET;
+	if (getaddrinfo(host, svc, &hints, &new->ac_ainfo) != 0) {
+		free(new);
+		return (-1);
+	}
+	if (is_src)
+		TAILQ_INSERT_TAIL(&au_srclist, new, ac_glue);
+	else {
+		if (conf_link_consumers(new, a, 5) == -1) {
+			component_destroy(new);
+			return (-1);
+		}
+		TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue);
+	}
+	return (0);
+}
+
+int
 conf_link_consumers(struct au_cmpnt *ac, args_t *a, int start)
 {
 	struct au_cmpnt *ptr;
-	int i, j;
+	int i;
 
-	for (j = 0, i = start; i < a->args_n; i++) {
+	for (i = start; i < a->args_n; i++) {
 		if ((ptr = conf_get_src(a->args[i])) == NULL)
 			return (-1);
 		dprintf("%s <- %s\n", ac->ac_name, ptr->ac_name);
@@ -104,13 +217,8 @@
 {
 	struct au_cmpnt *new;
 
-	new = malloc(sizeof(struct au_cmpnt));
-	if (new == NULL)
+	if ((new = component_init(1, a->args[2], a->args[1])) == NULL)
 		exit(2);
-	memset(new, 0, sizeof(struct au_cmpnt));
-	if ((new->ac_name = strdup(a->args[1])) == NULL)
-		exit(2);
-	new->ac_type = NETAUDIT_SRC_PIPE;
 	if ((new->ac_path = strdup(a->args[3])) == NULL)
 		exit(2);
 	TAILQ_INSERT_TAIL(&au_srclist, new, ac_glue);
@@ -122,18 +230,14 @@
 {
 	struct au_cmpnt *new;
 
-	new = malloc(sizeof(struct au_cmpnt));
-	if (new == NULL)
+	if ((new = component_init(0, a->args[2], a->args[1])) == NULL)
 		exit(2);
-	memset(new, 0, sizeof(struct au_cmpnt));
-	if ((new->ac_name = strdup(a->args[1])) == NULL)
-		exit(2);
-	new->ac_type = NETAUDIT_DST_TRAIL;
 	if ((new->ac_path = strdup(a->args[3])) == NULL)
 		exit(2);
-	if (conf_link_consumers(new, a, 4) == -1)
+	if (conf_link_consumers(new, a, 4) == -1) {
+		component_destroy(new);
 		return (-1);
-	TAILQ_INIT(&new->ac_oq);
+	}
 	TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue);
 	return (0);
 }

==== //depot/projects/trustedbsd/netauditd/netauditd.conf#2 (text+ko) ====

@@ -1,6 +1,7 @@
 # $Id: netauditd.conf,v 1.3 2008/02/14 05:13:47 alm Exp $
 
 src src0 pipe /dev/auditpipe
+#src src1 net 0.0.0.0 9999
 
 dst dst0 trail /tmp/src0/trail src0
 

==== //depot/projects/trustedbsd/netauditd/netauditd.h#2 (text+ko) ====

@@ -32,6 +32,7 @@
 #define	NETAUDIT_DELAY_TIMER		100000
 
 #define NETAUDIT_SRC_PIPE		1
+#define NETAUDIT_SRC_NET		2
 #define NETAUDIT_DST_TRAIL		1
 #define NETAUDIT_DST_NET		2
 
@@ -66,13 +67,18 @@
 	int     args_n;
 } args_t;
 
+int		component_clear_oq(struct au_cmpnt *);
+void		component_destroy(struct au_cmpnt *);
+struct au_cmpnt	*component_init(int, char *, char *);
 struct au_cmpnt	*conf_get_src(char *);
 void		conf_load(char *);
-int		conf_link_consumer(struct au_cmpnt *, args_t *, int);
+int		conf_link_consumers(struct au_cmpnt *, args_t *, int);
 void		conf_parse(char *, int);
 int		conf_parse_src_pipe(args_t *);
 int		conf_parse_dst_trail(args_t *);
 int		conf_parse_dst_net(args_t *);
+int		conf_parse_src_net(args_t *);
+int		conf_parse_net(args_t *);
 args_t		*conf_parse_args(char *);
 void		conf_free_args(args_t *);
 void		dprintf(char *, ...);
