Date: Wed, 27 Aug 2008 02:26:34 GMT From: Diego Giagio <diego@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 148573 for review Message-ID: <200808270226.m7R2QYAq065751@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148573 Change 148573 by diego@diego_black on 2008/08/27 02:25:54 Kernel-land part of 'audit' keyword support for ipfw. Affected files ... .. //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw.h#5 edit .. //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw2.c#10 edit Differences ... ==== //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw.h#5 (text+ko) ==== @@ -102,7 +102,7 @@ O_PROBE_STATE, /* none */ O_KEEP_STATE, /* none */ - //O_AUDIT, /* none */ + O_AUDIT, /* none */ O_LIMIT, /* ipfw_insn_limit */ O_LIMIT_PARENT, /* dyn_type, not an opcode. */ ==== //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw2.c#10 (text+ko) ==== @@ -1066,7 +1066,7 @@ /* remove a refcount to the parent */ \ if (q->dyn_type == O_LIMIT) \ q->parent->count--; \ - /*if (q->dyn_type == O_AUDIT) { */ \ + if (q->dyn_type == O_AUDIT) { \ AUDIT_PFIL_ENTER(AUE_PFIL_FLOW_END, td, error); \ if (error == 0) { \ AUDIT_ARG(text, "ipfw"); \ @@ -1075,7 +1075,7 @@ AUDIT_ARG(socket_ex, AF_INET, SOCK_STREAM, \ (struct sockaddr *)&lsin, (struct sockaddr *)&rsin); \ } \ - /*}*/ \ + } \ if (!error) { \ DEB(printf( \ "ipfw: unlink entry 0x%08x %d -> 0x%08x %d, %d left\n", \ @@ -1384,7 +1384,7 @@ IPFW_DYN_LOCK_ASSERT(); - //if (dyn_type == O_AUDIT) + if (dyn_type == O_AUDIT) { AUDIT_PFIL_ENTER(AUE_PFIL_FLOW_BEGIN, td, error); if (error != 0) @@ -1441,7 +1441,7 @@ V_dyn_count ); ) done: - //if (dyn_type == O_AUDIT) + if (dyn_type == O_AUDIT) AUDIT_PFIL_EXIT(error, td); return r; } @@ -1540,7 +1540,8 @@ switch (cmd->o.opcode) { case O_KEEP_STATE: /* bidir rule */ - add_dyn_rule(&args->f_id, O_KEEP_STATE, rule); + case O_AUDIT: + add_dyn_rule(&args->f_id, cmd->o.opcode, rule); break; case O_LIMIT: { /* limit number of sessions */ @@ -3199,6 +3200,7 @@ */ case O_LIMIT: case O_KEEP_STATE: + case O_AUDIT: if (install_state(f, (ipfw_insn_limit *)cmd, args, tablearg)) { retval = IP_FW_DENY; @@ -3881,6 +3883,7 @@ switch (cmd->opcode) { case O_PROBE_STATE: case O_KEEP_STATE: + case O_AUDIT: case O_PROTO: case O_IP_SRC_ME: case O_IP_DST_ME:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808270226.m7R2QYAq065751>