audit2 for -current

Ilmar S. Habibulin ilmar at
Fri Mar 26 10:21:48 GMT 2004

On Thu, 25 Mar 2004, Robert Watson wrote:

> I've merged the two memory allocation changes you made back into the
> Perforce branch (pathp -> *pathp) -- that bug was introduced in the
> conversion from Darwin Mach memory allocation to FreeBSD memory
> allocation.
Well, there is also critical struct proc modification and vn_fullpath().

> I think these changes are actually reflective of a bug in the merge from
> Darwin -- in Darwin, dev_t is the same in userspace and kernel, but in
> FreeBSD, dev_t is a kernel pointer in kernel, but the same as dev_t in
> Darwin in userspace (and in kernel it's represented by udev_t).  I thought
Heh, i suppose i was very tired because i was unable to find the pointer
difinition of dev_t. ;-) So i have to made such complec casting.

> I'd caught all the references, but apparently not.  For now, in FreeBSD,
> kernel use of dev_t needs to be converted to udev_t, and probably #ifdef'd
> based on _KERNEL.  I think the real fix is to convert dev_t in FreeBSD
> back to the same as udev_t, and change the kernel code not to confuse
> dev_t and cdev pointers; this wasn't such a big deal before audit, because
And why not simply use udev_t in audit headers?

PS. The problem with praudit persists. I have little experience in
userland programming, so maybe i've made some stupid mistake and someone
will point me on it.

PSS. solaris log is not so easy to parse, because they are using record
versioning and i failed to find info on differences in tokens between
versions. Also my parser found strange token, which is absent in headers.
Maybe it's just parser bug. Will turn on blade to figure out.

To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-audit" in the body of the message

More information about the trustedbsd-audit mailing list