2
* ausearch-lol.c - linked list of linked lists library
3
* Copyright (c) 2008 Red Hat Inc., Durham, North Carolina.
6
* This software may be freely redistributed and/or modified under the
7
* terms of the GNU General Public License as published by the Free
8
* Software Foundation; either version 2, or (at your option) any
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; see the file COPYING. If not, write to the
18
* Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21
* Steve Grubb <sgrubb@redhat.com>
24
#include "ausearch-lol.h"
29
#include "ausearch-common.h"
31
#define ARRAY_LIMIT 80
34
void lol_create(lol *lo)
36
int size = ARRAY_LIMIT * sizeof(lolnode);
39
lo->limit = ARRAY_LIMIT;
40
lo->array = (lolnode *)malloc(size);
41
memset(lo->array, 0, size);
44
void lol_clear(lol *lo)
48
for (i=0; i<=lo->maxi; i++) {
49
if (lo->array[i].status) {
50
list_clear(lo->array[i].l);
59
static void lol_append(lol *lo, llist *l)
64
for(i=0; i<lo->limit; i++) {
65
lolnode *cur = &lo->array[i];
66
if (cur->status == 0) {
74
// Overran the array...lets make it bigger
75
new_size = sizeof(lolnode) * (lo->limit + ARRAY_LIMIT);
76
ptr = realloc(lo->array, new_size);
79
memset(&lo->array[lo->limit], 0, sizeof(lolnode) * ARRAY_LIMIT);
81
lo->array[i].status = 1;
83
lo->limit += ARRAY_LIMIT;
87
static int str2event(char *s, event *e)
92
ptr = strchr(s+10, ':');
94
e->serial = strtoul(ptr+1, NULL, 10);
100
ptr = strchr(s, '.');
102
e->milli = strtoul(ptr+1, NULL, 10);
108
e->sec = strtoul(s, NULL, 10);
114
static int inline events_are_equal(event *e1, event *e2)
116
if (!(e1->serial == e2->serial && e1->milli == e2->milli &&
119
if (e1->node && e2->node) {
120
if (strcmp(e1->node, e2->node))
122
} else if (e1->node || e2->node)
128
* This function will look at the line and pick out pieces of it.
130
static void extract_timestamp(const char *b, event *e)
135
tmp = strndupa(b, 120);
136
ptr = strtok(tmp, " ");
138
// Check to see if this is the node info
140
e->node = strdup(ptr+5);
141
ptr = strtok(NULL, " ");
144
// at this point we have type=
145
e->type = audit_name_to_msg_type(ptr+5);
147
// Now should be pointing to msg=
148
ptr = strtok(NULL, " ");
153
ptr = strchr(ptr, '(');
155
// now we should be pointed at the timestamp
158
eptr = strchr(ptr, ')');
161
if (str2event(ptr, e)) {
163
"Error extracting time stamp (%s)\n",
167
// else we have a bad line
169
// else we have a bad line
171
// else we have a bad line
174
// This function will check events to see if they are complete
175
static void check_events(lol *lo, time_t sec)
179
for(i=0;i<=lo->maxi; i++) {
180
lolnode *cur = &lo->array[i];
181
if (cur->status == 1) {
182
// If 2 seconds have elapsed, we are done
183
if (cur->l->e.sec + 2 < sec) {
186
} else if (cur->l->e.type < AUDIT_FIRST_EVENT ||
187
cur->l->e.type >= AUDIT_FIRST_ANOM_MSG) {
188
// If known to be 1 record event, we are done
196
// This function adds a new record to an existing linked list
197
// or creates a new one if its a new event
198
int lol_add_record(lol *lo, char *buff)
206
ptr = strrchr(buff, 0x0a);
209
extract_timestamp(buff, &e);
211
// Short circuit if event is not of interest
212
if ((start_time && e.sec < start_time) ||
213
(end_time && e.sec > end_time)) {
214
free((char *)e.node);
217
n.message=strdup(buff);
221
// Now see where this belongs
222
for (i=0; i<=lo->maxi; i++) {
223
if (lo->array[i].status == 1) {
225
if (events_are_equal(&l->e, &e)) {
226
free((char *)e.node);
232
// Create new event and fill it in
233
l = malloc(sizeof(llist));
235
l->e.milli = e.milli;
237
l->e.serial = e.serial;
242
check_events(lo, e.sec);
246
// This function will mark all events as "done"
247
void terminate_all_events(lol *lo)
251
for (i=0; i<=lo->maxi; i++) {
252
lolnode *cur = &lo->array[i];
253
if (cur->status == 1) {
260
/* Search the list for any event that is ready to go. The caller
261
* takes custody of the memory */
262
llist* get_ready_event(lol *lo)
269
for (i=0; i<=lo->maxi; i++) {
270
lolnode *cur = &lo->array[i];
271
if (cur->status == 2) {