Date: Sat, 17 May 2008 14:15:49 GMT From: Diego Giagio <diego@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 141767 for review Message-ID: <200805171415.m4HEFnW2074169@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=141767 Change 141767 by diego@diego_black on 2008/05/17 14:14:58 - Minimize code duplication - Improve comments Affected files ... .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#4 edit Differences ... ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#4 (text+ko) ==== @@ -40,42 +40,45 @@ #include <security/audit/audit.h> #include <security/audit/audit_private.h> -static void -audit_enable_common(char *name, int error) +/* + * Create a new audit record. Also add a text token with packet filter's name + * to the record. This function may return NULL. + */ +static struct kaudit_record * +audit_pfil_begin(int event, char *name) { struct kaudit_record *ar; - ar = audit_begin(AUE_PFIL_ENABLE, curthread); + ar = audit_begin(event, curthread /* XXXDG */); if (ar == NULL) - return; + return NULL; audit_record_arg_text(ar, name); - audit_commit(ar, error, 0); + return (ar); } -static void -audit_disable_common(char *name, int error) +void +audit_ipfw_enable(int error) { struct kaudit_record *ar; - ar = audit_begin(AUE_PFIL_DISABLE, curthread); + ar = audit_pfil_begin(AUE_PFIL_ENABLE, "ipfw"); if (ar == NULL) return; - audit_record_arg_text(ar, name); audit_commit(ar, error, 0); } void -audit_ipfw_enable(int error) +audit_ipfw_disable(int error) { - audit_enable_common("ipfw", error); -} + struct kaudit_record *ar; + + ar = audit_pfil_begin(AUE_PFIL_DISABLE, "ipfw"); + if (ar == NULL) + return; -void -audit_ipfw_disable(int error) -{ - audit_disable_common("ipfw", error); + audit_commit(ar, error, 0); } void @@ -83,12 +86,11 @@ { struct kaudit_record *ar; - ar = audit_begin(AUE_PFIL_POLICY_ADDRULE, curthread); + ar = audit_pfil_begin(AUE_PFIL_POLICY_ADDRULE, "ipfw"); if (ar == NULL) return; - audit_record_arg_text(ar, "ipfw"); - /* XXX tokens */ + /* XXXDG: add tokens */ audit_commit(ar, error, 0); } @@ -97,12 +99,11 @@ { struct kaudit_record *ar; - ar = audit_begin(AUE_PFIL_POLICY_DELRULE, curthread); + ar = audit_pfil_begin(AUE_PFIL_POLICY_DELRULE, "ipfw"); if (ar == NULL) return; - audit_record_arg_text(ar, "ipfw"); - /* XXX tokens */ + /* XXXDG: add tokens */ audit_commit(ar, error, 0); } @@ -111,12 +112,11 @@ { struct kaudit_record *ar; - ar = audit_begin(AUE_PFIL_POLICY_FLUSH, curthread); + ar = audit_pfil_begin(AUE_PFIL_POLICY_FLUSH, "ipfw"); if (ar == NULL) return; - audit_record_arg_text(ar, "ipfw"); - /* XXX tokens */ + /* XXXDG: add tokens */ audit_commit(ar, error, 0); } @@ -125,24 +125,35 @@ { struct kaudit_record *ar; - ar = audit_begin(AUE_PFIL_POLICY_TABLE, curthread); + ar = audit_pfil_begin(AUE_PFIL_POLICY_TABLE, "ipfw"); if (ar == NULL) return; - audit_record_arg_text(ar, "ipfw"); - /* XXX tokens */ + /* XXXDG: add tokens */ audit_commit(ar, error, 0); } void audit_pf_enable(int error) { - audit_enable_common("pf", error); + struct kaudit_record *ar; + + ar = audit_pfil_begin(AUE_PFIL_ENABLE, "pf"); + if (ar == NULL) + return; + + audit_commit(ar, error, 0); } void audit_pf_disable(int error) { - audit_disable_common("pf", error); + struct kaudit_record *ar; + + ar = audit_pfil_begin(AUE_PFIL_DISABLE, "pf"); + if (ar == NULL) + return; + + audit_commit(ar, error, 0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805171415.m4HEFnW2074169>