PERFORCE change 190065 for review
Efstratios Karatzas
gpf at FreeBSD.org
Tue Mar 15 17:30:23 UTC 2011
http://p4web.freebsd.org/@@190065?ac=10
Change 190065 by gpf at gpf_desktop on 2011/03/15 17:29:45
- update values for new events
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#10 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/sys/bsm/audit_kevents.h#2 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#7 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#10 (text) ====
@@ -12,7 +12,10 @@
#
# 0 Reserved and invalid
# 1 - 2047 Reserved for Solaris kernel events
-# 2048 - 5999 Reserved and unallocated
+# 2048 - 2999 Reserved and unallocated
+# 3000 - 3999 Reserved for NFS specific kernel events
+# 4000 - 4999 Reserved for firewall kernel events
+# 5000 - 5999 Reserved and unallocated
# 6000 - 9999 Reserved for Solaris user events
# 10000 - 32767 Reserved and unallocated
# 32768 - 65535 Available for third party applications
@@ -362,74 +365,74 @@
#
# NFS-specific kernel events
#
-2000:AUE_NFS_NULL:nfsrv_null():nfs,ot
-2001:AUE_NFS_GETATTR:nfsrv_getattr():nfs,fa
-2002:AUE_NFS_SETATTR:nfsrv_setattr():nfs,fm
-2003:AUE_NFS_LOOKUP:nfsrv_lookup():nfs,fa,ad
-2004:AUE_NFS_ACCESS:nfsrv_access():nfs,fa
-2005:AUE_NFS_READLINK:nfsrv_readlink():nfs,fr
-2006:AUE_NFS_READ:nfsrv_read():nfs,fr
-2007:AUE_NFS_WRITE:nfsrv_write():nfs,fw
-2008:AUE_NFS_CREATE:nfsrv_create():nfs,fc,ad
-2009:AUE_NFS_MKDIR:nfsrv_mkdir():nfs,fc,ad
-2010:AUE_NFS_SYMLINK:nfsrv_symlink():nfs,fc,ad
-2011:AUE_NFS_MKNOD:nfsrv_mknod():nfs,fc,ad
-2012:AUE_NFS_REMOVE:nfsrv_remove():nfs,fd
-2013:AUE_NFS_RMDIR:nfsrv_rmdir():nfs,fd
-2014:AUE_NFS_RENAME:nfsrv_rename():nfs,fc,fd
-2015:AUE_NFS_LINK:nfsrv_link():nfs,fc
-2016:AUE_NFS_READDIR:nfsrv_readdir():nfs,fr
-2017:AUE_NFS_READDIR_PLUS:nfsrv_readdirplus():nfs,fr,ad
-2018:AUE_NFS_STATFS:nfsrv_statfs():nfs,fa
-2019:AUE_NFS_FSINFO:nfsrv_fsinfo():nfs,ot
-2020:AUE_NFS_PATHCONF:nfsrv_pathconf():nfs,fa
-2021:AUE_NFS_COMMIT:nfsrv_commit():nfs,fw
-2022:AUE_NFS_NOOP:nfsrv_noop():nfs,no
+3000:AUE_NFS_NULL:nfsrv_null():nfs,ot
+3001:AUE_NFS_GETATTR:nfsrv_getattr():nfs,fa
+3002:AUE_NFS_SETATTR:nfsrv_setattr():nfs,fm
+3003:AUE_NFS_LOOKUP:nfsrv_lookup():nfs,fa,ad
+3004:AUE_NFS_ACCESS:nfsrv_access():nfs,fa
+3005:AUE_NFS_READLINK:nfsrv_readlink():nfs,fr
+3006:AUE_NFS_READ:nfsrv_read():nfs,fr
+3007:AUE_NFS_WRITE:nfsrv_write():nfs,fw
+3008:AUE_NFS_CREATE:nfsrv_create():nfs,fc,ad
+3009:AUE_NFS_MKDIR:nfsrv_mkdir():nfs,fc,ad
+3010:AUE_NFS_SYMLINK:nfsrv_symlink():nfs,fc,ad
+3011:AUE_NFS_MKNOD:nfsrv_mknod():nfs,fc,ad
+3012:AUE_NFS_REMOVE:nfsrv_remove():nfs,fd
+3013:AUE_NFS_RMDIR:nfsrv_rmdir():nfs,fd
+3014:AUE_NFS_RENAME:nfsrv_rename():nfs,fc,fd
+3015:AUE_NFS_LINK:nfsrv_link():nfs,fc
+3016:AUE_NFS_READDIR:nfsrv_readdir():nfs,fr
+3017:AUE_NFS_READDIR_PLUS:nfsrv_readdirplus():nfs,fr,ad
+3018:AUE_NFS_STATFS:nfsrv_statfs():nfs,fa
+3019:AUE_NFS_FSINFO:nfsrv_fsinfo():nfs,ot
+3020:AUE_NFS_PATHCONF:nfsrv_pathconf():nfs,fa
+3021:AUE_NFS_COMMIT:nfsrv_commit():nfs,fw
+3022:AUE_NFS_NOOP:nfsrv_noop():nfs,no
#
# NFSv4 specific RPC events
#
-2023:AUE_NFS_CLOSE:nfsrv_close():nfs,cl
-2024:AUE_NFS_DELEGPURGE:nfsrv_delegpurge():nfs,ad
-2025:AUE_NFS_DELEGRETURN:nfsrv_delegreturn():nfs,ad
-2026:AUE_NFSv4_GETFH:nfsrv4_getfh():nfs,ad
-2027:AUE_NFS_LOCK:nfsrv_lock():nfs,fm
-2028:AUE_NFS_LOCKT:nfsrv_lockt():nfs,fm
-2029:AUE_NFS_LOCKU:nfsrv_locku():nfs,fm
-2030:AUE_NFS_LOOKUPP:nfsrv_lookupp():nfs,fa,ad
-2031:AUE_NFS_NVERIFY:nfsrv_nverify():nfs,fa
-2032:AUE_NFS_OPEN:nfsrv_open():nfs,fa
-2033:AUE_NFS_OPENATTR:nfsrv_openattr():nfs,fa
-2034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():nfs,fa
-2035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():nfs,fm
-2036:AUE_NFS_PUTFH:nfsrv_putfh():nfs,ad
-2037:AUE_NFS_PUTPUBFH:nfsrv_putpubfh():nfs,ad
-2038:AUE_NFS_PUTROOTFH:nfsrv_putrootfh():nfs,ad
-2039:AUE_NFS_RENEW:nfsrv_renew():nfs,ad
-2040:AUE_NFS_RESTOREFH:nfsrv_restorefh():nfs,ad
-2041:AUE_NFS_SAVEFH:nfsrv_savefh():nfs,ad
-2042:AUE_NFS_SECINFO:nfsrv_secinfo():nfs,ot
-2043:AUE_NFS_SETCLIENTID:nfsrv_setclientid():nfs,aa
-2044:AUE_NFS_SETCLIENTIDCFRM:nfsrv_setclientidcfrm():nfs,aa
-2045:AUE_NFS_VERIFY:nfsrv_verify():nfs,fa
-2046:AUE_NFS_RELEASELCKOWN:nfsrv_releaselckown():nfs,ad
-2047:AUE_NFS_OPEN_R:nfsrv_open() - read:nfs,fr
-2048:AUE_NFS_OPEN_RC:nfsrv_open() - read, creat:nfs,fr,fc,fa,fm
-2049:AUE_NFS_OPEN_RTC:nfsrv_open() - read, trunc, creat:nfs,fr,fd,fc,fa,fm
-2050:AUE_NFS_OPEN_RT:nfsrv_open() - read, trunc:nfs,fr,fd,fa,fm
-2051:AUE_NFS_OPEN_RW:nfsrv_open() - read, write:nfs,fr,fw
-2052:AUE_NFS_OPEN_RWC:nfsrv_open() - read, write, creat:nfs,fr,fw,fc,fa,fm
-2053:AUE_NFS_OPEN_RWTC:nfsrv_open() - read, write, trunc, creat:nfs,fr,fw,fd,fc,fa,fm
-2054:AUE_NFS_OPEN_RWT:nfsrv_open() - read, write, trunc:nfs,fr,fw,fd,fa,fm
-2055:AUE_NFS_OPEN_W:nfsrv_open() - write:nfs,fw
-2056:AUE_NFS_OPEN_WC:nfsrv_open() - write, creat:nfs,fw,fc,fa,fm
-2057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:nfs,fw,fd,fc,fa,fm
-2058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:nfs,fw,fd,fa,fm
+3023:AUE_NFS_CLOSE:nfsrv_close():nfs,cl
+3024:AUE_NFS_DELEGPURGE:nfsrv_delegpurge():nfs,ad
+3025:AUE_NFS_DELEGRETURN:nfsrv_delegreturn():nfs,ad
+3026:AUE_NFSv4_GETFH:nfsrv4_getfh():nfs,ad
+3027:AUE_NFS_LOCK:nfsrv_lock():nfs,fm
+3028:AUE_NFS_LOCKT:nfsrv_lockt():nfs,fm
+3029:AUE_NFS_LOCKU:nfsrv_locku():nfs,fm
+3030:AUE_NFS_LOOKUPP:nfsrv_lookupp():nfs,fa,ad
+3031:AUE_NFS_NVERIFY:nfsrv_nverify():nfs,fa
+3032:AUE_NFS_OPEN:nfsrv_open():nfs,fa
+3033:AUE_NFS_OPENATTR:nfsrv_openattr():nfs,fa
+3034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():nfs,fa
+3035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():nfs,fm
+3036:AUE_NFS_PUTFH:nfsrv_putfh():nfs,ad
+3037:AUE_NFS_PUTPUBFH:nfsrv_putpubfh():nfs,ad
+3038:AUE_NFS_PUTROOTFH:nfsrv_putrootfh():nfs,ad
+3039:AUE_NFS_RENEW:nfsrv_renew():nfs,ad
+3040:AUE_NFS_RESTOREFH:nfsrv_restorefh():nfs,ad
+3041:AUE_NFS_SAVEFH:nfsrv_savefh():nfs,ad
+3042:AUE_NFS_SECINFO:nfsrv_secinfo():nfs,ot
+3043:AUE_NFS_SETCLIENTID:nfsrv_setclientid():nfs,aa
+3044:AUE_NFS_SETCLIENTIDCFRM:nfsrv_setclientidcfrm():nfs,aa
+3045:AUE_NFS_VERIFY:nfsrv_verify():nfs,fa
+3046:AUE_NFS_RELEASELCKOWN:nfsrv_releaselckown():nfs,ad
+3047:AUE_NFS_OPEN_R:nfsrv_open() - read:nfs,fr
+3048:AUE_NFS_OPEN_RC:nfsrv_open() - read, creat:nfs,fr,fc,fa,fm
+3049:AUE_NFS_OPEN_RTC:nfsrv_open() - read, trunc, creat:nfs,fr,fd,fc,fa,fm
+3050:AUE_NFS_OPEN_RT:nfsrv_open() - read, trunc:nfs,fr,fd,fa,fm
+3051:AUE_NFS_OPEN_RW:nfsrv_open() - read, write:nfs,fr,fw
+3052:AUE_NFS_OPEN_RWC:nfsrv_open() - read, write, creat:nfs,fr,fw,fc,fa,fm
+3053:AUE_NFS_OPEN_RWTC:nfsrv_open() - read, write, trunc, creat:nfs,fr,fw,fd,fc,fa,fm
+3054:AUE_NFS_OPEN_RWT:nfsrv_open() - read, write, trunc:nfs,fr,fw,fd,fa,fm
+3055:AUE_NFS_OPEN_W:nfsrv_open() - write:nfs,fw
+3056:AUE_NFS_OPEN_WC:nfsrv_open() - write, creat:nfs,fw,fc,fa,fm
+3057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:nfs,fw,fd,fc,fa,fm
+3058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:nfs,fw,fd,fa,fm
#
# Firewall Events
# note: class 'aa' is only temporarily used
#
-3000:AUE_PFIL_ENABLE:enable packet filtering:aa
-3001:AUE_PFIL_DISABLE:disable packet filtering:aa
+4000:AUE_PFIL_ENABLE:enable packet filtering:aa
+4001:AUE_PFIL_DISABLE:disable packet filtering:aa
#
# OpenBSM-specific kernel events.
#
==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/sys/bsm/audit_kevents.h#2 (text) ====
@@ -33,9 +33,10 @@
#define _BSM_AUDIT_KEVENTS_H_
/*
- * The reserved event numbers for kernel events are 1...2047 and 43001..44900.
+ * The reserved event numbers for kernel events are 1...2047, 3000...4999 and 43001..44900.
*/
#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \
+ ((e) > 2999 && (e) < 5000) || \
((e) > 43000 && (e) < 45000))
/*
@@ -384,6 +385,75 @@
#define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */
/*
+ * NFS RPC events
+ */
+#define AUE_NFS_NULL 3000
+#define AUE_NFS_GETATTR 3001
+#define AUE_NFS_SETATTR 3002
+#define AUE_NFS_LOOKUP 3003
+#define AUE_NFS_ACCESS 3004
+#define AUE_NFS_READLINK 3005
+#define AUE_NFS_READ 3006
+#define AUE_NFS_WRITE 3007
+#define AUE_NFS_CREATE 3008
+#define AUE_NFS_MKDIR 3009
+#define AUE_NFS_SYMLINK 3010
+#define AUE_NFS_MKNOD 3011
+#define AUE_NFS_REMOVE 3012
+#define AUE_NFS_RMDIR 3013
+#define AUE_NFS_RENAME 3014
+#define AUE_NFS_LINK 3015
+#define AUE_NFS_READDIR 3016
+#define AUE_NFS_READDIR_PLUS 3017
+#define AUE_NFS_STATFS 3018
+#define AUE_NFS_FSINFO 3019
+#define AUE_NFS_PATHCONF 3020
+#define AUE_NFS_COMMIT 3021
+#define AUE_NFS_NOOP 3022
+/* NFSv4 specific RPC events */
+#define AUE_NFS_CLOSE 3023
+#define AUE_NFS_DELEGPURGE 3024
+#define AUE_NFS_DELEGRETURN 3025
+#define AUE_NFSv4_GETFH 3026
+#define AUE_NFS_LOCK 3027
+#define AUE_NFS_LOCKT 3028
+#define AUE_NFS_LOCKU 3029
+#define AUE_NFS_LOOKUPP 3030
+#define AUE_NFS_NVERIFY 3031
+#define AUE_NFS_OPEN 3032
+#define AUE_NFS_OPENATTR 3033
+#define AUE_NFS_OPENCONFIRM 3034
+#define AUE_NFS_OPENDOWNGRADE 3035
+#define AUE_NFS_PUTFH 3036
+#define AUE_NFS_PUTPUBFH 3037
+#define AUE_NFS_PUTROOTFH 3038
+#define AUE_NFS_RENEW 3039
+#define AUE_NFS_RESTOREFH 3040
+#define AUE_NFS_SAVEFH 3041
+#define AUE_NFS_SECINFO 3042
+#define AUE_NFS_SETCLIENTID 3043
+#define AUE_NFS_SETCLIENTIDCFRM 3044
+#define AUE_NFS_VERIFY 3045
+#define AUE_NFS_RELEASELCKOWN 3046
+#define AUE_NFS_OPEN_R 3047
+#define AUE_NFS_OPEN_RC 3048
+#define AUE_NFS_OPEN_RTC 3049
+#define AUE_NFS_OPEN_RT 3050
+#define AUE_NFS_OPEN_RW 3051
+#define AUE_NFS_OPEN_RWC 3052
+#define AUE_NFS_OPEN_RWTC 3053
+#define AUE_NFS_OPEN_RWT 3054
+#define AUE_NFS_OPEN_W 3055
+#define AUE_NFS_OPEN_WC 3056
+#define AUE_NFS_OPEN_WTC 3057
+#define AUE_NFS_OPEN_WT 3058
+/*
+ * Firewall Events
+ */
+#define AUE_PFIL_ENABLE 4000
+#define AUE_PFIL_DISABLE 4001
+
+/*
* Audit event identifiers added as part of OpenBSM, generally corresponding
* to events in FreeBSD, Darwin, and Linux that were not present in Solaris.
* These often duplicate events added to the Solaris set by Darwin, but use
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#7 (text) ====
@@ -34,9 +34,10 @@
#define _BSM_AUDIT_KEVENTS_H_
/*
- * The reserved event numbers for kernel events are 1...2047 and 43001..44900.
+ * The reserved event numbers for kernel events are 1...2047, 3000...4999 and 43001..44900.
*/
#define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \
+ ((e) > 2999 && (e) < 5000) || \
((e) > 43000 && (e) < 45000))
/*
@@ -387,71 +388,71 @@
/*
* NFS RPC events
*/
-#define AUE_NFS_NULL 2000
-#define AUE_NFS_GETATTR 2001
-#define AUE_NFS_SETATTR 2002
-#define AUE_NFS_LOOKUP 2003
-#define AUE_NFS_ACCESS 2004
-#define AUE_NFS_READLINK 2005
-#define AUE_NFS_READ 2006
-#define AUE_NFS_WRITE 2007
-#define AUE_NFS_CREATE 2008
-#define AUE_NFS_MKDIR 2009
-#define AUE_NFS_SYMLINK 2010
-#define AUE_NFS_MKNOD 2011
-#define AUE_NFS_REMOVE 2012
-#define AUE_NFS_RMDIR 2013
-#define AUE_NFS_RENAME 2014
-#define AUE_NFS_LINK 2015
-#define AUE_NFS_READDIR 2016
-#define AUE_NFS_READDIR_PLUS 2017
-#define AUE_NFS_STATFS 2018
-#define AUE_NFS_FSINFO 2019
-#define AUE_NFS_PATHCONF 2020
-#define AUE_NFS_COMMIT 2021
-#define AUE_NFS_NOOP 2022
+#define AUE_NFS_NULL 3000
+#define AUE_NFS_GETATTR 3001
+#define AUE_NFS_SETATTR 3002
+#define AUE_NFS_LOOKUP 3003
+#define AUE_NFS_ACCESS 3004
+#define AUE_NFS_READLINK 3005
+#define AUE_NFS_READ 3006
+#define AUE_NFS_WRITE 3007
+#define AUE_NFS_CREATE 3008
+#define AUE_NFS_MKDIR 3009
+#define AUE_NFS_SYMLINK 3010
+#define AUE_NFS_MKNOD 3011
+#define AUE_NFS_REMOVE 3012
+#define AUE_NFS_RMDIR 3013
+#define AUE_NFS_RENAME 3014
+#define AUE_NFS_LINK 3015
+#define AUE_NFS_READDIR 3016
+#define AUE_NFS_READDIR_PLUS 3017
+#define AUE_NFS_STATFS 3018
+#define AUE_NFS_FSINFO 3019
+#define AUE_NFS_PATHCONF 3020
+#define AUE_NFS_COMMIT 3021
+#define AUE_NFS_NOOP 3022
/* NFSv4 specific RPC events */
-#define AUE_NFS_CLOSE 2023
-#define AUE_NFS_DELEGPURGE 2024
-#define AUE_NFS_DELEGRETURN 2025
-#define AUE_NFSv4_GETFH 2026
-#define AUE_NFS_LOCK 2027
-#define AUE_NFS_LOCKT 2028
-#define AUE_NFS_LOCKU 2029
-#define AUE_NFS_LOOKUPP 2030
-#define AUE_NFS_NVERIFY 2031
-#define AUE_NFS_OPEN 2032
-#define AUE_NFS_OPENATTR 2033
-#define AUE_NFS_OPENCONFIRM 2034
-#define AUE_NFS_OPENDOWNGRADE 2035
-#define AUE_NFS_PUTFH 2036
-#define AUE_NFS_PUTPUBFH 2037
-#define AUE_NFS_PUTROOTFH 2038
-#define AUE_NFS_RENEW 2039
-#define AUE_NFS_RESTOREFH 2040
-#define AUE_NFS_SAVEFH 2041
-#define AUE_NFS_SECINFO 2042
-#define AUE_NFS_SETCLIENTID 2043
-#define AUE_NFS_SETCLIENTIDCFRM 2044
-#define AUE_NFS_VERIFY 2045
-#define AUE_NFS_RELEASELCKOWN 2046
-#define AUE_NFS_OPEN_R 2047
-#define AUE_NFS_OPEN_RC 2048
-#define AUE_NFS_OPEN_RTC 2049
-#define AUE_NFS_OPEN_RT 2050
-#define AUE_NFS_OPEN_RW 2051
-#define AUE_NFS_OPEN_RWC 2052
-#define AUE_NFS_OPEN_RWTC 2053
-#define AUE_NFS_OPEN_RWT 2054
-#define AUE_NFS_OPEN_W 2055
-#define AUE_NFS_OPEN_WC 2056
-#define AUE_NFS_OPEN_WTC 2057
-#define AUE_NFS_OPEN_WT 2058
+#define AUE_NFS_CLOSE 3023
+#define AUE_NFS_DELEGPURGE 3024
+#define AUE_NFS_DELEGRETURN 3025
+#define AUE_NFSv4_GETFH 3026
+#define AUE_NFS_LOCK 3027
+#define AUE_NFS_LOCKT 3028
+#define AUE_NFS_LOCKU 3029
+#define AUE_NFS_LOOKUPP 3030
+#define AUE_NFS_NVERIFY 3031
+#define AUE_NFS_OPEN 3032
+#define AUE_NFS_OPENATTR 3033
+#define AUE_NFS_OPENCONFIRM 3034
+#define AUE_NFS_OPENDOWNGRADE 3035
+#define AUE_NFS_PUTFH 3036
+#define AUE_NFS_PUTPUBFH 3037
+#define AUE_NFS_PUTROOTFH 3038
+#define AUE_NFS_RENEW 3039
+#define AUE_NFS_RESTOREFH 3040
+#define AUE_NFS_SAVEFH 3041
+#define AUE_NFS_SECINFO 3042
+#define AUE_NFS_SETCLIENTID 3043
+#define AUE_NFS_SETCLIENTIDCFRM 3044
+#define AUE_NFS_VERIFY 3045
+#define AUE_NFS_RELEASELCKOWN 3046
+#define AUE_NFS_OPEN_R 3047
+#define AUE_NFS_OPEN_RC 3048
+#define AUE_NFS_OPEN_RTC 3049
+#define AUE_NFS_OPEN_RT 3050
+#define AUE_NFS_OPEN_RW 3051
+#define AUE_NFS_OPEN_RWC 3052
+#define AUE_NFS_OPEN_RWTC 3053
+#define AUE_NFS_OPEN_RWT 3054
+#define AUE_NFS_OPEN_W 3055
+#define AUE_NFS_OPEN_WC 3056
+#define AUE_NFS_OPEN_WTC 3057
+#define AUE_NFS_OPEN_WT 3058
/*
* Firewall Events
*/
-#define AUE_PFIL_ENABLE 3000
-#define AUE_PFIL_DISABLE 3001
+#define AUE_PFIL_ENABLE 4000
+#define AUE_PFIL_DISABLE 4001
/*
* Audit event identifiers added as part of OpenBSM, generally corresponding
More information about the p4-projects
mailing list