PERFORCE change 136109 for review

Sun Feb 24 17:53:12 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=136109

Change 136109 by csjp at ibm01 on 2008/02/24 17:52:51

	Check to see if the kernel supports AUDITPIPE_SET_BUFMODE, and if so
	use it.  Currently we are not setting any low watermarks

Affected files ...

.. //depot/projects/trustedbsd/netauditd/netauditd.c#7 edit

Differences ...

==== //depot/projects/trustedbsd/netauditd/netauditd.c#7 (text+ko) ====

@@ -25,13 +25,18 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
-
 #include <sys/types.h>
 #include <sys/queue.h>
 #include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/ioctl.h>
+
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <security/audit/audit_ioctl.h>
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -42,7 +47,7 @@
 #include <fcntl.h>
 #include <netdb.h>
 #include <signal.h>
-#include <bsm/libbsm.h>
+
 #include "netauditd.h"
 
 const struct conf_ent {
@@ -386,6 +391,9 @@
 	struct timeval tv;
 	struct au_cmpnt *au;
 	int ret;
+#ifdef AUDITPIPE_SET_BUFMODE
+	int opt;
+#endif
 
 	FD_ZERO(&srfds);
 	TAILQ_FOREACH(au, &au_srclist, ac_glue) {
@@ -394,6 +402,14 @@
 			au->ac_fd = open(au->ac_path, O_RDONLY);
 			if (au->ac_fd == -1)
 				err(1, "%s", au->ac_path);
+#ifdef AUDITPIPE_SET_BUFMODE
+			opt = AUDITPIPE_BUFMODE_BUFFERED;
+			if (ioctl(au->ac_fd, AUDITPIPE_SET_BUFMODE, &opt) < 0)
+				err(1, "AUDITPIPE_SET_BUFMODE");
+			/*
+			 * We should add support for low watermarks here.
+			 */
+#endif
 			break;
 		case NETAUDIT_SRC_NET:
 			netaudit_socket_listen(au);
@@ -422,6 +438,8 @@
 					case NETAUDIT_SRC_PIPE:
 						netaudit_pipe_read(au);
 						break;
+					case NETAUDIT_SRC_NET:
+						break;
 					default:
 						exit(2);
 					}
