[Apparmor-dev] [RFR] libapparmori/logparser: reverse map ip protocols to names

Steve Beattie steve at nxnw.org
Sun Nov 11 22:20:56 MST 2007 

This patch modifies the logparsing portion of libapparmor to reverse map
ip protocol numbers to their names (e.g. 6 -> "tcp").
---
 changehat/libapparmor/configure.in                        |    1 
 changehat/libapparmor/src/Makefile.am                     |    7 ++
 changehat/libapparmor/src/grammar.y                       |    5 --
 changehat/libapparmor/src/libaalogparse.c                 |   34 ++++++++++++++
 changehat/libapparmor/src/parser.h                        |    1 
 changehat/libapparmor/src/tst_aalogmisc.c                 |    7 ++
 changehat/libapparmor/testsuite/test_multi/testcase24.out |    2 
 changehat/libapparmor/testsuite/test_multi/testcase33.in  |    1 
 changehat/libapparmor/testsuite/test_multi/testcase33.out |   12 ++++
 9 files changed, 63 insertions(+), 7 deletions(-)

Index: b/changehat/libapparmor/configure.in
===================================================================
--- a/changehat/libapparmor/configure.in
+++ b/changehat/libapparmor/configure.in
@@ -4,6 +4,7 @@ AM_INIT_AUTOMAKE(libapparmor1, 2.2)
 
 AM_PROG_LEX
 AC_PROG_YACC
+AC_PROG_SED
 
 AC_PATH_PROG([SWIG], [swig])
 
Index: b/changehat/libapparmor/src/Makefile.am
===================================================================
--- a/changehat/libapparmor/src/Makefile.am
+++ b/changehat/libapparmor/src/Makefile.am
@@ -1,6 +1,6 @@
 INCLUDES = $(all_includes)
 
-BUILT_SOURCES = grammar.h scanner.h
+BUILT_SOURCES = grammar.h scanner.h af_protos.h
 AM_LFLAGS = -v
 AM_YFLAGS = -d -p aalogparse_
 AM_CFLAGS = @CFLAGS@ -D_GNU_SOURCE -Wall
@@ -9,6 +9,9 @@ scanner.h: scanner.l
 
 scanner.c: scanner.l
 
+af_protos.h: /usr/include/netinet/in.h
+	 LC_ALL=C  sed  -n -e "/IPPROTO_MAX/d"  -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@
+
 changehatdir = $(includedir)/sys
 changehat_HEADERS = apparmor.h
 
@@ -16,7 +19,7 @@ aalogparsedir = $(includedir)/aalogparse
 aalogparse_HEADERS = aalogparse.h
 
 lib_LTLIBRARIES = libapparmor.la libimmunix.la
-noinst_HEADERS = grammar.h parser.h scanner.h
+noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
 
 libapparmor_la_SOURCES = grammar.y libaalogparse.c change_hat.c scanner.c
 libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic \
Index: b/changehat/libapparmor/src/libaalogparse.c
===================================================================
--- a/changehat/libapparmor/src/libaalogparse.c
+++ b/changehat/libapparmor/src/libaalogparse.c
@@ -31,6 +31,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
+#include <netinet/in.h>
 #include "aalogparse.h"
 #include "parser.h"
 
@@ -137,3 +138,36 @@ char *hex_to_string(char *hexstring)
 out:
 	return ret;
 }
+
+struct ipproto_pairs {
+	unsigned int protocol;
+	char *protocol_name;
+};
+
+#define AA_GEN_PROTO_ENT(name, IP) {name, IP},
+
+static struct ipproto_pairs ipproto_mappings[] = {
+#include "af_protos.h"
+	/* terminate */
+	{0, NULL}
+};
+
+/* convert an ip protocol number to a string */
+char *ipproto_to_string(unsigned int proto)
+{
+	char *ret = NULL;
+	struct ipproto_pairs *current = ipproto_mappings;
+
+	while (current->protocol != proto && current->protocol_name != NULL) {
+		current++;
+	}
+
+	if (current->protocol_name) {
+		ret = strdup(current->protocol_name);
+	} else {
+		asprintf(&ret, "unknown(%u)", proto);
+	}
+
+	return ret;
+}
+
Index: b/changehat/libapparmor/src/grammar.y
===================================================================
--- a/changehat/libapparmor/src/grammar.y
+++ b/changehat/libapparmor/src/grammar.y
@@ -405,10 +405,7 @@ safe_string: TOK_QUOTED_STRING
 protocol: TOK_QUOTED_STRING
 	| TOK_DIGITS
 	{ /* FIXME: this should probably convert back to a string proto name */
-	  char *ret = NULL;
-	  if (asprintf(&ret, "%ld", $1) < 0)
-	  	yyerror(NULL, "Unable to allocate protocol string");
-	  $$ = ret;
+	  $$ = ipproto_to_string($1);
 	}
 	;
 %%
Index: b/changehat/libapparmor/src/tst_aalogmisc.c
===================================================================
--- a/changehat/libapparmor/src/tst_aalogmisc.c
+++ b/changehat/libapparmor/src/tst_aalogmisc.c
@@ -16,6 +16,7 @@ int main(void)
 	int rc = 0;
 	char *retstr = NULL;
 
+	/* hex_to_string() tests */
 	retstr = hex_to_string(NULL);
 	MY_TEST(!retstr, "basic NULL test");
 
@@ -29,6 +30,12 @@ int main(void)
 	retstr = hex_to_string("");
 	MY_TEST(strcmp(retstr, "") == 0, "empty string");
 
+	/* ipproto_to_string() tests */
+	retstr = ipproto_to_string((unsigned) 99999);
+	MY_TEST(strcmp(retstr, "unknown(99999)") == 0, "invalid protocol test");
+
+	retstr = ipproto_to_string((unsigned) 6);
+	MY_TEST(strcmp(retstr, "tcp") == 0, "protocol=tcp");
 	return rc;
 }
 
Index: b/changehat/libapparmor/src/parser.h
===================================================================
--- a/changehat/libapparmor/src/parser.h
+++ b/changehat/libapparmor/src/parser.h
@@ -22,6 +22,7 @@
 extern void _init_log_record(aa_log_record *record);
 extern aa_log_record *_parse_yacc(char *str);
 extern char *hex_to_string(char *str);
+extern char *ipproto_to_string(unsigned int proto);
 
 /* FIXME: this ought to be pulled from <linux/audit.h> but there's no
  * guarantee these will exist there. */
Index: b/changehat/libapparmor/testsuite/test_multi/testcase24.out
===================================================================
--- a/changehat/libapparmor/testsuite/test_multi/testcase24.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase24.out
@@ -7,6 +7,6 @@ Profile: /home/steve/aa-regression-tests
 PID: 16196
 Network family: packet
 Socket type: raw
-Protocol: 768
+Protocol: unknown(768)
 Epoch: 1190503205
 Audit subid: 27088
Index: b/changehat/libapparmor/testsuite/test_multi/testcase33.in
===================================================================
--- /dev/null
+++ b/changehat/libapparmor/testsuite/test_multi/testcase33.in
@@ -0,0 +1 @@
+type=APPARMOR_DENIED msg=audit(1190503205.837:27088):  type=1503 operation="socket_create" family="packet" sock_type="raw" protocol=6 pid=16196 profile="/home/steve/aa-regression-tests/changehat_wrapper//net_raw"
Index: b/changehat/libapparmor/testsuite/test_multi/testcase33.out
===================================================================
--- /dev/null
+++ b/changehat/libapparmor/testsuite/test_multi/testcase33.out
@@ -0,0 +1,12 @@
+START
+File: test_multi/testcase33.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1190503205.837:27088
+Operation: socket_create
+Profile: /home/steve/aa-regression-tests/changehat_wrapper//net_raw
+PID: 16196
+Network family: packet
+Socket type: raw
+Protocol: tcp
+Epoch: 1190503205
+Audit subid: 27088

-- 
Steve Beattie
<steve at nxnw.org>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20071111/5e656f07/attachment.pgp

More information about the Apparmor-dev mailing list