From owner-p4-projects@FreeBSD.ORG Wed Jul 30 01:10:44 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D0017106567D; Wed, 30 Jul 2008 01:10:44 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79EE01065670 for ; Wed, 30 Jul 2008 01:10:44 +0000 (UTC) (envelope-from diego@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 660B58FC18 for ; Wed, 30 Jul 2008 01:10:44 +0000 (UTC) (envelope-from diego@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m6U1Ai3R045858 for ; Wed, 30 Jul 2008 01:10:44 GMT (envelope-from diego@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6U1AiYi045856 for perforce@freebsd.org; Wed, 30 Jul 2008 01:10:44 GMT (envelope-from diego@FreeBSD.org) Date: Wed, 30 Jul 2008 01:10:44 GMT Message-Id: <200807300110.m6U1AiYi045856@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to diego@FreeBSD.org using -f From: Diego Giagio To: Perforce Change Reviews Cc: Subject: PERFORCE change 146237 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2008 01:10:45 -0000 http://perforce.freebsd.org/chv.cgi?CH=146237 Change 146237 by diego@diego_black on 2008/07/30 01:09:46 Use port from struct sockaddr_* instead of passing it by value. Simplify API. Affected files ... .. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#3 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#13 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#4 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#5 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#3 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#10 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#4 edit Differences ... ==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#3 (text) ==== @@ -296,10 +296,10 @@ #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(uint16_t domain, uint16_t type, uint16_t lp, - uint16_t rp, struct sockaddr *la, struct sockaddr *ta); -token_t *au_to_socket_ex_128(uint16_t domain, uint16_t type, uint16_t lp, - uint16_t rp, struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket_ex_32(uint16_t domain, uint16_t type, + struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket_ex_128(uint16_t domain, uint16_t type, + struct sockaddr *la, struct sockaddr *ta); #endif token_t *au_to_sock_inet(struct sockaddr_in *so); ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#13 (text) ==== @@ -183,8 +183,8 @@ void audit_arg_process(struct proc *p); void audit_arg_signum(u_int signum); void audit_arg_socket(int sodomain, int sotype, int soprotocol); -void audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport, - struct sockaddr *la, struct sockaddr *ra); +void audit_arg_socket_ex(int sodomain, int sotype, struct sockaddr *la, + struct sockaddr *ra); void audit_arg_sockaddr(struct thread *td, struct sockaddr *sa); void audit_arg_auid(uid_t auid); void audit_arg_auditinfo(struct auditinfo *au_info); ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#4 (text) ==== @@ -609,7 +609,7 @@ void audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, int sotype, - int lport, int rport, struct sockaddr *la, struct sockaddr *ra) + struct sockaddr *la, struct sockaddr *ra) { KASSERT(ar != NULL, ("audit_record_arg_socket_ex: ar == NULL")); KASSERT(la != NULL, ("audit_record_arg_socket_ex: la == NULL")); @@ -617,16 +617,14 @@ ar->k_ar.ar_arg_sockconn.sc_domain = sodomain; ar->k_ar.ar_arg_sockconn.sc_type = sotype; - ar->k_ar.ar_arg_sockconn.sc_lport = lport; - ar->k_ar.ar_arg_sockconn.sc_rport = rport; bcopy(la, &ar->k_ar.ar_arg_sockconn.sc_laddr, la->sa_len); bcopy(ra, &ar->k_ar.ar_arg_sockconn.sc_raddr, ra->sa_len); ARG_SET_VALID(ar, ARG_SOCKCONN); } void -audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport, - struct sockaddr *la, struct sockaddr *ra) +audit_arg_socket_ex(int sodomain, int sotype, struct sockaddr *la, + struct sockaddr *ra) { struct kaudit_record *ar; @@ -634,7 +632,7 @@ if (ar == NULL) return; - audit_record_arg_socket_ex(ar, sodomain, sotype, lport, rport, la, ra); + audit_record_arg_socket_ex(ar, sodomain, sotype, la, ra); } void ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#5 (text) ==== @@ -1444,15 +1444,11 @@ tok = au_to_socket_ex_32( ar->ar_arg_sockconn.sc_domain, ar->ar_arg_sockconn.sc_type, - ar->ar_arg_sockconn.sc_lport, - ar->ar_arg_sockconn.sc_rport, laddr, raddr); } else { tok = au_to_socket_ex_128( ar->ar_arg_sockconn.sc_domain, ar->ar_arg_sockconn.sc_type, - ar->ar_arg_sockconn.sc_lport, - ar->ar_arg_sockconn.sc_rport, laddr, raddr); } kau_write(rec, tok); ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#3 (text) ==== @@ -855,11 +855,13 @@ * remote address 4 bytes/16 bytes (IPv4/IPv6 address) */ token_t * -au_to_socket_ex_32(u_int16_t domain, u_int16_t type, u_int16_t lp, u_int16_t rp, - struct sockaddr *la, struct sockaddr *ra) +au_to_socket_ex_32(u_int16_t domain, u_int16_t type, struct sockaddr *la, + struct sockaddr *ra) { token_t *t; u_char *dptr = NULL; + struct sockaddr_in *lai = (struct sockaddr_in*)la; + struct sockaddr_in *rai = (struct sockaddr_in*)ra; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) + @@ -869,20 +871,22 @@ ADD_U_INT16(dptr, domain); ADD_U_INT16(dptr, type); ADD_U_INT16(dptr, AU_IPv4); - ADD_U_INT16(dptr, lp); - ADD_MEM(dptr, &la->sa_data, AU_IPv4); - ADD_U_INT16(dptr, rp); - ADD_MEM(dptr, &ra->sa_data, AU_IPv4); + ADD_U_INT16(dptr, lai->sin_port); + ADD_U_INT32(dptr, lai->sin_addr.s_addr); + ADD_U_INT16(dptr, rai->sin_port); + ADD_U_INT32(dptr, rai->sin_addr.s_addr); return (t); } token_t * -au_to_socket_ex_128(u_int16_t domain, u_int16_t type, u_int16_t lp, - u_int16_t rp, struct sockaddr *la, struct sockaddr *ra) +au_to_socket_ex_128(u_int16_t domain, u_int16_t type, struct sockaddr *la, + struct sockaddr *ra) { token_t *t; u_char *dptr = NULL; + struct sockaddr_in6 *lai = (struct sockaddr_in6*)la; + struct sockaddr_in6 *rai = (struct sockaddr_in6*)ra; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) + @@ -892,10 +896,10 @@ ADD_U_INT16(dptr, domain); ADD_U_INT16(dptr, type); ADD_U_INT16(dptr, AU_IPv6); - ADD_U_INT16(dptr, lp); - ADD_MEM(dptr, &la->sa_data, AU_IPv6); - ADD_U_INT16(dptr, rp); - ADD_MEM(dptr, &ra->sa_data, AU_IPv6); + ADD_U_INT16(dptr, lai->sin6_port); + ADD_MEM(dptr, &lai->sin6_addr, 4 * sizeof(u_int32_t)); + ADD_U_INT16(dptr, rai->sin6_port); + ADD_MEM(dptr, &rai->sin6_addr, 4 * sizeof(u_int32_t)); return (t); } ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#10 (text+ko) ==== @@ -322,11 +322,11 @@ } static void -addr_to_sin(u_int32_t addr, struct sockaddr_in *sin) +addr_port_to_sin(u_int32_t addr, u_int16_t port, struct sockaddr_in *sin) { sin->sin_len = sizeof(struct sockaddr_in); sin->sin_family = PF_INET; - sin->sin_port = 0; + sin->sin_port = port; sin->sin_addr.s_addr = addr; } @@ -347,11 +347,11 @@ * * TODO: check MATCH_FORWARD / MATCH_REVERSE on ip_fw2.c */ - addr_to_sin(src, &lsin); - addr_to_sin(dst, &rsin); + addr_port_to_sin(src, src_port, &lsin); + addr_port_to_sin(dst, dst_port, &rsin); audit_record_arg_text(ar, "ipfw"); - audit_record_arg_socket_ex(ar, PF_INET, SOCK_STREAM, src_port, dst_port, + audit_record_arg_socket_ex(ar, PF_INET, SOCK_STREAM, (struct sockaddr*)&lsin, (struct sockaddr*)&rsin); audit_commit(ar, error, 0); } ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#4 (text) ==== @@ -121,8 +121,6 @@ struct sockconn_au_info { int sc_domain; int sc_type; - u_short sc_lport; - u_short sc_rport; struct sockaddr_storage sc_laddr; struct sockaddr_storage sc_raddr; }; @@ -288,7 +286,7 @@ void audit_record_arg_socket(struct kaudit_record *ar, int sodomain, int sotype, int soprotocol); void audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, - int sotype, int lport, int rport, struct sockaddr *la, struct sockaddr *ra); + int sotype, struct sockaddr *la, struct sockaddr *ra); void audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td, struct sockaddr *sa); void audit_record_arg_auid(struct kaudit_record *ar, uid_t auid);