Date: Wed, 27 Feb 2008 06:01:36 GMT From: Aaron Meihm <alm@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 136321 for review Message-ID: <200802270601.m1R61aFm040646@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=136321 Change 136321 by alm@alm_praetorian on 2008/02/27 06:00:37 Various style changes and improved error handling. Reduce the size of the store buffer to 2048. Affected files ... .. //depot/projects/trustedbsd/netauditd/component.c#5 edit .. //depot/projects/trustedbsd/netauditd/conf.c#4 edit .. //depot/projects/trustedbsd/netauditd/netauditd.c#11 edit .. //depot/projects/trustedbsd/netauditd/netauditd.h#8 edit Differences ... ==== //depot/projects/trustedbsd/netauditd/component.c#5 (text+ko) ==== @@ -56,7 +56,7 @@ new = malloc(sizeof(struct au_cmpnt)); if (new == NULL) return (NULL); - memset(new, 0, sizeof(struct au_cmpnt)); + (void) memset(new, 0, sizeof(struct au_cmpnt)); if (is_src) { if (strcmp(type, "net") == 0) new->ac_type = NETAUDIT_SRC_NET; @@ -117,7 +117,7 @@ freeaddrinfo(ptr->ac_ainfo); if (ptr->ac_consumers != NULL) free(ptr->ac_consumers); - component_clear_oq(ptr); + (void) component_clear_oq(ptr); free(ptr); } ==== //depot/projects/trustedbsd/netauditd/conf.c#4 (text+ko) ==== @@ -45,6 +45,11 @@ #include "netauditd.h" +#define SYNTAX_ERROR(x, y) { (void) fprintf(stderr, \ + "netauditd: Syntax error: %s:%d\n", \ + x, y); \ + exit(1); } + static const struct conf_ent { char *c_mode; char *c_type; @@ -74,7 +79,7 @@ svc = a->args[4]; if ((new = component_init(is_src, a->args[2], a->args[1])) == NULL) exit(2); - memset(&hints, 0, sizeof(hints)); + (void) memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if (is_src) { @@ -162,7 +167,7 @@ ret = malloc(sizeof(args_t)); if (ret == NULL) exit(2); - memset(ret, 0, sizeof(args_t)); + (void) memset(ret, 0, sizeof(args_t)); for (s0 = buf; (ptr = strsep(&s0, " ")) != NULL;) { ret->args[ret->args_n] = strdup(ptr); if (ret->args[ret->args_n] == NULL) @@ -202,35 +207,21 @@ return; dprintf("%d: \"%s\"\n", lc, buf); a = conf_parse_args(buf); - /* Ensure three arguments are present */ - if (a->args_n < 3) { - fprintf(stderr, "netauditd: Syntax error: %s:%d\n", conf_path, - lc); - exit(1); - } + /* The minimum number of arguments for a command is 3. */ + if (a->args_n < 3) + SYNTAX_ERROR(conf_path, lc) for (cptr = conftab; cptr->c_type != NULL; cptr++) { if ((strcmp(cptr->c_mode, a->args[0]) == 0) && (strcmp(cptr->c_type, a->args[2]) == 0)) { - if (a->args_n < cptr->c_min_args) { - fprintf(stderr, - "netauditd: Syntax error: %s:%d\n", - conf_path, lc); - exit(1); - } - if (cptr->c_func(a) == -1) { - fprintf(stderr, - "netauditd: Syntax error: %s:%d\n", - conf_path, lc); - exit(1); - } + if (a->args_n < cptr->c_min_args) + SYNTAX_ERROR(conf_path, lc) + if (cptr->c_func(a) == -1) + SYNTAX_ERROR(conf_path, lc) break; } } - if (cptr->c_type == NULL) { /* Command not found */ - fprintf(stderr, "netauditd: Syntax error: %s:%d\n", - conf_path, lc); - exit(1); - } + if (cptr->c_type == NULL) + SYNTAX_ERROR(conf_path, lc) conf_free_args(a); } @@ -245,5 +236,5 @@ err(1, "%s", path); while (fgets(confbuf, sizeof(confbuf), fp) != NULL) conf_parse(confbuf, ++lc); - fclose(fp); + (void) fclose(fp); } ==== //depot/projects/trustedbsd/netauditd/netauditd.c#11 (text+ko) ==== @@ -64,9 +64,9 @@ if (!(netaudit_flags & FLAG_DEBUG)) return; va_start(ap, fmt); - vsnprintf(buf, sizeof(buf), fmt, ap); + (void) vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); - fprintf(stderr, "debug: %s", buf); + (void) fprintf(stderr, "debug: %s", buf); } int @@ -95,7 +95,7 @@ TAILQ_INIT(&au_srclist); TAILQ_INIT(&au_dstlist); conf_load(conf_path); - signal(SIGPIPE, SIG_IGN); + (void) signal(SIGPIPE, SIG_IGN); netaudit_run(); return (0); } @@ -141,10 +141,19 @@ TAILQ_FOREACH_SAFE(asb, &au->ac_sbufq, sb_glue, tmp) if (FD_ISSET(asb->sb_fd, rfds)) if (netaudit_socket_read(asb) == -1) { - close(asb->sb_fd); + /* A read error occurred while reading + * a record from a connected client. + * We remove the client and continue. + * This may occur after an sb_recbuf + * object has been allocated. */ + (void) close(asb->sb_fd); TAILQ_REMOVE(&au->ac_sbufq, asb, sb_glue); free(asb->sb_sockaddr); + if (asb->sb_recbuf != NULL) { + free(asb->sb_recbuf->ar_rec); + free(asb->sb_recbuf); + } free(asb); } } @@ -156,7 +165,7 @@ fd_set rfds; struct timeval tv; struct au_cmpnt *au; - int ret; + int ret, fd; #ifdef AUDITPIPE_SET_BUFMODE int opt; #endif @@ -189,10 +198,19 @@ err(1, "fork"); if (ret != 0) exit(0); + fd = open("/dev/null", O_RDWR); + if (fd == -1) + err(1, "/dev/null"); + (void) dup2(fd, STDIN_FILENO); + (void) dup2(fd, STDOUT_FILENO); + (void) dup2(fd, STDERR_FILENO); + if (fd > 2) + (void) close(fd); + if (setsid() == -1) + err(1, "setsid"); } - netaudit_establish(); - memset(&tv, 0, sizeof(tv)); - tv.tv_usec = 100000; + (void) memset(&tv, 0, sizeof(tv)); + tv.tv_sec = 1; for (;;) { FD_ZERO(&rfds); netaudit_build_rfds(&rfds); @@ -274,7 +292,13 @@ if (errno == EAGAIN) break; else { - close(au->ac_fd); + /* Check if we submitted a partial + * record. If so we reset aq_remain + * and retransmit when the consumer + * is reestablished. */ + if (q->aq_remain != r->ar_reclen) + q->aq_remain = r->ar_reclen; + (void) close(au->ac_fd); au->ac_established = 0; break; } @@ -306,7 +330,7 @@ new = malloc(sizeof(struct au_queue_ent)); if (new == NULL) exit(2); - memset(new, 0, sizeof(struct au_queue_ent)); + (void) memset(new, 0, sizeof(struct au_queue_ent)); new->aq_ptr = rec; new->aq_remain = rec->ar_reclen; TAILQ_INSERT_TAIL(&au->ac_consumers[i]->ac_oq, new, aq_glue); @@ -320,16 +344,18 @@ struct au_recbuf *new; if ((new = malloc(sizeof(struct au_recbuf))) == NULL) - exit(2); - if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) - exit(2); + return; + if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL) { + free(new); + return; + } /* * XXXCSJP: It is possible that the audit record will be greater then * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it. */ new->ar_reclen = read(au->ac_fd, new->ar_rec, NETAUDIT_PIPE_BUFSIZE); if (new->ar_reclen == -1) { - if (errno != EAGAIN) + if ((errno != EAGAIN) && (errno != EINTR)) exit(2); else return; @@ -344,15 +370,21 @@ struct au_srcbuffer *new; new = malloc(sizeof(struct au_srcbuffer)); - memset(new, 0, sizeof(struct au_srcbuffer)); + if (new == NULL) + exit(2); + (void) memset(new, 0, sizeof(struct au_srcbuffer)); new->sb_socklen = au->ac_ainfo->ai_addrlen; if ((new->sb_sockaddr = malloc(new->sb_socklen)) == NULL) exit(2); new->sb_fd = accept(au->ac_fd, new->sb_sockaddr, &new->sb_socklen); if (new->sb_fd == -1) { - free(new->sb_sockaddr); - free(new); - return; + if ((errno == EWOULDBLOCK) || (errno == ECONNABORTED)) { + free(new->sb_sockaddr); + free(new); + return; + } + else + exit(2); } new->sb_parent = au; TAILQ_INSERT_TAIL(&au->ac_sbufq, new, sb_glue); @@ -385,9 +417,7 @@ { u_char *bufptr, *recbufptr; int ret, left; - u_int32_t hdr_remain; - u_int32_t val; - u_int32_t need; + u_int32_t hdr_remain, val, need; ret = read(asb->sb_fd, asb->sb_buf, sizeof(asb->sb_buf)); if (ret == -1) { @@ -405,13 +435,14 @@ hdr_remain = sizeof(asb->sb_header) - asb->sb_read; if (left >= hdr_remain) { - memcpy(asb->sb_header + asb->sb_read, bufptr, - hdr_remain); + (void) memcpy(asb->sb_header + asb->sb_read, + bufptr, hdr_remain); asb->sb_read += hdr_remain; left -= hdr_remain; bufptr += hdr_remain; - memcpy(&val, asb->sb_header + 1, sizeof(val)); - asb->sb_recbuf = \ + (void) memcpy(&val, asb->sb_header + 1, + sizeof(val)); + asb->sb_recbuf = malloc(sizeof(struct au_recbuf)); if (asb->sb_recbuf == NULL) exit(2); @@ -422,16 +453,15 @@ malloc(asb->sb_recbuf->ar_reclen); if (asb->sb_recbuf->ar_rec == NULL) exit(2); - memcpy(asb->sb_recbuf->ar_rec, + (void) memcpy(asb->sb_recbuf->ar_rec, asb->sb_header, sizeof(asb->sb_header)); continue; } else { - dprintf("PARTIAL HEADER READ\n"); - memcpy(asb->sb_header + asb->sb_read, bufptr, - left); + dprintf("read partial header\n"); + (void) memcpy(asb->sb_header + asb->sb_read, + bufptr, left); asb->sb_read += left; - left = 0; return (0); } } @@ -439,15 +469,14 @@ recbufptr = asb->sb_recbuf->ar_rec + asb->sb_read; dprintf("still need %u bytes\n", need); if (left < need) { - memcpy(recbufptr, bufptr, left); + (void) memcpy(recbufptr, bufptr, left); asb->sb_read += left; return (0); } else { - memcpy(recbufptr, bufptr, need); + (void) memcpy(recbufptr, bufptr, need); left -= need; bufptr += need; - /* We have a full record at this point */ netaudit_queue_record(asb->sb_parent, asb->sb_recbuf); asb->sb_recbuf = NULL; asb->sb_read = 0; @@ -459,6 +488,6 @@ void usage() { - fputs("usage: netauditd [-Ddh] [-f path]\n", stderr); + (void) fputs("usage: netauditd [-Ddh] [-f path]\n", stderr); exit(1); } ==== //depot/projects/trustedbsd/netauditd/netauditd.h#8 (text+ko) ==== @@ -52,7 +52,7 @@ int sb_fd; struct au_recbuf *sb_recbuf; u_int32_t sb_read; - u_char sb_buf[8192]; + u_char sb_buf[2048]; u_char sb_header[5]; TAILQ_ENTRY(au_srcbuffer) sb_glue; };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802270601.m1R61aFm040646>