函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-27 12:26:14
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:audit_receive_msg

函数原型:static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)

返回类型:int

参数:

类型参数名称
struct sk_buff *skb
struct nlmsghdr *nlh
1178  msg_type等于 Message content
1180  char * ctx = NULL
1183  err等于Check for appropriate CAP_AUDIT_ capabilities on incoming audit* control messages.
1184  如果err则返回:err
1187  seq等于 Sequence number
1188  data等于消息有效载荷
1189  data_len等于消息有效载荷长度
1192  :msg_type恒等于Get status
1194  memset( & s, 0, s的长度)
1195  1 = enabled, 0 = disabled 等于audit_enabled
1196  Failure-to-log action 等于If auditing cannot proceed, audit_failure selects what happens.
1199  pid of auditd process 等于auditd_pid_vnr - Return the auditd PID relative to the namespace* Description:* Returns the PID in relation to the namespace, 0 on failure.
1200  messages rate limit (per second) 等于If audit_rate_limit is non-zero, limit the rate of sending audit records* to that number per second. This prevents DoS attacks, but results in* audit records being dropped.
1201  waiting messages limit 等于Number of outstanding audit_buffers allowed.* When set to zero, this means unlimited.
1202  messages lost 等于atomic_read( & Records can be lost in several ways:0) [suppressed in audit_alloc]1) out of memory in audit_log_start [kmalloc of struct audit_buffer]2) out of memory in audit_log_move [alloc_skb]3) suppressed due to audit_rate_limit4) suppressed due to )
1203  messages waiting in queue 等于取队列长度
1204  bitmap of kernel audit features 等于AUDIT_FEATURE_BITMAP_ALL
1205  message queue wait timeout 等于audit_backlog_wait_time
1206  audit_send_reply - send an audit reply message via netlink*@request_skb: skb of request we are replying to (used to target the reply)*@seq: sequence number*@type: audit message type*@done: done (last) flag*@multi: multi-part message flag*@payload: payload
1207  退出
1209  :msg_type恒等于Set status (enable/disable/auditd)
1211  memset( & s, 0, s的长度)
1213  内存复制( & s, data, min_t - return minimum of two values, using the specified type*@type: data type to use*@x: first value*@y: second value(size_t, s的长度, data_len))
1214  如果 Bit mask for valid entries 按位与Mask values
1216  如果err小于0则返回:err
1221  如果err小于0则返回:err
1237  如果new_pidnew_pid不等于pid_vnr(req_pid)则返回:负EINVAL
1244  如果auditd_pid
1246  如果new_pid
1247  audit_log_config_change("audit_pid", new_pid, auditd_pid, 0)
1249  返回:负EEXIST
1252  如果pid_vnr(req_pid)不等于auditd_pid
1253  audit_log_config_change("audit_pid", new_pid, auditd_pid, 0)
1255  返回:负EACCES
1259  如果new_pid
1274  否则
1286  如果err小于0则返回:err
1291  如果err小于0则返回:err
1295  如果s的长度大于 Length of message including header 则返回:负EINVAL
1297  如果 message queue wait timeout 大于10乘AUDIT_BACKLOG_WAIT_TIME则返回:负EINVAL
1300  如果err小于0则返回:err
1306  audit_log_config_change("lost", 0, lost, 1)
1307  返回:lost
1309  退出
1311  :msg_type恒等于Get which features are enabled
1312  err等于audit_get_feature(skb)
1313  如果err则返回:err
1315  退出
1316  :msg_type恒等于Turn an audit feature on or off
1317  如果data_len小于sizeof(structaudit_features)则返回:负EINVAL
1319  err等于audit_set_feature(data)
1320  如果err则返回:err
1322  退出
1323  :msg_type恒等于Message from userspace -- deprecated
1324  :msg_type == Userspace messages mostly uninteresting to kernel ...AUDIT_LAST_USER_MSG
1325  :msg_type == More user space messages ...AUDIT_LAST_USER_MSG2
1326  如果非audit_enabledmsg_type不等于We filter this differently 则返回:0
1329  err等于audit_filter(msg_type, Apply rule to user-generated messages )
1330  如果err恒等于1则
1331  str等于data
1333  err等于0
1334  如果msg_type恒等于Non-ICANON TTY input meaning
1335  err等于tty_audit_push()
1336  如果err退出
1340  如果msg_type不等于Non-ICANON TTY input meaning
1342  str[data_len - 1]等于'\0'
1346  否则
1354  退出
1355  :msg_type恒等于Add syscall filtering rule
1356  :msg_type恒等于Delete syscall filtering rule
1357  如果data_len小于sizeof(structaudit_rule_data)则返回:负EINVAL
1359  如果audit_enabled恒等于AUDIT_LOCKED
1367  返回:负EPERM
1369  err等于Private API (for audit.c only)
1370  退出
1371  :msg_type恒等于List syscall filtering rules
1372  err等于audit_list_rules_send - list the audit rules*@request_skb: skb of request we are replying to (used to target the reply)*@seq: netlink audit message sequence (serial) number
1373  退出
1374  :msg_type恒等于Trim junk from watched tree
1375  audit_trim_trees()
1376  audit_log_common_recv_msg(audit_context(), & ab, Audit system configuration change )
1378  写入审计信息
1379  发送审计信息,并释放缓冲区
1380  退出
1381  :msg_type恒等于Append to watched tree
1382  bufp等于data
1384  msglen等于data_len
1387  err等于负EINVAL
1388  如果msglen小于2乘sizeof(u32)则退出
1390  内存复制(sizes, bufp, 2 * sizeof(u32))
1391  bufp加等于2乘sizeof(u32)
1392  msglen减等于2乘sizeof(u32)
1393  old等于audit_unpack_string( & bufp, & msglen, sizes[0])
1394  如果是错误
1395  err等于错误
1396  退出
1398  new等于audit_unpack_string( & bufp, & msglen, sizes[1])
1399  如果是错误
1400  err等于错误
1401  kfree(old)
1402  退出
1405  err等于audit_tag_tree(old, new)
1407  audit_log_common_recv_msg(audit_context(), & ab, Audit system configuration change )
1409  写入审计信息
1410  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
1411  写入审计信息
1412  audit_log_untrustedstring - log a string that may contain random characters*@ab: audit_buffer*@string: string to be logged* Same as audit_log_n_untrustedstring(), except that strlen is used to* determine string length.
1413  写入审计信息
1414  发送审计信息,并释放缓冲区
1415  kfree(old)
1416  kfree(new)
1417  退出
1419  :msg_type恒等于Get info about sender of signal to auditd
1420  len等于0
1421  如果audit_sig_sid
1423  如果err则返回:err
1426  sig_data等于开辟内存
1427  如果非sig_data
1430  返回:负ENOMEM
1432  uid等于m_kuid - Create a uid from a kuid user-namespace pair.*@targ: The user namespace we want a uid in.*@kuid: The kernel internal uid to start with.* Map @kuid into the user-namespace specified by @targ and* return the resulting uid.
1433  pid等于audit_sig_pid
1434  如果audit_sig_sid
1435  内存复制(ctx, ctx, len)
1438  audit_send_reply - send an audit reply message via netlink*@request_skb: skb of request we are replying to (used to target the reply)*@seq: sequence number*@type: audit message type*@done: done (last) flag*@multi: multi-part message flag*@payload: payload
1440  kfree(sig_data)
1441  退出
1442  :msg_type恒等于Get TTY auditing status
1446  t等于READ_ONCE(audit_tty)
1447  1 = enabled, 0 = disabled 等于t按位与 values for ->signal->audit_tty
1448  1 = enabled, 0 = disabled 等于非非t按位与AUDIT_TTY_LOG_PASSWD的值
1450  audit_send_reply - send an audit reply message via netlink*@request_skb: skb of request we are replying to (used to target the reply)*@seq: sequence number*@type: audit message type*@done: done (last) flag*@multi: multi-part message flag*@payload: payload
1451  退出
1453  :msg_type恒等于Set TTY auditing status
1458  memset( & s, 0, s的长度)
1460  内存复制( & s, data, min_t - return minimum of two values, using the specified type*@type: data type to use*@x: first value*@y: second value(size_t, s的长度, data_len))
1462  如果 1 = enabled, 0 = disabled 不等于0且 1 = enabled, 0 = disabled 不等于1或 1 = enabled, 0 = disabled 不等于0且 1 = enabled, 0 = disabled 不等于1则err等于负EINVAL
1466  如果errt等于READ_ONCE(audit_tty)
1468  否则
1470  t等于xchg( & audit_tty, t)
1472  1 = enabled, 0 = disabled 等于t按位与 values for ->signal->audit_tty
1473  1 = enabled, 0 = disabled 等于非非t按位与AUDIT_TTY_LOG_PASSWD的值
1475  audit_log_common_recv_msg(audit_context(), & ab, Audit system configuration change )
1477  写入审计信息
1481  发送审计信息,并释放缓冲区
1482  退出
1484  默认
1485  err等于负EINVAL
1486  退出
1489  返回:如果err小于0则err否则0
调用者
名称描述
audit_receiveaudit_receive - receive messages from a netlink control socket*@skb: the message buffer* Parse the provided skb and deal with any messages that may be present,* malformed skbs are discarded.