Re: audit_ftype_to_name?

On Tuesday, October 22, 2013 09:58:05 PM Stephen Quinney wrote: No, its all there. The lookup tables are performance critical. So, what happens is at compile time a program builds a b-tree and functions to access them based on the current name/value entries. It would be hard to maintain by hand. So, you'd need to compile the code to see the definition. The field type is sort of an internal classification scheme. It is available to help decide if you want the raw text or interpreted representation of the field. For example, you may be processing text and checking for the type to be AUPARSE_TYPE_ESCAPED in which case you need to call auparse_interpret_field rather than use the raw text. This is the whole purpose for allowing internal state information out of the parser. The audit_ftype_to_name() function is also sort of an internal function not meant for outside callers. What it does is lookup the _file_ type. Not exactly what you are looking for. There is no lookup table to go from the numeric internal representation to a text value of the internal representation. Its always been considered internal state that no one should be using beyond needing to know when they must ask for an interpretation of an encoded field. -Steve