Date: Mon, 18 Feb 2008 05:40:09 GMT From: Aaron Meihm <alm@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 135627 for review Message-ID: <200802180540.m1I5e96E051034@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=135627 Change 135627 by alm@alm_praetorian on 2008/02/18 05:39:14 Various code cleanup. Introduce srcbuffer struct for incoming records from network peers. Affected files ... .. //depot/projects/trustedbsd/netauditd/netauditd.c#5 edit .. //depot/projects/trustedbsd/netauditd/netauditd.conf#3 edit .. //depot/projects/trustedbsd/netauditd/netauditd.h#3 edit Differences ... ==== //depot/projects/trustedbsd/netauditd/netauditd.c#5 (text+ko) ==== @@ -112,7 +112,7 @@ TAILQ_REMOVE(&ptr->ac_oq, a, aq_glue); a->aq_ptr->ar_refcount--; if (a->aq_ptr->ar_refcount == 0) { - free(a->aq_ptr->ar_sbuf); + free(a->aq_ptr->ar_rec); free(a->aq_ptr); } free(a); @@ -242,33 +242,6 @@ return (0); } -int -conf_parse_dst_net(args_t *a) -{ - struct addrinfo hints; - struct au_cmpnt *new; - int error; - - new = malloc(sizeof(struct au_cmpnt)); - if (new == NULL) - exit(2); - memset(new, 0, sizeof(struct au_cmpnt)); - if ((new->ac_name = strdup(a->args[1])) == NULL) - exit(2); - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(a->args[3], a->args[4], &hints, &new->ac_ainfo); - if (error) - return (-1); - new->ac_type = NETAUDIT_DST_NET; - if (conf_link_consumers(new, a, 5) == -1) - return (-1); - TAILQ_INIT(&new->ac_oq); - TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue); - return (0); -} - args_t * conf_parse_args(char *buf) { @@ -422,6 +395,9 @@ if (au->ac_fd == -1) err(1, "%s", au->ac_path); break; + case NETAUDIT_SRC_NET: + netaudit_socket_listen(au); + break; default: exit(2); } @@ -514,8 +490,8 @@ dprintf("consumer %s running output queue\n", au->ac_name); r = q->aq_ptr; - s = r->ar_sbuflen - q->aq_remain; - ret = write(au->ac_fd, r->ar_sbuf + s, + s = r->ar_reclen - q->aq_remain; + ret = write(au->ac_fd, r->ar_rec + s, q->aq_remain); if (ret == -1) { if (errno == EAGAIN) @@ -532,7 +508,7 @@ free(q); r->ar_refcount--; if (r->ar_refcount == 0) { - free(r->ar_sbuf); + free(r->ar_rec); free(r); } } @@ -555,7 +531,7 @@ exit(2); memset(new, 0, sizeof(struct au_queue_ent)); new->aq_ptr = rec; - new->aq_remain = rec->ar_sbuflen; + new->aq_remain = rec->ar_reclen; TAILQ_INSERT_TAIL(&au->ac_consumers[i]->ac_oq, new, aq_glue); dprintf("queued %p: %s\n", rec, au->ac_consumers[i]->ac_name); } @@ -568,24 +544,52 @@ if ((new = malloc(sizeof(struct au_recbuf))) == NULL) exit(2); - if ((new->ar_sbuf = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) + if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) exit(2); /* * XXXCSJP: It is possible that the audit record will be greater then * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it. */ - new->ar_sbuflen = read(au->ac_fd, new->ar_sbuf, NETAUDIT_PIPE_BUFSIZE); - if (new->ar_sbuflen == -1) { + new->ar_reclen = read(au->ac_fd, new->ar_rec, NETAUDIT_PIPE_BUFSIZE); + if (new->ar_reclen == -1) { if (errno != EAGAIN) exit(2); else return; } - dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_sbuflen); + dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_reclen); netaudit_queue_record(au, new); } void +netaudit_socket_listen(struct au_cmpnt *au) +{ + struct addrinfo *addrptr; + int flags; + + addrptr = au->ac_ainfo; + au->ac_fd = socket(addrptr->ai_family, addrptr->ai_socktype, + addrptr->ai_protocol); + if (au->ac_fd == -1) + err(1, "socket"); + if (bind(au->ac_fd, addrptr->ai_addr, addrptr->ai_addrlen) == -1) + err(1, "bind"); + if (listen(au->ac_fd, 16) == -1) + err(1, "listen"); + if ((flags = fcntl(au->ac_fd, F_GETFL)) == -1) + exit(2); + flags |= O_NONBLOCK; + if (fcntl(au->ac_fd, F_SETFL, flags) == -1) + exit(2); +} + +int +netaudit_socket_read(struct au_cmpnt *au) +{ + return (0); +} + +void usage() { fputs("usage: netauditd [-dh] [-f path]\n", stderr); ==== //depot/projects/trustedbsd/netauditd/netauditd.conf#3 (text+ko) ==== @@ -1,8 +1,7 @@ -# $Id: netauditd.conf,v 1.3 2008/02/14 05:13:47 alm Exp $ +# netauditd configuration file src src0 pipe /dev/auditpipe -#src src1 net 0.0.0.0 9999 +src src1 net 0.0.0.0 9999 -dst dst0 trail /tmp/src0/trail src0 - +dst dst0 trail /tmp/src0/trail src1 dst dst1 net 127.0.0.1 9999 src0 ==== //depot/projects/trustedbsd/netauditd/netauditd.h#3 (text+ko) ==== @@ -37,9 +37,9 @@ #define NETAUDIT_DST_NET 2 struct au_recbuf { - void *ar_sbuf; /* Store buffer */ - u_int32_t ar_sbuflen; /* Buffer data length */ - u_int32_t ar_refcount; + void *ar_rec; + u_int32_t ar_reclen; + u_int32_t ar_refcount; }; struct au_queue_ent { @@ -48,18 +48,28 @@ TAILQ_ENTRY(au_queue_ent) aq_glue; }; +struct au_srcbuffer { + struct au_cmpnt *sb_parent; + int sb_fd; + u_int32_t sb_reclen; + u_char *sb_rec; + u_char sb_buf[8192]; + u_char sb_header[5]; + TAILQ_ENTRY(au_srcbuffer) sb_glue; +}; + struct au_cmpnt { - char *ac_name; /* Component name */ - int ac_type; /* Component type */ - int ac_fd; /* Component fd */ - int ac_established; - int ac_remain; - char *ac_path; /* Component path */ - struct addrinfo *ac_ainfo; - struct au_cmpnt **ac_consumers; /* Consumer list */ - unsigned int ac_nconsumers; - TAILQ_HEAD(ac_oq, au_queue_ent) ac_oq; /* Output queue */ - TAILQ_ENTRY(au_cmpnt) ac_glue; + char *ac_name; + int ac_type; + int ac_fd; + int ac_established; + char *ac_path; + struct addrinfo *ac_ainfo; + struct au_cmpnt **ac_consumers; + unsigned int ac_nconsumers; + TAILQ_HEAD(ac_oq, au_queue_ent) ac_oq; + TAILQ_HEAD(ac_sbufq, au_srcbuffer) ac_sbufq; + TAILQ_ENTRY(au_cmpnt) ac_glue; }; typedef struct _args_t { @@ -76,8 +86,6 @@ void conf_parse(char *, int); int conf_parse_src_pipe(args_t *); int conf_parse_dst_trail(args_t *); -int conf_parse_dst_net(args_t *); -int conf_parse_src_net(args_t *); int conf_parse_net(args_t *); args_t *conf_parse_args(char *); void conf_free_args(args_t *); @@ -87,4 +95,6 @@ void netaudit_queue_record(struct au_cmpnt *, struct au_recbuf *); void netaudit_pipe_read(struct au_cmpnt *); void netaudit_run(void); +void netaudit_socket_listen(struct au_cmpnt *); +int netaudit_socket_read(struct au_cmpnt *); void usage(void);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802180540.m1I5e96E051034>