Re: Refactoring src/ausearch-report.c:output_interpreted_node()

Steve, In lib/lookup_table.c:audit_name_to_msg_type(), the event type value is parsed and converted to an integer as per, Given type=<type_value> then <type_value> is parsed for - a known string - a long integer number, n, found in the specific string "UNKNOWN[n]" - a long integer number, n, found in the specific string "n" In src/ausearch-report.c:output_interpreted_node() it additionally parses for a <type_value> of - a long integer number, n, found in the string "[^\[]*[n].*" i.e. type=something[n]something_else Is there any reason against adding this additional parsing into lib/lookup_table.c:audit_name_to_msg_type()? If we can, then output_interpreted_node() can be re-factored so we are not parsing the same data twice for every event. I am uncertain what effect of accepting this additional format would have when adding rules to the running audit system - i.e. audit_name_to_msg_type() is called by autrace/auditctl when parsing rules (ie the msgtype field name). Regards Burn -- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit