Re: get_field_str() and interpret_field() bug with multi-word fields
2008/8/15, Steve Grubb <sgrubb(a)redhat.com>:
On Friday 15 August 2008 09:58:54 Matteo Michelini wrote:
> I'm working on a binary format for the linux-audit system as part of a
> university research project.
Big-endian/little-endian in aggregated logs? Will the kernel authors allow
the
encoder in the kernel? XDR was the only option we had last time. Versioning
of structs? How do old user space tools work with new kernel that may change
layout? Patents?
I must design and implement something that is really close to the
FreeBSD BSM implementation, because in userspace we have a tool (an
IDS) that works with BSM trails format only.
I'm designing the patch with the big-endian encoding format.
My idea is only to add this capability to the existing text-based format.
The FreeBSD BSM implementation is BSD License..
-Steve
--
Matteo Michelini (Milan - Italy)
http://www.michelini.co.uk
Linux registered user: #332873