PERFORCE change 146237 for review
Diego Giagio
diego at FreeBSD.org
Wed Jul 30 01:10:45 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=146237
Change 146237 by diego at diego_black on 2008/07/30 01:09:46
Use port from struct sockaddr_* instead of passing it by value.
Simplify API.
Affected files ...
.. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#3 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#13 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#4 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#5 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#3 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#10 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#4 edit
Differences ...
==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#3 (text) ====
@@ -296,10 +296,10 @@
#if defined(_KERNEL) || defined(KERNEL)
token_t *au_to_socket(struct socket *so);
-token_t *au_to_socket_ex_32(uint16_t domain, uint16_t type, uint16_t lp,
- uint16_t rp, struct sockaddr *la, struct sockaddr *ta);
-token_t *au_to_socket_ex_128(uint16_t domain, uint16_t type, uint16_t lp,
- uint16_t rp, struct sockaddr *la, struct sockaddr *ta);
+token_t *au_to_socket_ex_32(uint16_t domain, uint16_t type,
+ struct sockaddr *la, struct sockaddr *ta);
+token_t *au_to_socket_ex_128(uint16_t domain, uint16_t type,
+ struct sockaddr *la, struct sockaddr *ta);
#endif
token_t *au_to_sock_inet(struct sockaddr_in *so);
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#13 (text) ====
@@ -183,8 +183,8 @@
void audit_arg_process(struct proc *p);
void audit_arg_signum(u_int signum);
void audit_arg_socket(int sodomain, int sotype, int soprotocol);
-void audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport,
- struct sockaddr *la, struct sockaddr *ra);
+void audit_arg_socket_ex(int sodomain, int sotype, struct sockaddr *la,
+ struct sockaddr *ra);
void audit_arg_sockaddr(struct thread *td, struct sockaddr *sa);
void audit_arg_auid(uid_t auid);
void audit_arg_auditinfo(struct auditinfo *au_info);
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#4 (text) ====
@@ -609,7 +609,7 @@
void
audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, int sotype,
- int lport, int rport, struct sockaddr *la, struct sockaddr *ra)
+ struct sockaddr *la, struct sockaddr *ra)
{
KASSERT(ar != NULL, ("audit_record_arg_socket_ex: ar == NULL"));
KASSERT(la != NULL, ("audit_record_arg_socket_ex: la == NULL"));
@@ -617,16 +617,14 @@
ar->k_ar.ar_arg_sockconn.sc_domain = sodomain;
ar->k_ar.ar_arg_sockconn.sc_type = sotype;
- ar->k_ar.ar_arg_sockconn.sc_lport = lport;
- ar->k_ar.ar_arg_sockconn.sc_rport = rport;
bcopy(la, &ar->k_ar.ar_arg_sockconn.sc_laddr, la->sa_len);
bcopy(ra, &ar->k_ar.ar_arg_sockconn.sc_raddr, ra->sa_len);
ARG_SET_VALID(ar, ARG_SOCKCONN);
}
void
-audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport,
- struct sockaddr *la, struct sockaddr *ra)
+audit_arg_socket_ex(int sodomain, int sotype, struct sockaddr *la,
+ struct sockaddr *ra)
{
struct kaudit_record *ar;
@@ -634,7 +632,7 @@
if (ar == NULL)
return;
- audit_record_arg_socket_ex(ar, sodomain, sotype, lport, rport, la, ra);
+ audit_record_arg_socket_ex(ar, sodomain, sotype, la, ra);
}
void
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#5 (text) ====
@@ -1444,15 +1444,11 @@
tok = au_to_socket_ex_32(
ar->ar_arg_sockconn.sc_domain,
ar->ar_arg_sockconn.sc_type,
- ar->ar_arg_sockconn.sc_lport,
- ar->ar_arg_sockconn.sc_rport,
laddr, raddr);
} else {
tok = au_to_socket_ex_128(
ar->ar_arg_sockconn.sc_domain,
ar->ar_arg_sockconn.sc_type,
- ar->ar_arg_sockconn.sc_lport,
- ar->ar_arg_sockconn.sc_rport,
laddr, raddr);
}
kau_write(rec, tok);
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#3 (text) ====
@@ -855,11 +855,13 @@
* remote address 4 bytes/16 bytes (IPv4/IPv6 address)
*/
token_t *
-au_to_socket_ex_32(u_int16_t domain, u_int16_t type, u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ra)
+au_to_socket_ex_32(u_int16_t domain, u_int16_t type, struct sockaddr *la,
+ struct sockaddr *ra)
{
token_t *t;
u_char *dptr = NULL;
+ struct sockaddr_in *lai = (struct sockaddr_in*)la;
+ struct sockaddr_in *rai = (struct sockaddr_in*)ra;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) +
@@ -869,20 +871,22 @@
ADD_U_INT16(dptr, domain);
ADD_U_INT16(dptr, type);
ADD_U_INT16(dptr, AU_IPv4);
- ADD_U_INT16(dptr, lp);
- ADD_MEM(dptr, &la->sa_data, AU_IPv4);
- ADD_U_INT16(dptr, rp);
- ADD_MEM(dptr, &ra->sa_data, AU_IPv4);
+ ADD_U_INT16(dptr, lai->sin_port);
+ ADD_U_INT32(dptr, lai->sin_addr.s_addr);
+ ADD_U_INT16(dptr, rai->sin_port);
+ ADD_U_INT32(dptr, rai->sin_addr.s_addr);
return (t);
}
token_t *
-au_to_socket_ex_128(u_int16_t domain, u_int16_t type, u_int16_t lp,
- u_int16_t rp, struct sockaddr *la, struct sockaddr *ra)
+au_to_socket_ex_128(u_int16_t domain, u_int16_t type, struct sockaddr *la,
+ struct sockaddr *ra)
{
token_t *t;
u_char *dptr = NULL;
+ struct sockaddr_in6 *lai = (struct sockaddr_in6*)la;
+ struct sockaddr_in6 *rai = (struct sockaddr_in6*)ra;
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) +
@@ -892,10 +896,10 @@
ADD_U_INT16(dptr, domain);
ADD_U_INT16(dptr, type);
ADD_U_INT16(dptr, AU_IPv6);
- ADD_U_INT16(dptr, lp);
- ADD_MEM(dptr, &la->sa_data, AU_IPv6);
- ADD_U_INT16(dptr, rp);
- ADD_MEM(dptr, &ra->sa_data, AU_IPv6);
+ ADD_U_INT16(dptr, lai->sin6_port);
+ ADD_MEM(dptr, &lai->sin6_addr, 4 * sizeof(u_int32_t));
+ ADD_U_INT16(dptr, rai->sin6_port);
+ ADD_MEM(dptr, &rai->sin6_addr, 4 * sizeof(u_int32_t));
return (t);
}
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#10 (text+ko) ====
@@ -322,11 +322,11 @@
}
static void
-addr_to_sin(u_int32_t addr, struct sockaddr_in *sin)
+addr_port_to_sin(u_int32_t addr, u_int16_t port, struct sockaddr_in *sin)
{
sin->sin_len = sizeof(struct sockaddr_in);
sin->sin_family = PF_INET;
- sin->sin_port = 0;
+ sin->sin_port = port;
sin->sin_addr.s_addr = addr;
}
@@ -347,11 +347,11 @@
*
* TODO: check MATCH_FORWARD / MATCH_REVERSE on ip_fw2.c
*/
- addr_to_sin(src, &lsin);
- addr_to_sin(dst, &rsin);
+ addr_port_to_sin(src, src_port, &lsin);
+ addr_port_to_sin(dst, dst_port, &rsin);
audit_record_arg_text(ar, "ipfw");
- audit_record_arg_socket_ex(ar, PF_INET, SOCK_STREAM, src_port, dst_port,
+ audit_record_arg_socket_ex(ar, PF_INET, SOCK_STREAM,
(struct sockaddr*)&lsin, (struct sockaddr*)&rsin);
audit_commit(ar, error, 0);
}
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#4 (text) ====
@@ -121,8 +121,6 @@
struct sockconn_au_info {
int sc_domain;
int sc_type;
- u_short sc_lport;
- u_short sc_rport;
struct sockaddr_storage sc_laddr;
struct sockaddr_storage sc_raddr;
};
@@ -288,7 +286,7 @@
void audit_record_arg_socket(struct kaudit_record *ar, int sodomain,
int sotype, int soprotocol);
void audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain,
- int sotype, int lport, int rport, struct sockaddr *la, struct sockaddr *ra);
+ int sotype, struct sockaddr *la, struct sockaddr *ra);
void audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td,
struct sockaddr *sa);
void audit_record_arg_auid(struct kaudit_record *ar, uid_t auid);
More information about the p4-projects
mailing list