1 /*- 2 * Copyright (c) 2006 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * This software was developed by Robert Watson for the TrustedBSD Project. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #ifndef _BSM_AUDIT_FILTER_H_ 30 #define _BSM_AUDIT_FILTER_H_ 31 32 /* 33 * Module interface for audit filter modules. 34 * 35 * audit_filter_attach_t - filter module is being attached with arguments 36 * audit_filter_reinit_t - arguments to module have changed 37 * audit_filter_record_t - present parsed record to filter module, with 38 * receipt time 39 * audit_filter_rawrecord_t - present BSM format record to filter module, 40 * with receipt time 41 * audit_filter_destach_t - filter module is being detached 42 * 43 * There may be many instances of the same filter, identified by the instance 44 * void pointer maintained by the filter instance. 45 */ 46 typedef int (*audit_filter_attach_t)(void *instance, int argc, char *argv[]); 47 typedef int (*audit_filter_reinit_t)(void *instance, int argc, char *argv[]); 48 typedef void (*audit_filter_record_t)(void *instance, struct timespec *ts, 49 int token_count, const tokenstr_t tok[]); 50 typedef void (*audit_filter_rawrecord_t)(void *instance, struct timespec *ts, 51 void *data, u_int len); 52 typedef void (*audit_filter_detach_t)(void *instance); 53 54 /* 55 * APIs that may be called by audit filters. 56 */ 57 void audit_filter_getcookie(void *instance, void **cookie); 58 void audit_filter_setcookie(void *instance, void *cookie); 59 60 /* 61 * Values to be returned by audit_filter_init_t. 62 */ 63 #define AUDIT_FILTER_SUCCESS (0) 64 #define AUDIT_FILTER_FAILURE (-1) 65 66 /* 67 * Standard name for filter module initialization functions, which will be 68 * found using dlsym(). 69 */ 70 #define AUDIT_FILTER_ATTACH audit_filter_attach 71 #define AUDIT_FILTER_REINIT audit_filter_reinit 72 #define AUDIT_FILTER_RECORD audit_filter_record 73 #define AUDIT_FILTER_RAWRECORD audit_filter_rawrecord 74 #define AUDIT_FILTER_DETACH audit_filter_detach 75 #define AUDIT_FILTER_ATTACH_STRING "audit_filter_attach" 76 #define AUDIT_FILTER_REINIT_STRING "audit_filter_reinit" 77 #define AUDIT_FILTER_RECORD_STRING "audit_filter_record" 78 #define AUDIT_FILTER_RAWRECORD_STRING "audit_filter_rawrecord" 79 #define AUDIT_FILTER_DETACH_STRING "audit_filter_detach" 80 81 #endif /* !_BSM_AUDIT_FILTER_H_ */ 82