PERFORCE change 93506 for review

Robert Watson rwatson at FreeBSD.org
Sat Mar 18 16:01:41 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=93506

Change 93506 by rwatson at rwatson_peppercorn on 2006/03/18 16:01:07

	Add ioctls to audit pipes in order to allow querying of the current
	record queue state, setting of the queue limit, and querying of pipe
	statistics.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#1 add
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#11 (text+ko) ====

@@ -48,6 +48,7 @@
 #include <sys/uio.h>
 
 #include <security/audit/audit.h>
+#include <security/audit/audit_ioctl.h>
 #include <security/audit/audit_private.h>
 
 /*
@@ -68,6 +69,7 @@
  * Audit pipe buffer parameters.
  */
 #define	AUDIT_PIPE_QLIMIT_DEFAULT	(32)
+#define	AUDIT_PIPE_QLIMIT_MIN		(0)
 #define	AUDIT_PIPE_QLIMIT_MAX		(1024)
 
 /*
@@ -379,8 +381,8 @@
 }
 
 /*
- * Audit pipe ioctl() routine.  Nothing for now, but eventually will allow
- * setting and retrieval of current queue depth, queue limit, flush, etc.
+ * Audit pipe ioctl() routine.  Handle file descriptor and audit pipe layer
+ * commands.
  *
  * Would be desirable to support filtering, although perhaps something simple
  * like an event mask, as opposed to something complicated like BPF.
@@ -433,6 +435,47 @@
 	case FIOGETOWN:
 		*(int *)data = fgetown(&ap->ap_sigio);
 		error = 0;
+		break;
+
+	case AUDITPIPE_GET_QLEN:
+		*(u_int *)data = ap->ap_qlen;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_QLIMIT:
+		*(u_int *)data = ap->ap_qlimit;
+		error = 0;
+		break;
+
+	case AUDITPIPE_SET_QLIMIT:
+		/* Lockless integer write. */
+		if (*(u_int *)data >= AUDIT_PIPE_QLIMIT_MIN ||
+		    *(u_int *)data <= AUDIT_PIPE_QLIMIT_MAX) {
+			ap->ap_qlimit = *(u_int *)data;
+			error = 0;
+		} else
+			error = EINVAL;
+		break;
+
+	case AUDITPIPE_GET_INSERTS:
+		*(u_int *)data = ap->ap_inserts;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_READS:
+		*(u_int *)data = ap->ap_reads;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_DROPS:
+		*(u_int *)data = ap->ap_drops;
+		error = 0;
+		break;
+
+	case AUDITPIPE_GET_TRUNCATES:
+		*(u_int *)data = ap->ap_truncates;
+		error = 0;
+		break;
 
 	default:
 		error = ENOTTY;

More information about the trustedbsd-cvs mailing list