PERFORCE change 146175 for review

[Diego Giagio]

http://perforce.freebsd.org/chv.cgi?CH=146175

Change 146175 by diego at diego_black on 2008/07/29 01:55:16

	Add support for connection events.

Affected files ...

.. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_kevents.h#5 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#4 edit

Differences ...

==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_kevents.h#5 (text) ====

@@ -556,6 +556,8 @@
 #define	AUE_PFIL_POLICY_ADDTABLE	43158	/* FreeBSD. */
 #define	AUE_PFIL_POLICY_DELTABLE	43159	/* FreeBSD. */
 #define	AUE_PFIL_POLICY_FLUSHTABLE	43160	/* FreeBSD. */
+#define	AUE_PFIL_FLOW_BEGIN	43161	/* FreeBSD. */
+#define	AUE_PFIL_FLOW_END	43162	/* FreeBSD. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the

==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#4 (text) ====

@@ -1427,6 +1427,37 @@
 		}
 		break;
 
+	case AUE_PFIL_FLOW_BEGIN:
+	case AUE_PFIL_FLOW_END:
+		if (ARG_IS_VALID(kar, ARG_TEXT)) {
+			tok = au_to_text(ar->ar_arg_text);
+			kau_write(rec, tok);
+		}
+		if (ARG_IS_VALID(kar, ARG_SOCKCONN)) {
+			struct sockaddr *laddr;
+			struct sockaddr *raddr;
+
+			laddr = (struct sockaddr*)&ar->ar_arg_sockconn.sc_laddr;
+			raddr = (struct sockaddr*)&ar->ar_arg_sockconn.sc_raddr;
+
+			if (ar->ar_arg_sockconn.sc_domain == PF_INET) {
+				tok = au_to_socket_ex_32(
+				    ar->ar_arg_sockconn.sc_domain,
+				    ar->ar_arg_sockconn.sc_type,
+				    ar->ar_arg_sockconn.sc_lport,
+				    ar->ar_arg_sockconn.sc_rport,
+				    laddr, raddr);
+			} else {
+				tok = au_to_socket_ex_128(
+				    ar->ar_arg_sockconn.sc_domain,
+				    ar->ar_arg_sockconn.sc_type,
+				    ar->ar_arg_sockconn.sc_lport,
+				    ar->ar_arg_sockconn.sc_rport,
+				    laddr, raddr);
+			}
+			kau_write(rec, tok);
+		}
+
 	case AUE_NULL:
 	default:
 		printf("BSM conversion requested for unknown event %d\n",