PERFORCE change 135627 for review
Aaron Meihm
alm at FreeBSD.org
Sun Feb 17 21:40:10 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=135627
Change 135627 by alm at alm_praetorian on 2008/02/18 05:39:14
Various code cleanup. Introduce srcbuffer struct for incoming
records from network peers.
Affected files ...
.. //depot/projects/trustedbsd/netauditd/netauditd.c#5 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.conf#3 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.h#3 edit
Differences ...
==== //depot/projects/trustedbsd/netauditd/netauditd.c#5 (text+ko) ====
@@ -112,7 +112,7 @@
TAILQ_REMOVE(&ptr->ac_oq, a, aq_glue);
a->aq_ptr->ar_refcount--;
if (a->aq_ptr->ar_refcount == 0) {
- free(a->aq_ptr->ar_sbuf);
+ free(a->aq_ptr->ar_rec);
free(a->aq_ptr);
}
free(a);
@@ -242,33 +242,6 @@
return (0);
}
-int
-conf_parse_dst_net(args_t *a)
-{
- struct addrinfo hints;
- struct au_cmpnt *new;
- int error;
-
- new = malloc(sizeof(struct au_cmpnt));
- if (new == NULL)
- exit(2);
- memset(new, 0, sizeof(struct au_cmpnt));
- if ((new->ac_name = strdup(a->args[1])) == NULL)
- exit(2);
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- error = getaddrinfo(a->args[3], a->args[4], &hints, &new->ac_ainfo);
- if (error)
- return (-1);
- new->ac_type = NETAUDIT_DST_NET;
- if (conf_link_consumers(new, a, 5) == -1)
- return (-1);
- TAILQ_INIT(&new->ac_oq);
- TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue);
- return (0);
-}
-
args_t *
conf_parse_args(char *buf)
{
@@ -422,6 +395,9 @@
if (au->ac_fd == -1)
err(1, "%s", au->ac_path);
break;
+ case NETAUDIT_SRC_NET:
+ netaudit_socket_listen(au);
+ break;
default:
exit(2);
}
@@ -514,8 +490,8 @@
dprintf("consumer %s running output queue\n",
au->ac_name);
r = q->aq_ptr;
- s = r->ar_sbuflen - q->aq_remain;
- ret = write(au->ac_fd, r->ar_sbuf + s,
+ s = r->ar_reclen - q->aq_remain;
+ ret = write(au->ac_fd, r->ar_rec + s,
q->aq_remain);
if (ret == -1) {
if (errno == EAGAIN)
@@ -532,7 +508,7 @@
free(q);
r->ar_refcount--;
if (r->ar_refcount == 0) {
- free(r->ar_sbuf);
+ free(r->ar_rec);
free(r);
}
}
@@ -555,7 +531,7 @@
exit(2);
memset(new, 0, sizeof(struct au_queue_ent));
new->aq_ptr = rec;
- new->aq_remain = rec->ar_sbuflen;
+ new->aq_remain = rec->ar_reclen;
TAILQ_INSERT_TAIL(&au->ac_consumers[i]->ac_oq, new, aq_glue);
dprintf("queued %p: %s\n", rec, au->ac_consumers[i]->ac_name);
}
@@ -568,24 +544,52 @@
if ((new = malloc(sizeof(struct au_recbuf))) == NULL)
exit(2);
- if ((new->ar_sbuf = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL)
+ if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL)
exit(2);
/*
* XXXCSJP: It is possible that the audit record will be greater then
* NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it.
*/
- new->ar_sbuflen = read(au->ac_fd, new->ar_sbuf, NETAUDIT_PIPE_BUFSIZE);
- if (new->ar_sbuflen == -1) {
+ new->ar_reclen = read(au->ac_fd, new->ar_rec, NETAUDIT_PIPE_BUFSIZE);
+ if (new->ar_reclen == -1) {
if (errno != EAGAIN)
exit(2);
else
return;
}
- dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_sbuflen);
+ dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_reclen);
netaudit_queue_record(au, new);
}
void
+netaudit_socket_listen(struct au_cmpnt *au)
+{
+ struct addrinfo *addrptr;
+ int flags;
+
+ addrptr = au->ac_ainfo;
+ au->ac_fd = socket(addrptr->ai_family, addrptr->ai_socktype,
+ addrptr->ai_protocol);
+ if (au->ac_fd == -1)
+ err(1, "socket");
+ if (bind(au->ac_fd, addrptr->ai_addr, addrptr->ai_addrlen) == -1)
+ err(1, "bind");
+ if (listen(au->ac_fd, 16) == -1)
+ err(1, "listen");
+ if ((flags = fcntl(au->ac_fd, F_GETFL)) == -1)
+ exit(2);
+ flags |= O_NONBLOCK;
+ if (fcntl(au->ac_fd, F_SETFL, flags) == -1)
+ exit(2);
+}
+
+int
+netaudit_socket_read(struct au_cmpnt *au)
+{
+ return (0);
+}
+
+void
usage()
{
fputs("usage: netauditd [-dh] [-f path]\n", stderr);
==== //depot/projects/trustedbsd/netauditd/netauditd.conf#3 (text+ko) ====
@@ -1,8 +1,7 @@
-# $Id: netauditd.conf,v 1.3 2008/02/14 05:13:47 alm Exp $
+# netauditd configuration file
src src0 pipe /dev/auditpipe
-#src src1 net 0.0.0.0 9999
+src src1 net 0.0.0.0 9999
-dst dst0 trail /tmp/src0/trail src0
-
+dst dst0 trail /tmp/src0/trail src1
dst dst1 net 127.0.0.1 9999 src0
==== //depot/projects/trustedbsd/netauditd/netauditd.h#3 (text+ko) ====
@@ -37,9 +37,9 @@
#define NETAUDIT_DST_NET 2
struct au_recbuf {
- void *ar_sbuf; /* Store buffer */
- u_int32_t ar_sbuflen; /* Buffer data length */
- u_int32_t ar_refcount;
+ void *ar_rec;
+ u_int32_t ar_reclen;
+ u_int32_t ar_refcount;
};
struct au_queue_ent {
@@ -48,18 +48,28 @@
TAILQ_ENTRY(au_queue_ent) aq_glue;
};
+struct au_srcbuffer {
+ struct au_cmpnt *sb_parent;
+ int sb_fd;
+ u_int32_t sb_reclen;
+ u_char *sb_rec;
+ u_char sb_buf[8192];
+ u_char sb_header[5];
+ TAILQ_ENTRY(au_srcbuffer) sb_glue;
+};
+
struct au_cmpnt {
- char *ac_name; /* Component name */
- int ac_type; /* Component type */
- int ac_fd; /* Component fd */
- int ac_established;
- int ac_remain;
- char *ac_path; /* Component path */
- struct addrinfo *ac_ainfo;
- struct au_cmpnt **ac_consumers; /* Consumer list */
- unsigned int ac_nconsumers;
- TAILQ_HEAD(ac_oq, au_queue_ent) ac_oq; /* Output queue */
- TAILQ_ENTRY(au_cmpnt) ac_glue;
+ char *ac_name;
+ int ac_type;
+ int ac_fd;
+ int ac_established;
+ char *ac_path;
+ struct addrinfo *ac_ainfo;
+ struct au_cmpnt **ac_consumers;
+ unsigned int ac_nconsumers;
+ TAILQ_HEAD(ac_oq, au_queue_ent) ac_oq;
+ TAILQ_HEAD(ac_sbufq, au_srcbuffer) ac_sbufq;
+ TAILQ_ENTRY(au_cmpnt) ac_glue;
};
typedef struct _args_t {
@@ -76,8 +86,6 @@
void conf_parse(char *, int);
int conf_parse_src_pipe(args_t *);
int conf_parse_dst_trail(args_t *);
-int conf_parse_dst_net(args_t *);
-int conf_parse_src_net(args_t *);
int conf_parse_net(args_t *);
args_t *conf_parse_args(char *);
void conf_free_args(args_t *);
@@ -87,4 +95,6 @@
void netaudit_queue_record(struct au_cmpnt *, struct au_recbuf *);
void netaudit_pipe_read(struct au_cmpnt *);
void netaudit_run(void);
+void netaudit_socket_listen(struct au_cmpnt *);
+int netaudit_socket_read(struct au_cmpnt *);
void usage(void);
More information about the p4-projects
mailing list