Re: [PATCH 2/2] auvirt: Remove workaround for VM name searching

On 02/09/2012 11:35 AM, Steve Grubb wrote: > On Thursday, February 09, 2012 08:22:34 AM Marcelo Cerri wrote: >> Thanks for your explanation. I hadn't notice how escaped fields work. >> >> Regarding the search algorithm fix, sorry but it is not clear to me >> where you meant to say to add the type check and the escape. Did you >> mean inside the ausearch_add_item or in the function which is calling >> the ausearch_add_item function? > > I think its best to put it inside the function so that app writers do not > have to think about it. They just pass a string and its fixed up. I was > also thinking about the alternative, which is to decode the fields > during search and then compare. But this would be slower because we > decode every field value whether it matches or not. So, we can just > encode the item being searched for and then compare raw values. I > suppose the man page should clarify this for app writers just in case. Digging into auparse source code, I noticed there is an "interpreted" version of ausearch_add_item (ausearch_add_interpreted_item). I could get matches for the "vm" field using this function.

Do you think that it's still necessary to change ausearch_add_item?

>> I'll submit a patch to libvirt instead and then update auvirt. > > I wished I caught that sooner, too. As for auvirt, since you know vm is > an escaped field, you don't actually need to put the "if" statement to > check its type. You can just call the interpret function unconditionally > and use its output. Probably it'll also be necessary to add the "old-net" and "new-net" fields to the typetab.h file.

If a field isn't in typetab.h, what type is considered for it? Is it considered just a regular string?