public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
From: Tyler Hicks <tyhicks@canonical.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
Subject: [PATCH 1/5] Move auditd listener reconfigure code into auditd-listen.c
Date: Wed,  1 Aug 2012 00:00:20 -0700	[thread overview]
Message-ID: <1343804424-3172-2-git-send-email-tyhicks@canonical.com> (raw)
In-Reply-To: <1343804424-3172-1-git-send-email-tyhicks@canonical.com>

This allows for easier build-time disabling of the listener-specific
code in auditd-event.c.
---
 src/auditd-event.c  |   23 ++---------------------
 src/auditd-listen.c |   28 +++++++++++++++++++++++++++-
 src/auditd-listen.h |    3 ++-
 3 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/src/auditd-event.c b/src/auditd-event.c
index b1b2f0a..acf5aa1 100644
--- a/src/auditd-event.c
+++ b/src/auditd-event.c
@@ -1177,27 +1177,8 @@ static void reconfigure(struct auditd_consumer_data *data)
 		}
 	}
 
-	/* Look at network things that do not need restarting */
-	if (oconf->tcp_client_min_port != nconf->tcp_client_min_port ||
-		    oconf->tcp_client_max_port != nconf->tcp_client_max_port ||
-		    oconf->tcp_max_per_addr != nconf->tcp_max_per_addr) {
-		oconf->tcp_client_min_port = nconf->tcp_client_min_port;
-		oconf->tcp_client_max_port = nconf->tcp_client_max_port;
-		oconf->tcp_max_per_addr = nconf->tcp_max_per_addr;
-		auditd_set_ports(oconf->tcp_client_min_port,
-				oconf->tcp_client_max_port,
-				oconf->tcp_max_per_addr);
-	}
-	if (oconf->tcp_client_max_idle != nconf->tcp_client_max_idle) {
-		oconf->tcp_client_max_idle = nconf->tcp_client_max_idle;
-		periodic_reconfigure();
-	}
-	if (oconf->tcp_listen_port != nconf->tcp_listen_port ||
-			oconf->tcp_listen_queue != nconf->tcp_listen_queue) {
-		oconf->tcp_listen_port = nconf->tcp_listen_port;
-		oconf->tcp_listen_queue = nconf->tcp_listen_queue;
-		// FIXME: need to restart the network stuff
-	}
+	// network listener
+	auditd_tcp_listen_reconfigure(nconf, oconf);
 	
 	/* At this point we will work on the items that are related to 
 	 * a single log file. */
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index 741c424..0caf324 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -866,7 +866,7 @@ static void auditd_tcp_listen_handler( struct ev_loop *loop,
 	send_audit_event(AUDIT_DAEMON_ACCEPT, emsg);
 }
 
-void auditd_set_ports(int minp, int maxp, int max_p_addr)
+static void auditd_set_ports(int minp, int maxp, int max_p_addr)
 {
 	min_port = minp;
 	max_port = maxp;
@@ -1009,3 +1009,29 @@ void auditd_tcp_listen_check_idle (struct ev_loop *loop )
 		free(ev);
 	}
 }
+
+void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
+				     struct daemon_conf *oconf )
+{
+	/* Look at network things that do not need restarting */
+	if (oconf->tcp_client_min_port != nconf->tcp_client_min_port ||
+		    oconf->tcp_client_max_port != nconf->tcp_client_max_port ||
+		    oconf->tcp_max_per_addr != nconf->tcp_max_per_addr) {
+		oconf->tcp_client_min_port = nconf->tcp_client_min_port;
+		oconf->tcp_client_max_port = nconf->tcp_client_max_port;
+		oconf->tcp_max_per_addr = nconf->tcp_max_per_addr;
+		auditd_set_ports(oconf->tcp_client_min_port,
+				oconf->tcp_client_max_port,
+				oconf->tcp_max_per_addr);
+	}
+	if (oconf->tcp_client_max_idle != nconf->tcp_client_max_idle) {
+		oconf->tcp_client_max_idle = nconf->tcp_client_max_idle;
+		periodic_reconfigure();
+	}
+	if (oconf->tcp_listen_port != nconf->tcp_listen_port ||
+			oconf->tcp_listen_queue != nconf->tcp_listen_queue) {
+		oconf->tcp_listen_port = nconf->tcp_listen_port;
+		oconf->tcp_listen_queue = nconf->tcp_listen_queue;
+		// FIXME: need to restart the network stuff
+	}
+}
diff --git a/src/auditd-listen.h b/src/auditd-listen.h
index 81e0ad3..440b6ab 100644
--- a/src/auditd-listen.h
+++ b/src/auditd-listen.h
@@ -25,9 +25,10 @@
 #define AUDITD_LISTEN_H
 
 #include "ev.h"
-void auditd_set_ports(int minp, int maxp, int max_p_addr);
 int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config );
 void auditd_tcp_listen_uninit ( struct ev_loop *loop );
 void auditd_tcp_listen_check_idle ( struct ev_loop *loop );
+void auditd_tcp_listen_reconfigure ( struct daemon_conf *nconf,
+				     struct daemon_conf *oconf );
 
 #endif
-- 
1.7.9.5

  reply	other threads:[~2012-08-01  7:00 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-01  7:00 [PATCH 0/5] Build time disabling of auditd network listener Tyler Hicks
2012-08-01  7:00 ` Tyler Hicks [this message]
2012-08-01  7:00 ` [PATCH 2/5] Store daemon config pointer in the periodic watcher's private data Tyler Hicks
2012-08-01  7:00 ` [PATCH 3/5] Move periodic watcher into auditd-listen.c Tyler Hicks
2012-08-01  7:00 ` [PATCH 4/5] Consolidate periodic handler code Tyler Hicks
2012-08-01  7:00 ` [PATCH 5/5] Conditionally build auditd network listener support Tyler Hicks
2012-09-10 18:39 ` [PATCH 0/5] Build time disabling of auditd network listener Tyler Hicks
2012-09-11 13:12   ` Steve Grubb
2012-09-11 17:10     ` Tyler Hicks
2012-10-26 17:09       ` Tyler Hicks
2012-10-26 17:14         ` Steve Grubb
2012-11-05 14:17 ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1343804424-3172-2-git-send-email-tyhicks@canonical.com \
    --to=tyhicks@canonical.com \
    --cc=linux-audit@redhat.com \
    --cc=sgrubb@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox