-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix support of kernel < 3.0 #119
Conversation
💚 CLA has been signed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the audit_status struct in earliest kernel version supported by Go, 2.6.23, I would say the proposed minimum is correct. The feature bitmap was add later.
It's looks strange as I face unexpected EOF at I'll double check and found the following:
Please have a look: 2022/07/12 12:14:15 Expected size is: 36 func main () {
expectedSize := libaudit.MinSizeofAuditStatus
log.Printf("Expected size is: %d", expectedSize)
client, err := libaudit.NewMulticastAuditClient(nil)
if err != nil {
log.Fatalln(err)
}
status, err := client.GetStatus()
if err != nil {
log.Println(err)
}
log.Printf("status %+v", status)
buf := make([]byte, syscall.NLMSG_HDRLEN+libaudit.AuditMessageMaxLength)
netlink, _ := libaudit.NewNetlinkClient(syscall.NETLINK_AUDIT, 1, buf, nil)
flags := uint16(syscall.NLM_F_REQUEST)
msg := syscall.NetlinkMessage{
Header: syscall.NlMsghdr{
Type: libaudit.AuditGet,
Flags: flags | syscall.NLM_F_ACK,
},
Data: nil,
}
_, err = netlink.Send(msg)
if err != nil {
log.Printf("Can't send valid get status err: %v", err)
}
fd := GetNetlinkFd(netlink)
n, _, _, _, err := syscall.Recvmsg(fd, buf, nil, unix.MSG_PEEK)
log.Printf("Expected size of message %d", n)
newBuff := make([]byte, n)
_, _, _, _, err = syscall.Recvmsg(fd, newBuff, nil, 0)
replyStatus := &libaudit.AuditStatus{}
log.Printf("Recv buffer size %d", len(newBuff))
err = replyStatus.FromWireFormat(newBuff)
if err != nil {
log.Printf("Worng: %v", err)
}
data, _ := json.Marshal(replyStatus)
log.Printf("%s", data)
}
func GetNetlinkFd(client *libaudit.NetlinkClient) int {
fv := reflect.ValueOf(client).Elem().FieldByName("fd")
log.Printf("pointer number %d", fv.Int())
return int(fv.Int())
} Perhaps this situation happends because of MSG_DONTWAIT ? |
Can you please sign the CLA (https://www.elastic.co/contributor-agreement). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also add an entry to the CHANGELOG.md file.
Sure, I've already done it. |
Yep, I see your GH username in the CLA database, but the email in your commits does not match the one in the database. See the email in https://github.com/elastic/go-libaudit/pull/119.patch. |
Sorry my fault, looks I've use my work account instead of personal one, updated. |
/test |
Fix minimum `AuditStatus` length so that library can support kernels from 2.6.32.
Changed min auditStatus size to 32 bite as old kernel do have only the following fields: