PERFORCE change 141767 for review

[Diego Giagio]

http://perforce.freebsd.org/chv.cgi?CH=141767

Change 141767 by diego at diego_black on 2008/05/17 14:14:58

	- Minimize code duplication
	- Improve comments

Affected files ...

.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#4 edit

Differences ...

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#4 (text+ko) ====

@@ -40,42 +40,45 @@
 #include <security/audit/audit.h>
 #include <security/audit/audit_private.h>
 
-static void
-audit_enable_common(char *name, int error)
+/*
+ * Create a new audit record. Also add a text token with packet filter's name
+ * to the record. This function may return NULL.
+ */
+static struct kaudit_record *
+audit_pfil_begin(int event, char *name)
 {
 	struct kaudit_record *ar;
 
-	ar = audit_begin(AUE_PFIL_ENABLE, curthread);
+	ar = audit_begin(event, curthread /* XXXDG */);
 	if (ar == NULL)
-		return;
+		return NULL;
 
 	audit_record_arg_text(ar, name);
-	audit_commit(ar, error, 0);
+	return (ar);
 }
 
-static void
-audit_disable_common(char *name, int error)
+void
+audit_ipfw_enable(int error)
 {
 	struct kaudit_record *ar;
 
-	ar = audit_begin(AUE_PFIL_DISABLE, curthread);
+	ar = audit_pfil_begin(AUE_PFIL_ENABLE, "ipfw");
 	if (ar == NULL)
 		return;
 
-	audit_record_arg_text(ar, name);
 	audit_commit(ar, error, 0);
 }
 
 void
-audit_ipfw_enable(int error)
+audit_ipfw_disable(int error)
 {
-	audit_enable_common("ipfw", error);
-}
+	struct kaudit_record *ar;
+
+	ar = audit_pfil_begin(AUE_PFIL_DISABLE, "ipfw");
+	if (ar == NULL)
+		return;
 
-void
-audit_ipfw_disable(int error)
-{
-	audit_disable_common("ipfw", error);
+	audit_commit(ar, error, 0);
 }
 
 void
@@ -83,12 +86,11 @@
 {
 	struct kaudit_record *ar;
 
-	ar = audit_begin(AUE_PFIL_POLICY_ADDRULE, curthread);
+	ar = audit_pfil_begin(AUE_PFIL_POLICY_ADDRULE, "ipfw");
 	if (ar == NULL)
 		return;
 
-	audit_record_arg_text(ar, "ipfw");
-	/* XXX tokens */
+	/* XXXDG: add tokens */
 	audit_commit(ar, error, 0);
 }
 
@@ -97,12 +99,11 @@
 {
 	struct kaudit_record *ar;
 
-	ar = audit_begin(AUE_PFIL_POLICY_DELRULE, curthread);
+	ar = audit_pfil_begin(AUE_PFIL_POLICY_DELRULE, "ipfw");
 	if (ar == NULL)
 		return;
 
-	audit_record_arg_text(ar, "ipfw");
-	/* XXX tokens */
+	/* XXXDG: add tokens */
 	audit_commit(ar, error, 0);
 }
 
@@ -111,12 +112,11 @@
 {
 	struct kaudit_record *ar;
 
-	ar = audit_begin(AUE_PFIL_POLICY_FLUSH, curthread);
+	ar = audit_pfil_begin(AUE_PFIL_POLICY_FLUSH, "ipfw");
 	if (ar == NULL)
 		return;
 
-	audit_record_arg_text(ar, "ipfw");
-	/* XXX tokens */
+	/* XXXDG: add tokens */
 	audit_commit(ar, error, 0);
 }
 
@@ -125,24 +125,35 @@
 {
 	struct kaudit_record *ar;
 
-	ar = audit_begin(AUE_PFIL_POLICY_TABLE, curthread);
+	ar = audit_pfil_begin(AUE_PFIL_POLICY_TABLE, "ipfw");
 	if (ar == NULL)
 		return;
 
-	audit_record_arg_text(ar, "ipfw");
-	/* XXX tokens */
+	/* XXXDG: add tokens */
 	audit_commit(ar, error, 0);
 }
 
 void
 audit_pf_enable(int error)
 {
-	audit_enable_common("pf", error);
+	struct kaudit_record *ar;
+
+	ar = audit_pfil_begin(AUE_PFIL_ENABLE, "pf");
+	if (ar == NULL)
+		return;
+
+	audit_commit(ar, error, 0);
 }
 
 void
 audit_pf_disable(int error)
 {
-	audit_disable_common("pf", error);
+	struct kaudit_record *ar;
+
+	ar = audit_pfil_begin(AUE_PFIL_DISABLE, "pf");
+	if (ar == NULL)
+		return;
+
+	audit_commit(ar, error, 0);
 }