aboutsummaryrefslogtreecommitdiff
path: root/sys/bsm
diff options
context:
space:
mode:
authorChristian S.J. Peron <csjp@FreeBSD.org>2008-11-11 21:57:03 +0000
committerChristian S.J. Peron <csjp@FreeBSD.org>2008-11-11 21:57:03 +0000
commitffbcef5a426cd6fb07d317b9d2fdb4c57b38eac2 (patch)
tree2ceb633e1416058aa83b2e9857eeac5b851912fd /sys/bsm
parent46da6c48696efda9f4690390189b54ab390f6dea (diff)
downloadsrc-ffbcef5a426cd6fb07d317b9d2fdb4c57b38eac2.tar.gz
src-ffbcef5a426cd6fb07d317b9d2fdb4c57b38eac2.zip
Add support for extended header BSM tokens. Currently we use the
regular header tokens. The extended header tokens contain an IP or IPv6 address which makes it possible to identify which host an audit record came from when audit records are centralized. If the host information has not been specified, the system will default to the old style headers. Otherwise, audit records that are created as a result of system calls will contain host information. This implemented has been designed to be consistent with the Solaris implementation. Host information is set/retrieved using the A_GETKAUDIT and A_SETKAUDIT auditon(2) commands. These commands require that a pointer to a auditinfo_addr_t object is passed. Currently only IP and IPv6 address families are supported. The users pace bits associated with this change will follow in an openbsm import. Reviewed by: rwatson, (sson, wsalamon (older version)) MFC after: 1 month
Notes
Notes: svn path=/head/; revision=184856
Diffstat (limited to 'sys/bsm')
-rw-r--r--sys/bsm/audit_internal.h2
-rw-r--r--sys/bsm/audit_record.h3
2 files changed, 5 insertions, 0 deletions
diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h
index 2c7a1ef65f0a..19bec4591874 100644
--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@@ -72,7 +72,9 @@ typedef struct au_record au_record_t;
* token structures may contain pointers of whose contents we do not know the
* size (e.g text tokens).
*/
+#define AUDIT_HEADER_EX_SIZE(a) ((a)->ai_termid.at_type+18+sizeof(u_int32_t))
#define AUDIT_HEADER_SIZE 18
+#define MAX_AUDIT_HEADER_SIZE (5*sizeof(u_int32_t)+18)
#define AUDIT_TRAILER_SIZE 7
/*
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index dd3ea299c4f1..4e269ea2f538 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -244,10 +244,13 @@ token_t *au_to_file(char *file, struct timeval tm);
token_t *au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm);
+token_t *au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+ struct timeval tm, struct auditinfo_addr *aia);
token_t *au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
struct timeval tm);
#if !defined(KERNEL) && !defined(_KERNEL)
token_t *au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t *au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
token_t *au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
#endif