PERFORCE change 146237 for review

Diego Giagio diego at FreeBSD.org
Wed Jul 30 01:10:45 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=146237

Change 146237 by diego at diego_black on 2008/07/30 01:09:46

	Use port from struct sockaddr_* instead of passing it by value.
	Simplify API.

Affected files ...

.. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#3 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#13 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#4 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#5 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#3 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#10 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#4 edit

Differences ...

==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#3 (text) ====

@@ -296,10 +296,10 @@
 
 #if defined(_KERNEL) || defined(KERNEL)
 token_t	*au_to_socket(struct socket *so);
-token_t	*au_to_socket_ex_32(uint16_t domain, uint16_t type, uint16_t lp,
-    uint16_t rp, struct sockaddr *la, struct sockaddr *ta);
-token_t	*au_to_socket_ex_128(uint16_t domain, uint16_t type, uint16_t lp,
-    uint16_t rp, struct sockaddr *la, struct sockaddr *ta);
+token_t	*au_to_socket_ex_32(uint16_t domain, uint16_t type,
+    struct sockaddr *la, struct sockaddr *ta);
+token_t	*au_to_socket_ex_128(uint16_t domain, uint16_t type,
+    struct sockaddr *la, struct sockaddr *ta);
 #endif
 
 token_t	*au_to_sock_inet(struct sockaddr_in *so);

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#13 (text) ====

@@ -183,8 +183,8 @@
 void	 audit_arg_process(struct proc *p);
 void	 audit_arg_signum(u_int signum);
 void	 audit_arg_socket(int sodomain, int sotype, int soprotocol);
-void	 audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport,
-	struct sockaddr *la, struct sockaddr *ra);
+void	 audit_arg_socket_ex(int sodomain, int sotype, struct sockaddr *la,
+    struct sockaddr *ra);
 void	 audit_arg_sockaddr(struct thread *td, struct sockaddr *sa);
 void	 audit_arg_auid(uid_t auid);
 void	 audit_arg_auditinfo(struct auditinfo *au_info);

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#4 (text) ====

@@ -609,7 +609,7 @@
 
 void
 audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, int sotype,
-    int lport, int rport, struct sockaddr *la, struct sockaddr *ra)
+    struct sockaddr *la, struct sockaddr *ra)
 {
 	KASSERT(ar != NULL, ("audit_record_arg_socket_ex: ar == NULL"));
 	KASSERT(la != NULL, ("audit_record_arg_socket_ex: la == NULL"));
@@ -617,16 +617,14 @@
 
 	ar->k_ar.ar_arg_sockconn.sc_domain = sodomain;
 	ar->k_ar.ar_arg_sockconn.sc_type = sotype;
-	ar->k_ar.ar_arg_sockconn.sc_lport = lport;
-	ar->k_ar.ar_arg_sockconn.sc_rport = rport;
 	bcopy(la, &ar->k_ar.ar_arg_sockconn.sc_laddr, la->sa_len);
 	bcopy(ra, &ar->k_ar.ar_arg_sockconn.sc_raddr, ra->sa_len);
 	ARG_SET_VALID(ar, ARG_SOCKCONN);
 }
 
 void
-audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport,
-    struct sockaddr *la, struct sockaddr *ra)
+audit_arg_socket_ex(int sodomain, int sotype, struct sockaddr *la,
+    struct sockaddr *ra)
 {
 	struct kaudit_record *ar;
 
@@ -634,7 +632,7 @@
 	if (ar == NULL)
 		return;
 
-	audit_record_arg_socket_ex(ar, sodomain, sotype, lport, rport, la, ra);
+	audit_record_arg_socket_ex(ar, sodomain, sotype, la, ra);
 }
 
 void

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#5 (text) ====

@@ -1444,15 +1444,11 @@
 				tok = au_to_socket_ex_32(
 				    ar->ar_arg_sockconn.sc_domain,
 				    ar->ar_arg_sockconn.sc_type,
-				    ar->ar_arg_sockconn.sc_lport,
-				    ar->ar_arg_sockconn.sc_rport,
 				    laddr, raddr);
 			} else {
 				tok = au_to_socket_ex_128(
 				    ar->ar_arg_sockconn.sc_domain,
 				    ar->ar_arg_sockconn.sc_type,
-				    ar->ar_arg_sockconn.sc_lport,
-				    ar->ar_arg_sockconn.sc_rport,
 				    laddr, raddr);
 			}
 			kau_write(rec, tok);

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#3 (text) ====

@@ -855,11 +855,13 @@
  * remote address          4 bytes/16 bytes (IPv4/IPv6 address)
  */
 token_t *
-au_to_socket_ex_32(u_int16_t domain, u_int16_t type, u_int16_t lp, u_int16_t rp,
-    struct sockaddr *la, struct sockaddr *ra)
+au_to_socket_ex_32(u_int16_t domain, u_int16_t type, struct sockaddr *la,
+    struct sockaddr *ra)
 {
 	token_t *t;
 	u_char *dptr = NULL;
+	struct sockaddr_in *lai = (struct sockaddr_in*)la;
+	struct sockaddr_in *rai = (struct sockaddr_in*)ra;
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
 	    sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) +
@@ -869,20 +871,22 @@
 	ADD_U_INT16(dptr, domain);
 	ADD_U_INT16(dptr, type);
 	ADD_U_INT16(dptr, AU_IPv4);
-	ADD_U_INT16(dptr, lp);
-	ADD_MEM(dptr, &la->sa_data, AU_IPv4);
-	ADD_U_INT16(dptr, rp);
-	ADD_MEM(dptr, &ra->sa_data, AU_IPv4);
+	ADD_U_INT16(dptr, lai->sin_port);
+	ADD_U_INT32(dptr, lai->sin_addr.s_addr);
+	ADD_U_INT16(dptr, rai->sin_port);
+	ADD_U_INT32(dptr, rai->sin_addr.s_addr);
 
 	return (t);
 }
 
 token_t *
-au_to_socket_ex_128(u_int16_t domain, u_int16_t type, u_int16_t lp,
-    u_int16_t rp, struct sockaddr *la, struct sockaddr *ra)
+au_to_socket_ex_128(u_int16_t domain, u_int16_t type, struct sockaddr *la,
+    struct sockaddr *ra)
 {	
 	token_t *t;
 	u_char *dptr = NULL;
+	struct sockaddr_in6 *lai = (struct sockaddr_in6*)la;
+	struct sockaddr_in6 *rai = (struct sockaddr_in6*)ra;
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
 	    sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) +
@@ -892,10 +896,10 @@
 	ADD_U_INT16(dptr, domain);
 	ADD_U_INT16(dptr, type);
 	ADD_U_INT16(dptr, AU_IPv6);
-	ADD_U_INT16(dptr, lp);
-	ADD_MEM(dptr, &la->sa_data, AU_IPv6);
-	ADD_U_INT16(dptr, rp);
-	ADD_MEM(dptr, &ra->sa_data, AU_IPv6);
+	ADD_U_INT16(dptr, lai->sin6_port);
+	ADD_MEM(dptr, &lai->sin6_addr, 4 * sizeof(u_int32_t));
+	ADD_U_INT16(dptr, rai->sin6_port);
+	ADD_MEM(dptr, &rai->sin6_addr, 4 * sizeof(u_int32_t));
 
 	return (t);
 }

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#10 (text+ko) ====

@@ -322,11 +322,11 @@
 }
 
 static void
-addr_to_sin(u_int32_t addr, struct sockaddr_in *sin)
+addr_port_to_sin(u_int32_t addr, u_int16_t port, struct sockaddr_in *sin)
 {
 	sin->sin_len = sizeof(struct sockaddr_in);
 	sin->sin_family = PF_INET;
-	sin->sin_port = 0;
+	sin->sin_port = port;
 	sin->sin_addr.s_addr = addr;
 }
 
@@ -347,11 +347,11 @@
 	 *
 	 * TODO: check MATCH_FORWARD / MATCH_REVERSE on ip_fw2.c
 	 */
-	addr_to_sin(src, &lsin);
-	addr_to_sin(dst, &rsin);
+	addr_port_to_sin(src, src_port, &lsin);
+	addr_port_to_sin(dst, dst_port, &rsin);
 
 	audit_record_arg_text(ar, "ipfw");
-	audit_record_arg_socket_ex(ar, PF_INET, SOCK_STREAM, src_port, dst_port,
+	audit_record_arg_socket_ex(ar, PF_INET, SOCK_STREAM,
 	    (struct sockaddr*)&lsin, (struct sockaddr*)&rsin);
 	audit_commit(ar, error, 0);
 }

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#4 (text) ====

@@ -121,8 +121,6 @@
 struct sockconn_au_info {
 	int 		sc_domain;
 	int		sc_type;
-	u_short		sc_lport;
-	u_short		sc_rport;
 	struct	sockaddr_storage sc_laddr;
 	struct	sockaddr_storage sc_raddr;
 };
@@ -288,7 +286,7 @@
 void	 audit_record_arg_socket(struct kaudit_record *ar, int sodomain,
     int sotype, int soprotocol);
 void	 audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain,
-    int sotype, int lport, int rport, struct sockaddr *la, struct sockaddr *ra);
+    int sotype, struct sockaddr *la, struct sockaddr *ra);
 void	 audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td,
     struct sockaddr *sa);
 void	 audit_record_arg_auid(struct kaudit_record *ar, uid_t auid);

More information about the p4-projects mailing list