/* * netsniff-ng - the packet sniffing beast * Copyright 2009, 2010, 2011, 2012 Daniel Borkmann. * Subject to the GPL, version 2. */ #include #include #include #include "built_in.h" #include "tprintf.h" #include "pkt_buff.h" #include "proto.h" #include "protos.h" #include "dissector.h" #include "dissector_eth.h" #include "dissector_80211.h" int dissector_set_print_type(void *ptr, int type) { struct protocol *proto; for (proto = ptr; proto; proto = proto->next) { switch (type) { case PRINT_NORM: proto->process = proto->print_full; break; case PRINT_LESS: proto->process = proto->print_less; break; default: proto->process = NULL; break; } } return 0; } static void dissector_main(struct pkt_buff *pkt, struct protocol *start, struct protocol *end) { struct protocol *proto; if (!start) return; for (pkt->proto = start; pkt->proto; ) { if (unlikely(!pkt->proto->process)) break; proto = pkt->proto; pkt->proto = NULL; proto->process(pkt); } if (end && likely(end->process)) end->process(pkt); } void dissector_entry_point(uint8_t *packet, size_t len, int linktype, int mode) { struct protocol *proto_start, *proto_end; struct pkt_buff *pkt; if (mode == PRINT_NONE) return; pkt = pkt_alloc(packet, len); switch (linktype) { case LINKTYPE_EN10MB: case ___constant_swab32(LINKTYPE_EN10MB): proto_start = dissector_get_ethernet_entry_point(); proto_end = dissector_get_ethernet_exit_point(); break; case LINKTYPE_IEEE802_11: case ___constant_swab32(LINKTYPE_IEEE802_11): proto_start = dissector_get_ieee80211_entry_point(); proto_end = dissector_get_ieee80211_exit_point(); break; default: proto_start = &none_ops; proto_end = NULL; break; }; dissector_main(pkt, proto_start, proto_end); switch (mode) { case PRINT_HEX: hex(pkt); break; case PRINT_ASCII: ascii(pkt); break; case PRINT_HEX_ASCII: hex_ascii(pkt); break; } tprintf_flush(); pkt_free(pkt); } void dissector_init_all(int fnttype) { dissector_init_ethernet(fnttype); dissector_init_ieee80211(fnttype); } void dissector_cleanup_all(void) { dissector_cleanup_ethernet(); dissector_cleanup_ieee80211(); } action='/cgit.cgi/linux/net-next.git/log/'>
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2016-11-29 16:53:25 -0500
committerPaul Moore <paul@paul-moore.com>2016-12-14 13:06:04 -0500
commitc6480207fdf7b61de216ee23e93eac0a6878fa74 (patch)
tree30f4f77634a5564c6a7adbd5d953ba9ffc207769
parentaf8b824f283de5acc9b9ae8dbb60e4adacff721b (diff)
audit: rework the audit queue handling
The audit record backlog queue has always been a bit of a mess, and the moving the multicast send into kauditd_thread() from audit_log_end() only makes things worse. This patch attempts to fix the backlog queue with a better design that should hold up better under load and have less of a performance impact at syscall invocation time. While it looks like there is a log going on in this patch, the main change is the move from a single backlog queue to three queues: * A queue for holding records generated from audit_log_end() that haven't been consumed by kauditd_thread() (audit_queue). * A queue for holding records that have been sent via multicast but had a temporary failure when sending via unicast and need a resend (audit_retry_queue). * A queue for holding records that haven't been sent via unicast because no one is listening (audit_hold_queue). Special care is taken in this patch to ensure that the proper record ordering is preserved, e.g. we send everything in the hold queue first, then the retry queue, and finally the main queue. Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat
-rw-r--r--kernel/audit.c347
1 files changed, 226 insertions, 121 deletions
diff --git a/kernel/audit.c b/kernel/audit.c