From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: get_field_str() and interpret_field() bug with multi-word fields
Date: Fri, 15 Aug 2008 10:10:49 -0400
Message-ID: <200808151010.49602.sgrubb@redhat.com>
References: <0E43BF2D7491F0468B56B1A5C493866B020DD0F1@SAT4MX07.RACKSPACE.CORP>
	<1218738325.29535.85.camel@moss-spartans.epoch.ncsc.mil>
	<87ba673d0808150658v7ce2f764s72b517c9dedfc4b6@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <87ba673d0808150658v7ce2f764s72b517c9dedfc4b6@mail.gmail.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: Bret Piatt <bret.piatt@rackspace.com>
List-Id: linux-audit@redhat.com

On Friday 15 August 2008 09:58:54 Matteo Michelini wrote:
> I'm working on a binary format for the linux-audit system as part of a
> university research project.

Big-endian/little-endian in aggregated logs? Will the kernel authors allow the 
encoder in the kernel? XDR was the only option we had last time. Versioning 
of structs? How do old user space tools work with new kernel that may change 
layout? Patents?

-Steve