From owner-p4-projects@FreeBSD.ORG  Sun Aug 17 03:26:57 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D5E041065678; Sun, 17 Aug 2008 03:26:56 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 81D091065675
	for <perforce@FreeBSD.org>; Sun, 17 Aug 2008 03:26:56 +0000 (UTC)
	(envelope-from diego@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 708DD8FC13
	for <perforce@FreeBSD.org>; Sun, 17 Aug 2008 03:26:56 +0000 (UTC)
	(envelope-from diego@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7H3QuDL032293
	for <perforce@FreeBSD.org>; Sun, 17 Aug 2008 03:26:56 GMT
	(envelope-from diego@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7H3QuPu032291
	for perforce@freebsd.org; Sun, 17 Aug 2008 03:26:56 GMT
	(envelope-from diego@FreeBSD.org)
Date: Sun, 17 Aug 2008 03:26:56 GMT
Message-Id: <200808170326.m7H3QuPu032291@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	diego@FreeBSD.org using -f
From: Diego Giagio <diego@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 147628 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Aug 2008 03:26:57 -0000

http://perforce.freebsd.org/chv.cgi?CH=147628

Change 147628 by diego@diego_black on 2008/08/17 03:26:41

	Also forgot to submit this one. Need some coffee.

Affected files ...

.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#15 edit

Differences ...

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#15 (text) ====

@@ -127,30 +127,22 @@
 /*
  * Functions for auditing packet filter events.
  */
-void	 audit_pfil_enter(unsigned short event, struct thread *td);
+int	 audit_pfil_enter(unsigned short event, struct thread *td);
 void	 audit_pfil_exit(int error, struct thread *td);
 
-void	 audit_ipfw_enable(int error);
-void	 audit_ipfw_disable(int error);
-void	 audit_ipfw_addrule(int set, int rulenum, int error);
-void	 audit_ipfw_delrule(int set, int rulenum, int error);
-void	 audit_ipfw_flush(int error);
-void	 audit_ipfw_addtable(u_int table, int error);
-void	 audit_ipfw_deltable(u_int table, int error);
-void	 audit_ipfw_flushtable(u_int table, int error);
+void	 audit_ipfw_enable(void);
+void	 audit_ipfw_disable(void);
+void	 audit_ipfw_addrule(int set, int rulenum);
+void	 audit_ipfw_delrule(int set, int rulenum);
+void	 audit_ipfw_flush(void);
+void	 audit_ipfw_addtable(u_int table);
+void	 audit_ipfw_deltable(u_int table);
+void	 audit_ipfw_flushtable(u_int table);
 void	 audit_ipfw_flow4_begin(u_int32_t src, u_int16_t src_port,
-	u_int32_t dst, u_int16_t dst_port, int error);
+	u_int32_t dst, u_int16_t dst_port);
 struct	in6_addr;
 void	 audit_ipfw_flow6_begin(struct in6_addr *src, u_int16_t src_port,
-	struct in6_addr *dst, u_int16_t dst_port, int error);
-
-void	 audit_pf_enable(int error);
-void	 audit_pf_disable(int error);
-void	 audit_pf_addrule(char *anchor, int nrules, int error);
-void	 audit_pf_delrule(char *anchor, int error);
-void	 audit_pf_flush(char *anchor, int nrules, int error);
-void	 audit_pf_addtable(char *anchor, char *table, int nadd, int error);
-void	 audit_pf_deltable(char *anchor, char *table, int ndel, int error);
+	struct in6_addr *dst, u_int16_t dst_port);
 
 /*
  * The remaining kernel functions are conditionally compiled in as they are
@@ -194,7 +186,7 @@
 void	 audit_arg_auditinfo_addr(struct auditinfo_addr *au_info);
 void	 audit_arg_upath(struct thread *td, char *upath, u_int64_t flags);
 void	 audit_arg_vnode(struct vnode *vp, u_int64_t flags);
-void	 audit_arg_text(char *text);
+void	 audit_arg_text(char *text, ...);
 void	 audit_arg_cmd(int cmd);
 void	 audit_arg_svipc_cmd(int cmd);
 void	 audit_arg_svipc_perm(struct ipc_perm *perm);
@@ -230,16 +222,28 @@
 	}								\
 } while (0)
 
+#define	AUDIT_PFIL_ENTER(code, td, error)	do {			\
+	if (audit_enabled) {						\
+		error = audit_pfil_enter(code, td);			\
+	}								\
+} while (0)
+
 /*
- * Wrap the audit_syscall_exit() function so that it is called only when
- * auditing is enabled, or we have a audit record on the thread.  It is
- * possible that an audit record was begun before auditing was turned off.
+ * Wrap audit_syscall_exit() and audit_pfil_exit() functions so that they are
+ * called only when auditing is enabled, or we have a audit record on the
+ * thread.  It it is possible that an audit record was begun before auditing
+ * was turned off.
  */
 #define	AUDIT_SYSCALL_EXIT(error, td)	do {				\
 	if (audit_enabled || (td->td_ar != NULL))			\
 		audit_syscall_exit(error, td);				\
 } while (0)
 
+#define	AUDIT_PFIL_EXIT(error, td)	do {				\
+	if (audit_enabled || (td->td_ar != NULL))			\
+		audit_pfil_exit(error, td);				\
+} while (0)
+
 /*
  * A Macro to wrap the audit_sysclose() function.
  */