From owner-trustedbsd-cvs@FreeBSD.ORG  Tue Apr  4 13:59:43 2006
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2ABCE16A400
	for <trustedbsd-cvs@freebsd.org>; Tue,  4 Apr 2006 13:59:43 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3ED9E43D5D
	for <trustedbsd-cvs@freebsd.org>; Tue,  4 Apr 2006 13:59:28 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
	by cyrus.watson.org (Postfix) with ESMTP id 93E1F46CC1
	for <trustedbsd-cvs@trustedbsd.org>;
	Tue,  4 Apr 2006 09:59:27 -0400 (EDT)
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP id F24D162D2C;
	Tue,  4 Apr 2006 13:59:05 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id EAFC916A423; Tue,  4 Apr 2006 13:59:05 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AD57116A401
	for <perforce@freebsd.org>; Tue,  4 Apr 2006 13:59:05 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6093643D75
	for <perforce@freebsd.org>; Tue,  4 Apr 2006 13:59:03 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k34Dx3jr056667
	for <perforce@freebsd.org>; Tue, 4 Apr 2006 13:59:03 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k34Dx3X0056664
	for perforce@freebsd.org; Tue, 4 Apr 2006 13:59:03 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 4 Apr 2006 13:59:03 GMT
Message-Id: <200604041359.k34Dx3X0056664@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 94601 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2006 13:59:43 -0000

http://perforce.freebsd.org/chv.cgi?CH=94601

Change 94601 by rwatson@rwatson_zoo on 2006/04/04 13:58:04

	Teach auditfilterd to parse BSM records and pass pre-parsed tokens
	as an array to registered filters, allowing us to avoid the cost of
	parsing the same BSM multiple times when multiple filters are
	registered.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#5 (text+ko) ====

@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditfilterd/auditfilterd.c#5 $
  */
 
 #include <sys/types.h>
@@ -42,6 +42,7 @@
 #include <bsm/audit_filter.h>
 
 #include <err.h>
+#include <fcntl.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -49,8 +50,17 @@
 
 #include "auditfilterd.h"
 
+/*
+ * Global list of registered filters.
+ */
 struct auditfilter_module_list	filter_list;
-int debug, reread_config, quit;
+
+/*
+ * Configuration and signal->main flags.
+ */
+int	debug;		/* Debugging mode requested, don't detach. */
+int	reread_config;	/* SIGHUP has been received. */
+int	quit;		/* SIGQUIT/TERM/INT has been received. */
 
 static void
 usage(void)
@@ -89,6 +99,9 @@
 	}
 }
 
+/*
+ * Present raw BSM to a set of registered and interested filters.
+ */
 static void
 present_bsmrecord(struct timespec *ts, u_char *data, u_int len)
 {
@@ -100,25 +113,39 @@
 	}
 }
 
+/*
+ * Parse the BSM into a set of tokens, which will be pased to registered
+ * and interested filters.
+ */
+#define	MAX_TOKENS	128	/* Maximum tokens we handle per record. */
 static void
 present_tokens(struct timespec *ts, u_char *data, u_int len)
 {
 	struct auditfilter_module *am;
+	tokenstr_t tokens[MAX_TOKENS];
 	u_int bytesread;
-	tokenstr_t tok;
+	int tokencount;
 
+	tokencount = 0;
 	while (bytesread < len) {
-		if (au_fetch_tok(&tok, data + bytesread, len - bytesread)
-		    == -1)
+		if (au_fetch_tok(&tokens[tokencount], data + bytesread,
+		    len - bytesread) == -1)
 			break;
-		bytesread += tok.len;
+		bytesread += tokens[tokencount].len;
+		tokencount++;
 	}
+
 	TAILQ_FOREACH(am, &filter_list, am_list) {
 		if (am->am_record != NULL)
-			(am->am_record)(am->am_instance, ts, 0, NULL);
+			(am->am_record)(am->am_instance, ts, tokencount,
+			    tokens);
 	}
 }
 
+/*
+ * The main loop spins pulling records out of the record source and passing
+ * them to modules for processing.
+ */
 static void
 mainloop(const char *conffile, const char *trailfile, FILE *trail_fp)
 {
@@ -172,10 +199,8 @@
 int
 main(int argc, char *argv[])
 {
-	const char *trailfile;
-	const char *conffile;
-	FILE *trail_fp;
-	FILE *conf_fp;
+	const char *trailfile, *conffile;
+	FILE *trail_fp, *conf_fp;
 	int ch;
 
 	conffile = AUDITFILTERD_CONFFILE;