Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Feb 2008 05:40:09 GMT
From:      Aaron Meihm <alm@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 135627 for review
Message-ID:  <200802180540.m1I5e96E051034@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=135627

Change 135627 by alm@alm_praetorian on 2008/02/18 05:39:14

	Various code cleanup. Introduce srcbuffer struct for incoming
	records from network peers.

Affected files ...

.. //depot/projects/trustedbsd/netauditd/netauditd.c#5 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.conf#3 edit
.. //depot/projects/trustedbsd/netauditd/netauditd.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/netauditd/netauditd.c#5 (text+ko) ====

@@ -112,7 +112,7 @@
 		TAILQ_REMOVE(&ptr->ac_oq, a, aq_glue);
 		a->aq_ptr->ar_refcount--;
 		if (a->aq_ptr->ar_refcount == 0) {
-			free(a->aq_ptr->ar_sbuf);
+			free(a->aq_ptr->ar_rec);
 			free(a->aq_ptr);
 		}
 		free(a);
@@ -242,33 +242,6 @@
 	return (0);
 }
 
-int
-conf_parse_dst_net(args_t *a)
-{
-	struct addrinfo hints;
-	struct au_cmpnt *new;
-	int error;
-
-	new = malloc(sizeof(struct au_cmpnt));
-	if (new == NULL)
-		exit(2);
-	memset(new, 0, sizeof(struct au_cmpnt));
-	if ((new->ac_name = strdup(a->args[1])) == NULL)
-		exit(2);
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	error = getaddrinfo(a->args[3], a->args[4], &hints, &new->ac_ainfo);
-	if (error)
-		return (-1);
-	new->ac_type = NETAUDIT_DST_NET;
-	if (conf_link_consumers(new, a, 5) == -1)
-		return (-1);
-	TAILQ_INIT(&new->ac_oq);
-	TAILQ_INSERT_TAIL(&au_dstlist, new, ac_glue);
-	return (0);
-}
-
 args_t *
 conf_parse_args(char *buf)
 {
@@ -422,6 +395,9 @@
 			if (au->ac_fd == -1)
 				err(1, "%s", au->ac_path);
 			break;
+		case NETAUDIT_SRC_NET:
+			netaudit_socket_listen(au);
+			break;
 		default:
 			exit(2);
 		}
@@ -514,8 +490,8 @@
 			dprintf("consumer %s running output queue\n",
 			    au->ac_name);
 			r = q->aq_ptr;
-			s = r->ar_sbuflen - q->aq_remain;
-			ret = write(au->ac_fd, r->ar_sbuf + s,
+			s = r->ar_reclen - q->aq_remain;
+			ret = write(au->ac_fd, r->ar_rec + s,
 			    q->aq_remain);
 			if (ret == -1) {
 				if (errno == EAGAIN)
@@ -532,7 +508,7 @@
 				free(q);
 				r->ar_refcount--;
 				if (r->ar_refcount == 0) {
-					free(r->ar_sbuf);
+					free(r->ar_rec);
 					free(r);
 				}
 			}
@@ -555,7 +531,7 @@
 			exit(2);
 		memset(new, 0, sizeof(struct au_queue_ent));
 		new->aq_ptr = rec;
-		new->aq_remain = rec->ar_sbuflen;
+		new->aq_remain = rec->ar_reclen;
 		TAILQ_INSERT_TAIL(&au->ac_consumers[i]->ac_oq, new, aq_glue);
 		dprintf("queued %p: %s\n", rec, au->ac_consumers[i]->ac_name);
 	}
@@ -568,24 +544,52 @@
 
 	if ((new = malloc(sizeof(struct au_recbuf))) == NULL)
 		exit(2);
-	if ((new->ar_sbuf = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL)
+	if ((new->ar_rec = malloc(NETAUDIT_PIPE_BUFSIZE)) == NULL)
 		exit(2);
 	/*
 	 * XXXCSJP: It is possible that the audit record will be greater then
 	 * NETAUDIT_PIPE_BUFSIZE, in which case the pipe will truncate it.
 	 */
-	new->ar_sbuflen = read(au->ac_fd, new->ar_sbuf, NETAUDIT_PIPE_BUFSIZE);
-	if (new->ar_sbuflen == -1) {
+	new->ar_reclen = read(au->ac_fd, new->ar_rec, NETAUDIT_PIPE_BUFSIZE);
+	if (new->ar_reclen == -1) {
 		if (errno != EAGAIN)
 			exit(2);
 		else
 			return;
 	}
-	dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_sbuflen);
+	dprintf("au_cmpnt %p: read record %u bytes\n", au, new->ar_reclen);
 	netaudit_queue_record(au, new);
 }
 
 void
+netaudit_socket_listen(struct au_cmpnt *au)
+{
+	struct addrinfo *addrptr;
+	int flags;
+
+	addrptr = au->ac_ainfo;
+	au->ac_fd = socket(addrptr->ai_family, addrptr->ai_socktype,
+	    addrptr->ai_protocol);
+	if (au->ac_fd == -1)
+		err(1, "socket");
+	if (bind(au->ac_fd, addrptr->ai_addr, addrptr->ai_addrlen) == -1)
+		err(1, "bind");
+	if (listen(au->ac_fd, 16) == -1)
+		err(1, "listen");
+	if ((flags = fcntl(au->ac_fd, F_GETFL)) == -1)
+		exit(2);
+	flags |= O_NONBLOCK;
+	if (fcntl(au->ac_fd, F_SETFL, flags) == -1)
+		exit(2);
+}
+
+int
+netaudit_socket_read(struct au_cmpnt *au)
+{
+	return (0);
+}
+
+void
 usage()
 {
 	fputs("usage: netauditd [-dh] [-f path]\n", stderr);

==== //depot/projects/trustedbsd/netauditd/netauditd.conf#3 (text+ko) ====

@@ -1,8 +1,7 @@
-# $Id: netauditd.conf,v 1.3 2008/02/14 05:13:47 alm Exp $
+# netauditd configuration file
 
 src src0 pipe /dev/auditpipe
-#src src1 net 0.0.0.0 9999
+src src1 net 0.0.0.0 9999
 
-dst dst0 trail /tmp/src0/trail src0
-
+dst dst0 trail /tmp/src0/trail src1
 dst dst1 net 127.0.0.1 9999 src0

==== //depot/projects/trustedbsd/netauditd/netauditd.h#3 (text+ko) ====

@@ -37,9 +37,9 @@
 #define NETAUDIT_DST_NET		2
 
 struct au_recbuf {
-	void			*ar_sbuf;	/* Store buffer */
-	u_int32_t		ar_sbuflen;	/* Buffer data length */
-	u_int32_t		ar_refcount;
+	void		*ar_rec;
+	u_int32_t	ar_reclen;
+	u_int32_t	ar_refcount;
 };
 
 struct au_queue_ent {
@@ -48,18 +48,28 @@
 	TAILQ_ENTRY(au_queue_ent)	aq_glue;
 };
 
+struct au_srcbuffer {
+	struct au_cmpnt			*sb_parent;
+	int				sb_fd;
+	u_int32_t			sb_reclen;
+	u_char				*sb_rec;
+	u_char				sb_buf[8192];
+	u_char				sb_header[5];
+	TAILQ_ENTRY(au_srcbuffer)	sb_glue;
+};
+
 struct au_cmpnt {
-	char                            *ac_name;	/* Component name */
-	int                             ac_type;	/* Component type */
-	int                             ac_fd;		/* Component fd */
-	int				ac_established;
-	int				ac_remain;
-	char                            *ac_path;	/* Component path */
-	struct addrinfo			*ac_ainfo;
-	struct au_cmpnt                 **ac_consumers;	/* Consumer list */
-	unsigned int			ac_nconsumers;
-	TAILQ_HEAD(ac_oq, au_queue_ent)	ac_oq;		/* Output queue */
-	TAILQ_ENTRY(au_cmpnt)           ac_glue;
+	char					*ac_name;
+	int					ac_type;
+	int					ac_fd;
+	int					ac_established;
+	char					*ac_path;
+	struct addrinfo				*ac_ainfo;
+	struct au_cmpnt				**ac_consumers;
+	unsigned int				ac_nconsumers;
+	TAILQ_HEAD(ac_oq, au_queue_ent)		ac_oq;
+	TAILQ_HEAD(ac_sbufq, au_srcbuffer)	ac_sbufq;
+	TAILQ_ENTRY(au_cmpnt)        		ac_glue;
 };
 
 typedef struct _args_t {
@@ -76,8 +86,6 @@
 void		conf_parse(char *, int);
 int		conf_parse_src_pipe(args_t *);
 int		conf_parse_dst_trail(args_t *);
-int		conf_parse_dst_net(args_t *);
-int		conf_parse_src_net(args_t *);
 int		conf_parse_net(args_t *);
 args_t		*conf_parse_args(char *);
 void		conf_free_args(args_t *);
@@ -87,4 +95,6 @@
 void		netaudit_queue_record(struct au_cmpnt *, struct au_recbuf *);
 void		netaudit_pipe_read(struct au_cmpnt *);
 void		netaudit_run(void);
+void		netaudit_socket_listen(struct au_cmpnt *);
+int		netaudit_socket_read(struct au_cmpnt *);
 void		usage(void);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802180540.m1I5e96E051034>