Re: [PATCH 2/3] expand audit tmp buffer as needed

On Friday 06 May 2005 03:54, Chris Wright wrote: > @@ -132,14 +132,11 @@ static DECLARE_MUTEX(audit_netlink_sem); >   * use simultaneously. */ >  struct audit_buffer { >         struct list_head     list; > -       struct sk_buff_head  sklist;    /* formatted skbs ready to send */ > +       struct sk_buff       *skb;      /* formatted skb ready to send */ >         struct audit_context *ctx;      /* NULL or associated context */ >         int                  len;       /* used area of tmp */ > -       char                 tmp[AUDIT_BUFSIZ]; > - > -                               /* Pointer to header and contents */ > -       struct nlmsghdr      *nlh; > -       int                  total; > +       int                  size;      /* size of tmp */ > +       char                 *tmp;       >         int                  type; >         int                  pid; >  }; I have a feeling this will impact all the parsers and the message type work that I was just starting to do. The way I understand this patch, we will no longer iterate in audit_log_drain spitting out separate messages for d_path or anything else that gets added.

So what are we going to have for a separator between the audit context dump and any supplemental information? Can you post a couple example records (since we can't actually try out the netlink changes yet)?

I was planning to change audit_log_start to take a type parameter as well as audit_log_format and put the type into the message.