Date: Sun, 5 Nov 2006 23:30:56 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 109311 for review Message-ID: <200611052330.kA5NUupw009532@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=109311 Change 109311 by rwatson@rwatson_fledge on 2006/11/05 23:30:33 Support for printing BSM records as XML in praudit. Reviewed by: Martin Voros <martin_voros at yahoo dot com> Affected files ... .. //depot/projects/trustedbsd/openbsm/HISTORY#43 edit .. //depot/projects/trustedbsd/openbsm/README#21 edit .. //depot/projects/trustedbsd/openbsm/TODO#9 edit .. //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#12 edit .. //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#11 edit .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#31 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#42 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/HISTORY#43 (text+ko) ==== @@ -3,6 +3,7 @@ - compat/clock_gettime.h now provides a compatibility implementation of clock_gettime(), which fixes building on Mac OS X. - Countless man page fixes. +- praudit XML support via "praudit -x". OpenBSM 1.0 alpha 12 @@ -270,4 +271,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#42 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#43 $ ==== //depot/projects/trustedbsd/openbsm/README#21 (text+ko) ==== @@ -77,6 +77,7 @@ Pawel Worach Martin Englund Ruslan Ermilov + Martin Voros In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel Software's FlexeLint tool were used to identify a number of bugs in the @@ -98,4 +99,4 @@ http://www.TrustedBSD.org/ -$P4: //depot/projects/trustedbsd/openbsm/README#20 $ +$P4: //depot/projects/trustedbsd/openbsm/README#21 $ ==== //depot/projects/trustedbsd/openbsm/TODO#9 (text+ko) ==== @@ -1,4 +1,3 @@ -- Teach praudit how to general XML format BSM streams. - Teach libbsm about any additional 64-bit token types that are present in more recent Solaris versions. - Build a regression test suite for libbsm that generates each token @@ -20,4 +19,4 @@ - Put hostname in trail file name. - Document audit_warn event arguments. -$P4: //depot/projects/trustedbsd/openbsm/TODO#8 $ +$P4: //depot/projects/trustedbsd/openbsm/TODO#9 $ ==== //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#12 (text+ko) ==== @@ -25,9 +25,9 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#11 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#12 $ .\" -.Dd October 3, 2006 +.Dd November 5, 2006 .Dt PRAUDIT 1 .Os .Sh NAME @@ -35,7 +35,7 @@ .Nd "print the contents of audit trail files" .Sh SYNOPSIS .Nm -.Op Fl lp +.Op Fl lpx .Op Fl r | s .Op Fl d Ar del .Op Ar @@ -77,6 +77,8 @@ record and event type are displayed. This option is exclusive from .Fl r . +.It Fl x +Print audit records in the XML output format. .El .Pp If the raw or short forms are not specified, the default is to print the tokens ==== //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#11 (text+ko) ==== @@ -1,5 +1,6 @@ /* * Copyright (c) 2004 Apple Computer, Inc. + * Copyright (c) 2006 Martin Voros * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#10 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#11 $ */ /* @@ -34,7 +35,7 @@ */ /* - * praudit [-lp] [-r | -s] [-d del] [file ...] + * praudit [-lpx] [-r | -s] [-d del] [file ...] */ #include <bsm/libbsm.h> @@ -51,12 +52,14 @@ static int raw = 0; static int shortfrm = 0; static int partial = 0; +static int xml = 0; static void usage(void) { - fprintf(stderr, "usage: praudit [-lp] [-r | -s] [-d del] [file ...]\n"); + fprintf(stderr, "usage: praudit [-lpx] [-r | -s] [-d del] " + "[file ...]\n"); exit(1); } @@ -88,11 +91,17 @@ if (-1 == au_fetch_tok(&tok, buf + bytesread, reclen - bytesread)) break; - au_print_tok(stdout, &tok, del, raw, shortfrm); + if (xml) + au_print_tok_xml(stdout, &tok, del, raw, + shortfrm); + else + au_print_tok(stdout, &tok, del, raw, + shortfrm); bytesread += tok.len; - if (oneline) - printf("%s", del); - else + if (oneline) { + if (!xml) + printf("%s", del); + } else printf("\n"); } free(buf); @@ -109,7 +118,7 @@ int i; FILE *fp; - while ((ch = getopt(argc, argv, "d:lprs")) != -1) { + while ((ch = getopt(argc, argv, "d:lprsx")) != -1) { switch(ch) { case 'd': del = optarg; @@ -135,12 +144,19 @@ shortfrm = 1; break; + case 'x': + xml = 1; + break; + case '?': default: usage(); } } + if (xml) + au_print_xml_header(stdout); + /* For each of the files passed as arguments dump the contents. */ if (optind == argc) { print_tokens(stdin); @@ -153,5 +169,9 @@ if (fp != NULL) fclose(fp); } + + if (xml) + au_print_xml_footer(stdout); + return (1); } ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#31 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#31 $ */ #ifndef _LIBBSM_H_ @@ -771,6 +771,14 @@ //XXX The following interface has different prototype from BSM void au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm); +void au_print_tok_xml(FILE *outfp, tokenstr_t *tok, + char *del, char raw, char sfrm); + +/* + * Functions relating to XML output. + */ +void au_print_xml_header(FILE *outfp); +void au_print_xml_footer(FILE *outfp); __END_DECLS /* ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#42 (text+ko) ==== @@ -2,6 +2,7 @@ * Copyright (c) 2004 Apple Computer, Inc. * Copyright (c) 2005 SPARTA, Inc. * Copyright (c) 2006 Robert N. M. Watson + * Copyright (c) 2006 Martin Voros * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal @@ -31,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#42 $ */ #include <sys/types.h> @@ -126,6 +127,12 @@ } while (0) /* + * XML option. + */ +#define AU_PLAIN 0 +#define AU_XML 1 + +/* * Prints the delimiter string. */ static void @@ -207,16 +214,334 @@ } /* + * Prints the beggining of attribute. + */ +static void +open_attr(FILE *fp, u_char *str) +{ + + fprintf(fp,"%s=\"", str); +} + +/* + * Prints the end of attribute. + */ +static void +close_attr(FILE *fp) +{ + + fprintf(fp,"\" "); +} + +/* + * Prints the end of tag. + */ +static void +close_tag(FILE *fp, u_char type) +{ + + switch(type) { + case AUT_HEADER32: + fprintf(fp, ">"); + break; + + case AUT_HEADER32_EX: + fprintf(fp, ">"); + break; + + case AUT_HEADER64: + fprintf(fp, ">"); + break; + + case AUT_HEADER64_EX: + fprintf(fp, ">"); + break; + + case AUT_ARG32: + fprintf(fp, "/>"); + break; + + case AUT_ARG64: + fprintf(fp, "/>"); + break; + + case AUT_ATTR32: + fprintf(fp, "/>"); + break; + + case AUT_ATTR64: + fprintf(fp, "/>"); + break; + + case AUT_EXIT: + fprintf(fp, "/>"); + break; + + case AUT_EXEC_ARGS: + fprintf(fp, "</exec_args>"); + break; + + case AUT_EXEC_ENV: + fprintf(fp, "</exec_env>"); + break; + + case AUT_OTHER_FILE32: + fprintf(fp, "</file>"); + break; + + case AUT_NEWGROUPS: + fprintf(fp, "</group>"); + break; + + case AUT_IN_ADDR: + fprintf(fp, "</ip_address>"); + break; + + case AUT_IN_ADDR_EX: + fprintf(fp, "</ip_address>"); + break; + + case AUT_IP: + fprintf(fp, "/>"); + break; + + case AUT_IPC: + fprintf(fp, "/>"); + break; + + case AUT_IPC_PERM: + fprintf(fp, "/>"); + break; + + case AUT_IPORT: + fprintf(fp, "</ip_port>"); + break; + + case AUT_OPAQUE: + fprintf(fp, "</opaque>"); + break; + + case AUT_PATH: + fprintf(fp, "</path>"); + break; + + case AUT_PROCESS32: + fprintf(fp, "/>"); + break; + + case AUT_PROCESS32_EX: + fprintf(fp, "/>"); + break; + + case AUT_RETURN32: + fprintf(fp, "/>"); + break; + + case AUT_RETURN64: + fprintf(fp, "/>"); + break; + + case AUT_SEQ: + fprintf(fp, "/>"); + break; + + case AUT_SOCKET: + fprintf(fp, "/>"); + break; + + case AUT_SOCKINET32: + fprintf(fp, "/>"); + break; + + case AUT_SOCKUNIX: + fprintf(fp, "/>"); + break; + + case AUT_SUBJECT32: + fprintf(fp, "/>"); + break; + + case AUT_SUBJECT64: + fprintf(fp, "/>"); + break; + + case AUT_SUBJECT32_EX: + fprintf(fp, "/>"); + break; + + case AUT_TEXT: + fprintf(fp, "</text>"); + break; + + case AUT_SOCKET_EX: + fprintf(fp, "/>"); + break; + + case AUT_DATA: + fprintf(fp, "</arbitrary>"); + break; + } +} + +/* * Prints the token type in either the raw or the default form. */ static void -print_tok_type(FILE *fp, u_char type, const char *tokname, char raw) +print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, int xml) { - if (raw) - fprintf(fp, "%u", type); - else - fprintf(fp, "%s", tokname); + if (xml) { + switch(type) { + case AUT_HEADER32: + fprintf(fp, "<record "); + break; + + case AUT_HEADER32_EX: + fprintf(fp, "<record "); + break; + + case AUT_HEADER64: + fprintf(fp, "<record "); + break; + + case AUT_HEADER64_EX: + fprintf(fp, "<record "); + break; + + case AUT_TRAILER: + fprintf(fp, "</record>"); + break; + + case AUT_ARG32: + fprintf(fp, "<argument "); + break; + + case AUT_ARG64: + fprintf(fp, "<argument "); + break; + + case AUT_ATTR32: + fprintf(fp, "<attribute "); + break; + + case AUT_ATTR64: + fprintf(fp, "<attribute "); + break; + + case AUT_EXIT: + fprintf(fp, "<exit "); + break; + + case AUT_EXEC_ARGS: + fprintf(fp, "<exec_args>"); + break; + + case AUT_EXEC_ENV: + fprintf(fp, "<exec_env>"); + break; + + case AUT_OTHER_FILE32: + fprintf(fp, "<file "); + break; + + case AUT_NEWGROUPS: + fprintf(fp, "<group>"); + break; + + case AUT_IN_ADDR: + fprintf(fp, "<ip_address>"); + break; + + case AUT_IN_ADDR_EX: + fprintf(fp, "<ip_address>"); + break; + + case AUT_IP: + fprintf(fp, "<ip "); + break; + + case AUT_IPC: + fprintf(fp, "<IPC"); + break; + + case AUT_IPC_PERM: + fprintf(fp, "<IPC_perm "); + break; + + case AUT_IPORT: + fprintf(fp, "<ip_port>"); + break; + + case AUT_OPAQUE: + fprintf(fp, "<opaque>"); + break; + + case AUT_PATH: + fprintf(fp, "<path>"); + break; + + case AUT_PROCESS32: + fprintf(fp, "<process "); + break; + + case AUT_PROCESS32_EX: + fprintf(fp, "<process "); + break; + + case AUT_RETURN32: + fprintf(fp, "<return "); + break; + + case AUT_RETURN64: + fprintf(fp, "<return "); + break; + + case AUT_SEQ: + fprintf(fp, "<sequence "); + break; + + case AUT_SOCKET: + fprintf(fp, "<socket "); + break; + + case AUT_SOCKINET32: + fprintf(fp, "<old_socket"); + break; + + case AUT_SOCKUNIX: + fprintf(fp, "<old_socket"); + break; + + case AUT_SUBJECT32: + fprintf(fp, "<subject "); + break; + + case AUT_SUBJECT64: + fprintf(fp, "<subject "); + break; + + case AUT_SUBJECT32_EX: + fprintf(fp, "<subject "); + break; + + case AUT_TEXT: + fprintf(fp, "<text>"); + break; + + case AUT_SOCKET_EX: + fprintf(fp, "<socket "); + break; + + case AUT_DATA: + fprintf(fp, "<arbitrary "); + break; + } + } else { + if (raw) + fprintf(fp, "%u", type); + else + fprintf(fp, "%s", tokname); + } } /* @@ -455,6 +780,27 @@ } /* + * Print XML header. + */ +void +au_print_xml_header(FILE *outfp) +{ + + fprintf(outfp, "<?xml version='1.0' ?>\n"); + fprintf(outfp, "<audit>\n"); +} + +/* + * Print XML footer. + */ +void +au_print_xml_footer(FILE *outfp) +{ + + fprintf(outfp, "</audit>\n"); +} + +/* * record byte count 4 bytes * version # 1 byte [2] * event type 2 bytes @@ -495,22 +841,42 @@ } static void -print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) +print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, + int xml) { - print_tok_type(fp, tok->id, "header", raw); - print_delim(fp, del); - print_4_bytes(fp, tok->tt.hdr32.size, "%u"); - print_delim(fp, del); - print_1_byte(fp, tok->tt.hdr32.version, "%u"); - print_delim(fp, del); - print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); - print_delim(fp, del); - print_evmod(fp, tok->tt.hdr32.e_mod, raw); - print_delim(fp, del); - print_sec32(fp, tok->tt.hdr32.s, raw); - print_delim(fp, del); - print_msec32(fp, tok->tt.hdr32.ms, raw); + print_tok_type(fp, tok->id, "header", raw, xml); + if (xml) { + open_attr(fp, "version"); + print_1_byte(fp, tok->tt.hdr32.version, "%u"); + close_attr(fp); + open_attr(fp, "event"); + print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); + close_attr(fp); + open_attr(fp, "modifier"); + print_evmod(fp, tok->tt.hdr32.e_mod, raw); + close_attr(fp); + open_attr(fp, "time"); + print_sec32(fp, tok->tt.hdr32.s, raw); + close_attr(fp); + open_attr(fp, "msec"); + print_msec32(fp, tok->tt.hdr32.ms, 1); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_4_bytes(fp, tok->tt.hdr32.size, "%u"); + print_delim(fp, del); + print_1_byte(fp, tok->tt.hdr32.version, "%u"); + print_delim(fp, del); + print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); + print_delim(fp, del); + print_evmod(fp, tok->tt.hdr32.e_mod, raw); + print_delim(fp, del); + print_sec32(fp, tok->tt.hdr32.s, raw); + print_delim(fp, del); + print_msec32(fp, tok->tt.hdr32.ms, raw); + } } /* @@ -584,25 +950,50 @@ static void print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - char sfrm) + char sfrm, int xml) { - print_tok_type(fp, tok->id, "header_ex", raw); - print_delim(fp, del); - print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u"); - print_delim(fp, del); - print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); - print_delim(fp, del); - print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); - print_delim(fp, del); - print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); - print_delim(fp, del); - print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, - tok->tt.hdr32_ex.addr); - print_delim(fp, del); - print_sec32(fp, tok->tt.hdr32_ex.s, raw); - print_delim(fp, del); - print_msec32(fp, tok->tt.hdr32_ex.ms, raw); + print_tok_type(fp, tok->id, "header_ex", raw, xml); + if (xml) { + open_attr(fp, "version"); + print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); + close_attr(fp); + open_attr(fp, "event"); + print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); + close_attr(fp); + open_attr(fp, "modifier"); + print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); + close_attr(fp); + /* + * No attribute for additional types. + * + print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, + tok->tt.hdr32_ex.addr); + */ + open_attr(fp, "time"); + print_sec32(fp, tok->tt.hdr32_ex.s, raw); + close_attr(fp); + open_attr(fp, "msec"); + print_msec32(fp, tok->tt.hdr32_ex.ms, raw); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u"); + print_delim(fp, del); + print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); + print_delim(fp, del); + print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); + print_delim(fp, del); + print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, + tok->tt.hdr32_ex.addr); + print_delim(fp, del); + print_sec32(fp, tok->tt.hdr32_ex.s, raw); + print_delim(fp, del); + print_msec32(fp, tok->tt.hdr32_ex.ms, raw); + } } /* @@ -646,23 +1037,44 @@ } static void -print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) +print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, + int xml) { + + print_tok_type(fp, tok->id, "header", raw, xml); + if (xml) { + open_attr(fp, "version"); + print_1_byte(fp, tok->tt.hdr64.version, "%u"); + close_attr(fp); + open_attr(fp, "event"); + print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); + close_attr(fp); + open_attr(fp, "modifier"); + print_evmod(fp, tok->tt.hdr64.e_mod, raw); + close_attr(fp); + open_attr(fp, "time"); + print_sec64(fp, tok->tt.hdr64.s, raw); + close_attr(fp); + open_attr(fp, "msec"); + print_msec64(fp, tok->tt.hdr64.ms, raw); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_4_bytes(fp, tok->tt.hdr64.size, "%u"); + print_delim(fp, del); + print_1_byte(fp, tok->tt.hdr64.version, "%u"); + print_delim(fp, del); + print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); + print_delim(fp, del); + print_evmod(fp, tok->tt.hdr64.e_mod, raw); + print_delim(fp, del); + print_sec64(fp, tok->tt.hdr64.s, raw); + print_delim(fp, del); + print_msec64(fp, tok->tt.hdr64.ms, raw); + } +} - print_tok_type(fp, tok->id, "header", raw); - print_delim(fp, del); - print_4_bytes(fp, tok->tt.hdr64.size, "%u"); - print_delim(fp, del); - print_1_byte(fp, tok->tt.hdr64.version, "%u"); - print_delim(fp, del); - print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); - print_delim(fp, del); - print_evmod(fp, tok->tt.hdr64.e_mod, raw); - print_delim(fp, del); - print_sec64(fp, tok->tt.hdr64.s, raw); - print_delim(fp, del); - print_msec64(fp, tok->tt.hdr64.ms, raw); -} /* * record byte count 4 bytes * version # 1 byte [2] @@ -729,25 +1141,51 @@ } static void -print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) +print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + char sfrm, int xml) { - print_tok_type(fp, tok->id, "header_ex", raw); - print_delim(fp, del); - print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u"); - print_delim(fp, del); - print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); - print_delim(fp, del); - print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); - print_delim(fp, del); - print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); - print_delim(fp, del); - print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, - tok->tt.hdr64_ex.addr); - print_delim(fp, del); - print_sec64(fp, tok->tt.hdr64_ex.s, raw); - print_delim(fp, del); - print_msec64(fp, tok->tt.hdr64_ex.ms, raw); + print_tok_type(fp, tok->id, "header_ex", raw, xml); + if (xml) { + open_attr(fp, "version"); + print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); + close_attr(fp); + open_attr(fp, "event"); + print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); + close_attr(fp); + open_attr(fp, "modifier"); + print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); + close_attr(fp); + /* + * No attribute for additional types. + * + print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, + tok->tt.hdr64_ex.addr); + */ + open_attr(fp, "time"); + print_sec64(fp, tok->tt.hdr64_ex.s, raw); + close_attr(fp); + open_attr(fp, "msec"); + print_msec64(fp, tok->tt.hdr64_ex.ms, raw); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u"); + print_delim(fp, del); + print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); + print_delim(fp, del); + print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); + print_delim(fp, del); + print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, + tok->tt.hdr64_ex.addr); + print_delim(fp, del); + print_sec64(fp, tok->tt.hdr64_ex.s, raw); + print_delim(fp, del); + print_msec64(fp, tok->tt.hdr64_ex.ms, raw); + } } /* @@ -772,12 +1210,14 @@ static void print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm) + __unused char sfrm, int xml) { - print_tok_type(fp, tok->id, "trailer", raw); - print_delim(fp, del); - print_4_bytes(fp, tok->tt.trail.count, "%u"); + print_tok_type(fp, tok->id, "trailer", raw, xml); + if (!xml) { + print_delim(fp, del); + print_4_bytes(fp, tok->tt.trail.count, "%u"); + } } /* @@ -813,16 +1253,28 @@ static void print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm) + __unused char sfrm, int xml) { - print_tok_type(fp, tok->id, "argument", raw); - print_delim(fp, del); - print_1_byte(fp, tok->tt.arg32.no, "%u"); - print_delim(fp, del); - print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); - print_delim(fp, del); - print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len); + print_tok_type(fp, tok->id, "argument", raw, xml); + if (xml) { + open_attr(fp, "arg-num"); + print_1_byte(fp, tok->tt.arg32.no, "%u"); + close_attr(fp); + open_attr(fp, "value"); + print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); + close_attr(fp); + open_attr(fp, "desc"); + print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_1_byte(fp, tok->tt.arg32.no, "%u"); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); + print_delim(fp, del); + } } static int @@ -852,16 +1304,29 @@ static void print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm) + __unused char sfrm, int xml) { - print_tok_type(fp, tok->id, "argument", raw); - print_delim(fp, del); - print_1_byte(fp, tok->tt.arg64.no, "%u"); - print_delim(fp, del); - print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); - print_delim(fp, del); - print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); + print_tok_type(fp, tok->id, "argument", raw, xml); + if (xml) { + open_attr(fp, "arg-num"); + print_1_byte(fp, tok->tt.arg64.no, "%u"); + close_attr(fp); + open_attr(fp, "value"); + print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); + close_attr(fp); + open_attr(fp, "desc"); + print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_1_byte(fp, tok->tt.arg64.no, "%u"); + print_delim(fp, del); + print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); + print_delim(fp, del); + print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); + } } /* @@ -924,15 +1389,16 @@ static void print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, - __unused char sfrm) + __unused char sfrm, int xml) { char *str; char *format; size_t size; int i; - print_tok_type(fp, tok->id, "arbitrary", raw); - print_delim(fp, del); + print_tok_type(fp, tok->id, "arbitrary", raw, xml); + if (!xml) + print_delim(fp, del); switch(tok->tt.arb.howtopr) { case AUP_BINARY: @@ -964,56 +1430,125 @@ >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611052330.kA5NUupw009532>