Re: [PATCH] Audit filter rule operators (1/2)

This is the user space component of this patch. This patch basically modifies the manner in which the field/value pairs are split. Previously, the code simply split on "=" and flipped a bit if there was a "!" just before the "=". I had to make this a bit smarter, and I think I did it cleanly using strstr(). Each of the six operators (!=, >=, <=, =, >, <) are searched for in the string until one "hits". Note that the 2-character comparators are searched for first (for obvious reasons). When there's a hit, the comparator bytes are overwritten with the null byte to split the string, and the "f" and "v" (field and value, respectively) pointers are set appropriately, as well as the "op" variable, which is the bitmask of the corresponding comparator. This op bitmask is OR'd with the field and netlink goes about passing this information just as it previously did. Note that I also constructed the symbol translation table, which is useful to convert the operator bitmask constants back to their prettier symbols (for error reporting as below).

My only concern is that *f and *v were const before, but now I'm modifying them, overwriting the operator bytes. I suppose I could strdup() this and work on that. Let me know if that's preferred. Comments welcome. :-Dustin