Date: Tue, 15 Mar 2011 17:30:22 GMT From: Efstratios Karatzas <gpf@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 190065 for review Message-ID: <201103151730.p2FHUM6K019112@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@190065?ac=10 Change 190065 by gpf@gpf_desktop on 2011/03/15 17:29:45 - update values for new events Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#10 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/sys/bsm/audit_kevents.h#2 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#7 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#10 (text) ==== @@ -12,7 +12,10 @@ # # 0 Reserved and invalid # 1 - 2047 Reserved for Solaris kernel events -# 2048 - 5999 Reserved and unallocated +# 2048 - 2999 Reserved and unallocated +# 3000 - 3999 Reserved for NFS specific kernel events +# 4000 - 4999 Reserved for firewall kernel events +# 5000 - 5999 Reserved and unallocated # 6000 - 9999 Reserved for Solaris user events # 10000 - 32767 Reserved and unallocated # 32768 - 65535 Available for third party applications @@ -362,74 +365,74 @@ # # NFS-specific kernel events # -2000:AUE_NFS_NULL:nfsrv_null():nfs,ot -2001:AUE_NFS_GETATTR:nfsrv_getattr():nfs,fa -2002:AUE_NFS_SETATTR:nfsrv_setattr():nfs,fm -2003:AUE_NFS_LOOKUP:nfsrv_lookup():nfs,fa,ad -2004:AUE_NFS_ACCESS:nfsrv_access():nfs,fa -2005:AUE_NFS_READLINK:nfsrv_readlink():nfs,fr -2006:AUE_NFS_READ:nfsrv_read():nfs,fr -2007:AUE_NFS_WRITE:nfsrv_write():nfs,fw -2008:AUE_NFS_CREATE:nfsrv_create():nfs,fc,ad -2009:AUE_NFS_MKDIR:nfsrv_mkdir():nfs,fc,ad -2010:AUE_NFS_SYMLINK:nfsrv_symlink():nfs,fc,ad -2011:AUE_NFS_MKNOD:nfsrv_mknod():nfs,fc,ad -2012:AUE_NFS_REMOVE:nfsrv_remove():nfs,fd -2013:AUE_NFS_RMDIR:nfsrv_rmdir():nfs,fd -2014:AUE_NFS_RENAME:nfsrv_rename():nfs,fc,fd -2015:AUE_NFS_LINK:nfsrv_link():nfs,fc -2016:AUE_NFS_READDIR:nfsrv_readdir():nfs,fr -2017:AUE_NFS_READDIR_PLUS:nfsrv_readdirplus():nfs,fr,ad -2018:AUE_NFS_STATFS:nfsrv_statfs():nfs,fa -2019:AUE_NFS_FSINFO:nfsrv_fsinfo():nfs,ot -2020:AUE_NFS_PATHCONF:nfsrv_pathconf():nfs,fa -2021:AUE_NFS_COMMIT:nfsrv_commit():nfs,fw -2022:AUE_NFS_NOOP:nfsrv_noop():nfs,no +3000:AUE_NFS_NULL:nfsrv_null():nfs,ot +3001:AUE_NFS_GETATTR:nfsrv_getattr():nfs,fa +3002:AUE_NFS_SETATTR:nfsrv_setattr():nfs,fm +3003:AUE_NFS_LOOKUP:nfsrv_lookup():nfs,fa,ad +3004:AUE_NFS_ACCESS:nfsrv_access():nfs,fa +3005:AUE_NFS_READLINK:nfsrv_readlink():nfs,fr +3006:AUE_NFS_READ:nfsrv_read():nfs,fr +3007:AUE_NFS_WRITE:nfsrv_write():nfs,fw +3008:AUE_NFS_CREATE:nfsrv_create():nfs,fc,ad +3009:AUE_NFS_MKDIR:nfsrv_mkdir():nfs,fc,ad +3010:AUE_NFS_SYMLINK:nfsrv_symlink():nfs,fc,ad +3011:AUE_NFS_MKNOD:nfsrv_mknod():nfs,fc,ad +3012:AUE_NFS_REMOVE:nfsrv_remove():nfs,fd +3013:AUE_NFS_RMDIR:nfsrv_rmdir():nfs,fd +3014:AUE_NFS_RENAME:nfsrv_rename():nfs,fc,fd +3015:AUE_NFS_LINK:nfsrv_link():nfs,fc +3016:AUE_NFS_READDIR:nfsrv_readdir():nfs,fr +3017:AUE_NFS_READDIR_PLUS:nfsrv_readdirplus():nfs,fr,ad +3018:AUE_NFS_STATFS:nfsrv_statfs():nfs,fa +3019:AUE_NFS_FSINFO:nfsrv_fsinfo():nfs,ot +3020:AUE_NFS_PATHCONF:nfsrv_pathconf():nfs,fa +3021:AUE_NFS_COMMIT:nfsrv_commit():nfs,fw +3022:AUE_NFS_NOOP:nfsrv_noop():nfs,no # # NFSv4 specific RPC events # -2023:AUE_NFS_CLOSE:nfsrv_close():nfs,cl -2024:AUE_NFS_DELEGPURGE:nfsrv_delegpurge():nfs,ad -2025:AUE_NFS_DELEGRETURN:nfsrv_delegreturn():nfs,ad -2026:AUE_NFSv4_GETFH:nfsrv4_getfh():nfs,ad -2027:AUE_NFS_LOCK:nfsrv_lock():nfs,fm -2028:AUE_NFS_LOCKT:nfsrv_lockt():nfs,fm -2029:AUE_NFS_LOCKU:nfsrv_locku():nfs,fm -2030:AUE_NFS_LOOKUPP:nfsrv_lookupp():nfs,fa,ad -2031:AUE_NFS_NVERIFY:nfsrv_nverify():nfs,fa -2032:AUE_NFS_OPEN:nfsrv_open():nfs,fa -2033:AUE_NFS_OPENATTR:nfsrv_openattr():nfs,fa -2034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():nfs,fa -2035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():nfs,fm -2036:AUE_NFS_PUTFH:nfsrv_putfh():nfs,ad -2037:AUE_NFS_PUTPUBFH:nfsrv_putpubfh():nfs,ad -2038:AUE_NFS_PUTROOTFH:nfsrv_putrootfh():nfs,ad -2039:AUE_NFS_RENEW:nfsrv_renew():nfs,ad -2040:AUE_NFS_RESTOREFH:nfsrv_restorefh():nfs,ad -2041:AUE_NFS_SAVEFH:nfsrv_savefh():nfs,ad -2042:AUE_NFS_SECINFO:nfsrv_secinfo():nfs,ot -2043:AUE_NFS_SETCLIENTID:nfsrv_setclientid():nfs,aa -2044:AUE_NFS_SETCLIENTIDCFRM:nfsrv_setclientidcfrm():nfs,aa -2045:AUE_NFS_VERIFY:nfsrv_verify():nfs,fa -2046:AUE_NFS_RELEASELCKOWN:nfsrv_releaselckown():nfs,ad -2047:AUE_NFS_OPEN_R:nfsrv_open() - read:nfs,fr -2048:AUE_NFS_OPEN_RC:nfsrv_open() - read, creat:nfs,fr,fc,fa,fm -2049:AUE_NFS_OPEN_RTC:nfsrv_open() - read, trunc, creat:nfs,fr,fd,fc,fa,fm -2050:AUE_NFS_OPEN_RT:nfsrv_open() - read, trunc:nfs,fr,fd,fa,fm -2051:AUE_NFS_OPEN_RW:nfsrv_open() - read, write:nfs,fr,fw -2052:AUE_NFS_OPEN_RWC:nfsrv_open() - read, write, creat:nfs,fr,fw,fc,fa,fm -2053:AUE_NFS_OPEN_RWTC:nfsrv_open() - read, write, trunc, creat:nfs,fr,fw,fd,fc,fa,fm -2054:AUE_NFS_OPEN_RWT:nfsrv_open() - read, write, trunc:nfs,fr,fw,fd,fa,fm -2055:AUE_NFS_OPEN_W:nfsrv_open() - write:nfs,fw -2056:AUE_NFS_OPEN_WC:nfsrv_open() - write, creat:nfs,fw,fc,fa,fm -2057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:nfs,fw,fd,fc,fa,fm -2058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:nfs,fw,fd,fa,fm +3023:AUE_NFS_CLOSE:nfsrv_close():nfs,cl +3024:AUE_NFS_DELEGPURGE:nfsrv_delegpurge():nfs,ad +3025:AUE_NFS_DELEGRETURN:nfsrv_delegreturn():nfs,ad +3026:AUE_NFSv4_GETFH:nfsrv4_getfh():nfs,ad +3027:AUE_NFS_LOCK:nfsrv_lock():nfs,fm +3028:AUE_NFS_LOCKT:nfsrv_lockt():nfs,fm +3029:AUE_NFS_LOCKU:nfsrv_locku():nfs,fm +3030:AUE_NFS_LOOKUPP:nfsrv_lookupp():nfs,fa,ad +3031:AUE_NFS_NVERIFY:nfsrv_nverify():nfs,fa +3032:AUE_NFS_OPEN:nfsrv_open():nfs,fa +3033:AUE_NFS_OPENATTR:nfsrv_openattr():nfs,fa +3034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():nfs,fa +3035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():nfs,fm +3036:AUE_NFS_PUTFH:nfsrv_putfh():nfs,ad +3037:AUE_NFS_PUTPUBFH:nfsrv_putpubfh():nfs,ad +3038:AUE_NFS_PUTROOTFH:nfsrv_putrootfh():nfs,ad +3039:AUE_NFS_RENEW:nfsrv_renew():nfs,ad +3040:AUE_NFS_RESTOREFH:nfsrv_restorefh():nfs,ad +3041:AUE_NFS_SAVEFH:nfsrv_savefh():nfs,ad +3042:AUE_NFS_SECINFO:nfsrv_secinfo():nfs,ot +3043:AUE_NFS_SETCLIENTID:nfsrv_setclientid():nfs,aa +3044:AUE_NFS_SETCLIENTIDCFRM:nfsrv_setclientidcfrm():nfs,aa +3045:AUE_NFS_VERIFY:nfsrv_verify():nfs,fa +3046:AUE_NFS_RELEASELCKOWN:nfsrv_releaselckown():nfs,ad +3047:AUE_NFS_OPEN_R:nfsrv_open() - read:nfs,fr +3048:AUE_NFS_OPEN_RC:nfsrv_open() - read, creat:nfs,fr,fc,fa,fm +3049:AUE_NFS_OPEN_RTC:nfsrv_open() - read, trunc, creat:nfs,fr,fd,fc,fa,fm +3050:AUE_NFS_OPEN_RT:nfsrv_open() - read, trunc:nfs,fr,fd,fa,fm +3051:AUE_NFS_OPEN_RW:nfsrv_open() - read, write:nfs,fr,fw +3052:AUE_NFS_OPEN_RWC:nfsrv_open() - read, write, creat:nfs,fr,fw,fc,fa,fm +3053:AUE_NFS_OPEN_RWTC:nfsrv_open() - read, write, trunc, creat:nfs,fr,fw,fd,fc,fa,fm +3054:AUE_NFS_OPEN_RWT:nfsrv_open() - read, write, trunc:nfs,fr,fw,fd,fa,fm +3055:AUE_NFS_OPEN_W:nfsrv_open() - write:nfs,fw +3056:AUE_NFS_OPEN_WC:nfsrv_open() - write, creat:nfs,fw,fc,fa,fm +3057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:nfs,fw,fd,fc,fa,fm +3058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:nfs,fw,fd,fa,fm # # Firewall Events # note: class 'aa' is only temporarily used # -3000:AUE_PFIL_ENABLE:enable packet filtering:aa -3001:AUE_PFIL_DISABLE:disable packet filtering:aa +4000:AUE_PFIL_ENABLE:enable packet filtering:aa +4001:AUE_PFIL_DISABLE:disable packet filtering:aa # # OpenBSM-specific kernel events. # ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/sys/bsm/audit_kevents.h#2 (text) ==== @@ -33,9 +33,10 @@ #define _BSM_AUDIT_KEVENTS_H_ /* - * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + * The reserved event numbers for kernel events are 1...2047, 3000...4999 and 43001..44900. */ #define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ + ((e) > 2999 && (e) < 5000) || \ ((e) > 43000 && (e) < 45000)) /* @@ -384,6 +385,75 @@ #define AUE_DARWIN_COPYFILE 361 /* Darwin-specific. */ /* + * NFS RPC events + */ +#define AUE_NFS_NULL 3000 +#define AUE_NFS_GETATTR 3001 +#define AUE_NFS_SETATTR 3002 +#define AUE_NFS_LOOKUP 3003 +#define AUE_NFS_ACCESS 3004 +#define AUE_NFS_READLINK 3005 +#define AUE_NFS_READ 3006 +#define AUE_NFS_WRITE 3007 +#define AUE_NFS_CREATE 3008 +#define AUE_NFS_MKDIR 3009 +#define AUE_NFS_SYMLINK 3010 +#define AUE_NFS_MKNOD 3011 +#define AUE_NFS_REMOVE 3012 +#define AUE_NFS_RMDIR 3013 +#define AUE_NFS_RENAME 3014 +#define AUE_NFS_LINK 3015 +#define AUE_NFS_READDIR 3016 +#define AUE_NFS_READDIR_PLUS 3017 +#define AUE_NFS_STATFS 3018 +#define AUE_NFS_FSINFO 3019 +#define AUE_NFS_PATHCONF 3020 +#define AUE_NFS_COMMIT 3021 +#define AUE_NFS_NOOP 3022 +/* NFSv4 specific RPC events */ +#define AUE_NFS_CLOSE 3023 +#define AUE_NFS_DELEGPURGE 3024 +#define AUE_NFS_DELEGRETURN 3025 +#define AUE_NFSv4_GETFH 3026 +#define AUE_NFS_LOCK 3027 +#define AUE_NFS_LOCKT 3028 +#define AUE_NFS_LOCKU 3029 +#define AUE_NFS_LOOKUPP 3030 +#define AUE_NFS_NVERIFY 3031 +#define AUE_NFS_OPEN 3032 +#define AUE_NFS_OPENATTR 3033 +#define AUE_NFS_OPENCONFIRM 3034 +#define AUE_NFS_OPENDOWNGRADE 3035 +#define AUE_NFS_PUTFH 3036 +#define AUE_NFS_PUTPUBFH 3037 +#define AUE_NFS_PUTROOTFH 3038 +#define AUE_NFS_RENEW 3039 +#define AUE_NFS_RESTOREFH 3040 +#define AUE_NFS_SAVEFH 3041 +#define AUE_NFS_SECINFO 3042 +#define AUE_NFS_SETCLIENTID 3043 +#define AUE_NFS_SETCLIENTIDCFRM 3044 +#define AUE_NFS_VERIFY 3045 +#define AUE_NFS_RELEASELCKOWN 3046 +#define AUE_NFS_OPEN_R 3047 +#define AUE_NFS_OPEN_RC 3048 +#define AUE_NFS_OPEN_RTC 3049 +#define AUE_NFS_OPEN_RT 3050 +#define AUE_NFS_OPEN_RW 3051 +#define AUE_NFS_OPEN_RWC 3052 +#define AUE_NFS_OPEN_RWTC 3053 +#define AUE_NFS_OPEN_RWT 3054 +#define AUE_NFS_OPEN_W 3055 +#define AUE_NFS_OPEN_WC 3056 +#define AUE_NFS_OPEN_WTC 3057 +#define AUE_NFS_OPEN_WT 3058 +/* + * Firewall Events + */ +#define AUE_PFIL_ENABLE 4000 +#define AUE_PFIL_DISABLE 4001 + +/* * Audit event identifiers added as part of OpenBSM, generally corresponding * to events in FreeBSD, Darwin, and Linux that were not present in Solaris. * These often duplicate events added to the Solaris set by Darwin, but use ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#7 (text) ==== @@ -34,9 +34,10 @@ #define _BSM_AUDIT_KEVENTS_H_ /* - * The reserved event numbers for kernel events are 1...2047 and 43001..44900. + * The reserved event numbers for kernel events are 1...2047, 3000...4999 and 43001..44900. */ #define AUE_IS_A_KEVENT(e) (((e) > 0 && (e) < 2048) || \ + ((e) > 2999 && (e) < 5000) || \ ((e) > 43000 && (e) < 45000)) /* @@ -387,71 +388,71 @@ /* * NFS RPC events */ -#define AUE_NFS_NULL 2000 -#define AUE_NFS_GETATTR 2001 -#define AUE_NFS_SETATTR 2002 -#define AUE_NFS_LOOKUP 2003 -#define AUE_NFS_ACCESS 2004 -#define AUE_NFS_READLINK 2005 -#define AUE_NFS_READ 2006 -#define AUE_NFS_WRITE 2007 -#define AUE_NFS_CREATE 2008 -#define AUE_NFS_MKDIR 2009 -#define AUE_NFS_SYMLINK 2010 -#define AUE_NFS_MKNOD 2011 -#define AUE_NFS_REMOVE 2012 -#define AUE_NFS_RMDIR 2013 -#define AUE_NFS_RENAME 2014 -#define AUE_NFS_LINK 2015 -#define AUE_NFS_READDIR 2016 -#define AUE_NFS_READDIR_PLUS 2017 -#define AUE_NFS_STATFS 2018 -#define AUE_NFS_FSINFO 2019 -#define AUE_NFS_PATHCONF 2020 -#define AUE_NFS_COMMIT 2021 -#define AUE_NFS_NOOP 2022 +#define AUE_NFS_NULL 3000 +#define AUE_NFS_GETATTR 3001 +#define AUE_NFS_SETATTR 3002 +#define AUE_NFS_LOOKUP 3003 +#define AUE_NFS_ACCESS 3004 +#define AUE_NFS_READLINK 3005 +#define AUE_NFS_READ 3006 +#define AUE_NFS_WRITE 3007 +#define AUE_NFS_CREATE 3008 +#define AUE_NFS_MKDIR 3009 +#define AUE_NFS_SYMLINK 3010 +#define AUE_NFS_MKNOD 3011 +#define AUE_NFS_REMOVE 3012 +#define AUE_NFS_RMDIR 3013 +#define AUE_NFS_RENAME 3014 +#define AUE_NFS_LINK 3015 +#define AUE_NFS_READDIR 3016 +#define AUE_NFS_READDIR_PLUS 3017 +#define AUE_NFS_STATFS 3018 +#define AUE_NFS_FSINFO 3019 +#define AUE_NFS_PATHCONF 3020 +#define AUE_NFS_COMMIT 3021 +#define AUE_NFS_NOOP 3022 /* NFSv4 specific RPC events */ -#define AUE_NFS_CLOSE 2023 -#define AUE_NFS_DELEGPURGE 2024 -#define AUE_NFS_DELEGRETURN 2025 -#define AUE_NFSv4_GETFH 2026 -#define AUE_NFS_LOCK 2027 -#define AUE_NFS_LOCKT 2028 -#define AUE_NFS_LOCKU 2029 -#define AUE_NFS_LOOKUPP 2030 -#define AUE_NFS_NVERIFY 2031 -#define AUE_NFS_OPEN 2032 -#define AUE_NFS_OPENATTR 2033 -#define AUE_NFS_OPENCONFIRM 2034 -#define AUE_NFS_OPENDOWNGRADE 2035 -#define AUE_NFS_PUTFH 2036 -#define AUE_NFS_PUTPUBFH 2037 -#define AUE_NFS_PUTROOTFH 2038 -#define AUE_NFS_RENEW 2039 -#define AUE_NFS_RESTOREFH 2040 -#define AUE_NFS_SAVEFH 2041 -#define AUE_NFS_SECINFO 2042 -#define AUE_NFS_SETCLIENTID 2043 -#define AUE_NFS_SETCLIENTIDCFRM 2044 -#define AUE_NFS_VERIFY 2045 -#define AUE_NFS_RELEASELCKOWN 2046 -#define AUE_NFS_OPEN_R 2047 -#define AUE_NFS_OPEN_RC 2048 -#define AUE_NFS_OPEN_RTC 2049 -#define AUE_NFS_OPEN_RT 2050 -#define AUE_NFS_OPEN_RW 2051 -#define AUE_NFS_OPEN_RWC 2052 -#define AUE_NFS_OPEN_RWTC 2053 -#define AUE_NFS_OPEN_RWT 2054 -#define AUE_NFS_OPEN_W 2055 -#define AUE_NFS_OPEN_WC 2056 -#define AUE_NFS_OPEN_WTC 2057 -#define AUE_NFS_OPEN_WT 2058 +#define AUE_NFS_CLOSE 3023 +#define AUE_NFS_DELEGPURGE 3024 +#define AUE_NFS_DELEGRETURN 3025 +#define AUE_NFSv4_GETFH 3026 +#define AUE_NFS_LOCK 3027 +#define AUE_NFS_LOCKT 3028 +#define AUE_NFS_LOCKU 3029 +#define AUE_NFS_LOOKUPP 3030 +#define AUE_NFS_NVERIFY 3031 +#define AUE_NFS_OPEN 3032 +#define AUE_NFS_OPENATTR 3033 +#define AUE_NFS_OPENCONFIRM 3034 +#define AUE_NFS_OPENDOWNGRADE 3035 +#define AUE_NFS_PUTFH 3036 +#define AUE_NFS_PUTPUBFH 3037 +#define AUE_NFS_PUTROOTFH 3038 +#define AUE_NFS_RENEW 3039 +#define AUE_NFS_RESTOREFH 3040 +#define AUE_NFS_SAVEFH 3041 +#define AUE_NFS_SECINFO 3042 +#define AUE_NFS_SETCLIENTID 3043 +#define AUE_NFS_SETCLIENTIDCFRM 3044 +#define AUE_NFS_VERIFY 3045 +#define AUE_NFS_RELEASELCKOWN 3046 +#define AUE_NFS_OPEN_R 3047 +#define AUE_NFS_OPEN_RC 3048 +#define AUE_NFS_OPEN_RTC 3049 +#define AUE_NFS_OPEN_RT 3050 +#define AUE_NFS_OPEN_RW 3051 +#define AUE_NFS_OPEN_RWC 3052 +#define AUE_NFS_OPEN_RWTC 3053 +#define AUE_NFS_OPEN_RWT 3054 +#define AUE_NFS_OPEN_W 3055 +#define AUE_NFS_OPEN_WC 3056 +#define AUE_NFS_OPEN_WTC 3057 +#define AUE_NFS_OPEN_WT 3058 /* * Firewall Events */ -#define AUE_PFIL_ENABLE 3000 -#define AUE_PFIL_DISABLE 3001 +#define AUE_PFIL_ENABLE 4000 +#define AUE_PFIL_DISABLE 4001 /* * Audit event identifiers added as part of OpenBSM, generally corresponding
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103151730.p2FHUM6K019112>