diff options
| author |   Ashlee Young <ashlee@wildernessvoice.com> | 2015-11-29 08:22:13 -0800 |
|---|---|---|
| committer | Ashlee Young <ashlee@wildernessvoice.com> | 2015-11-29 08:22:13 -0800 |
| commit | df5afa4fcd9725380f94ca6476248d4cc24f889a (patch) | |
| tree | 65456f62397305febf7f40778c5a413a35d094ef /framework/src/audit/auparse/auparse-idata.h | |
| parent | 76f6bf922552c00546e6e85ca471eab28f56986c (diff) | |
v2.4.4 audit sources
Change-Id: I9315a7408817db51edf084fb4d27fbb492785084
Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
Diffstat (limited to 'framework/src/audit/auparse/auparse-idata.h')
| -rw-r--r-- | framework/src/audit/auparse/auparse-idata.h | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/framework/src/audit/auparse/auparse-idata.h b/framework/src/audit/auparse/auparse-idata.h new file mode 100644 index 00000000..d1995538 --- /dev/null +++ b/framework/src/audit/auparse/auparse-idata.h @@ -0,0 +1,49 @@ +/* +* idata.h - Header file for ausearch-lookup.c +* Copyright (c) 2013 Red Hat Inc., Durham, North Carolina. +* All Rights Reserved. +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU Lesser General Public +* License as published by the Free Software Foundation; either +* version 2.1 of the License, or (at your option) any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this library; if not, write to the Free Software +* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +* +* Authors: +* Steve Grubb <sgrubb@redhat.com> +*/ + +#ifndef IDATA_HEADER +#define IDATA_HEADER + +#include "config.h" +#include "dso.h" +#include "auparse-defs.h" + +typedef struct _idata { + unsigned int machine; // The machine type for the event + int syscall; // The syscall for the event + unsigned long long a0; // arg 0 to the syscall + unsigned long long a1; // arg 1 to the syscall + const char *name; // name of field being interpretted + const char *val; // value of field being interpretted +} idata; + +int auparse_interp_adjust_type(int rtype, const char *name, const char *val); +const char *auparse_do_interpretation(int type, const idata *id); +int set_escape_mode(auparse_esc_t mode); + +hidden_proto(auparse_interp_adjust_type) +hidden_proto(auparse_do_interpretation) +hidden_proto(set_escape_mode) + +#endif + |