Re: [PATCH 2/2] auvirt: Remove workaround for VM name searching
On 02/09/2012 11:35 AM, Steve Grubb wrote:
On Thursday, February 09, 2012 08:22:34 AM Marcelo Cerri wrote:
> Thanks for your explanation. I hadn't notice how escaped fields work.
>
> Regarding the search algorithm fix, sorry but it is not clear to me
> where you meant to say to add the type check and the escape. Did you
> mean inside the ausearch_add_item or in the function which is calling
> the ausearch_add_item function?
I think its best to put it inside the function so that app writers do not have
to think about it. They just pass a string and its fixed up. I was also thinking
about the alternative, which is to decode the fields during search and then
compare. But this would be slower because we decode every field value whether it
matches or not. So, we can just encode the item being searched for and then
compare raw values. I suppose the man page should clarify this for app writers
just in case.
Digging into auparse source code, I noticed there is an "interpreted"
version of ausearch_add_item (ausearch_add_interpreted_item). I could
get matches for the "vm" field using this function. Do you think that
it's still necessary to change ausearch_add_item?
> I'll submit a patch to libvirt instead and then update auvirt.
I wished I caught that sooner, too. As for auvirt, since you know vm is an
escaped field, you don't actually need to put the "if" statement to check
its
type. You can just call the interpret function unconditionally and use its
output.
Probably it'll also be necessary to add the "old-net" and
"new-net"
fields to the typetab.h file. If a field isn't in typetab.h, what type
is considered for it? Is it considered just a regular string?
Thanks,
-Steve