[PATCH 2/3] expand audit tmp buffer as needed
Steve Grubb
sgrubb at redhat.com
Fri May 6 20:03:15 UTC 2005
On Friday 06 May 2005 03:54, Chris Wright wrote:
> @@ -132,14 +132,11 @@ static DECLARE_MUTEX(audit_netlink_sem);
> * use simultaneously. */
> struct audit_buffer {
> struct list_head list;
> - struct sk_buff_head sklist; /* formatted skbs ready to send */
> + struct sk_buff *skb; /* formatted skb ready to send */
> struct audit_context *ctx; /* NULL or associated context */
> int len; /* used area of tmp */
> - char tmp[AUDIT_BUFSIZ];
> -
> - /* Pointer to header and contents */
> - struct nlmsghdr *nlh;
> - int total;
> + int size; /* size of tmp */
> + char *tmp;
> int type;
> int pid;
> };
I have a feeling this will impact all the parsers and the message type work
that I was just starting to do. The way I understand this patch, we will no
longer iterate in audit_log_drain spitting out separate messages for d_path
or anything else that gets added.
So what are we going to have for a separator between the audit context dump
and any supplemental information? Can you post a couple example records
(since we can't actually try out the netlink changes yet)?
I was planning to change audit_log_start to take a type parameter as well as
audit_log_format and put the type into the message.
-Steve
More information about the Linux-audit
mailing list