Add a /proc/audit entry for debugging to instrument many audit subsystem
internal parameters not normally visible.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/skbuff.h | 16 ++++++++++++++++
kernel/audit.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 0 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index f54d665..bcde922 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -180,6 +180,7 @@ struct sk_buff_head {
__u32 qlen;
spinlock_t lock;
+ __u32 qlen_max;
};
struct sk_buff;
@@ -1301,6 +1302,11 @@ static inline __u32 skb_queue_len(const struct
sk_buff_head *list_)
return list_->qlen;
}
+static inline __u32 skb_queue_len_max(const struct sk_buff_head *list_)
+{
+ return list_->qlen_max;
+}
+
/**
* __skb_queue_head_init - initialize non-spinlock portions of sk_buff_head
* @list: queue to initialize
@@ -1354,6 +1360,8 @@ static inline void __skb_insert(struct sk_buff *newsk,
newsk->prev = prev;
next->prev = prev->next = newsk;
list->qlen++;
+ if(list->qlen > list->qlen_max)
+ list->qlen_max = list->qlen;
}
static inline void __skb_queue_splice(const struct sk_buff_head *list,
@@ -1381,6 +1389,8 @@ static inline void skb_queue_splice(const struct
sk_buff_head *list,
if (!skb_queue_empty(list)) {
__skb_queue_splice(list, (struct sk_buff *) head, head->next);
head->qlen += list->qlen;
+ if(head->qlen > head->qlen_max)
+ head->qlen_max = head->qlen;
}
}
@@ -1397,6 +1407,8 @@ static inline void skb_queue_splice_init(struct
sk_buff_head *list,
if (!skb_queue_empty(list)) {
__skb_queue_splice(list, (struct sk_buff *) head, head->next);
head->qlen += list->qlen;
+ if(head->qlen > head->qlen_max)
+ head->qlen_max = head->qlen;
__skb_queue_head_init(list);
}
}
@@ -1412,6 +1424,8 @@ static inline void skb_queue_splice_tail(const struct
sk_buff_head *list,
if (!skb_queue_empty(list)) {
__skb_queue_splice(list, head->prev, (struct sk_buff *) head);
head->qlen += list->qlen;
+ if(head->qlen > head->qlen_max)
+ head->qlen_max = head->qlen;
}
}
@@ -1429,6 +1443,8 @@ static inline void skb_queue_splice_tail_init(struct
sk_buff_head *list,
if (!skb_queue_empty(list)) {
__skb_queue_splice(list, head->prev, (struct sk_buff *) head);
head->qlen += list->qlen;
+ if(head->qlen > head->qlen_max)
+ head->qlen_max = head->qlen;
__skb_queue_head_init(list);
}
}
diff --git a/kernel/audit.c b/kernel/audit.c
index d4e19fc..82df9fd 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -124,6 +124,7 @@ u32 audit_sig_sid = 0;
4) suppressed due to audit_backlog_limit
*/
static atomic_t audit_lost = ATOMIC_INIT(0);
+static atomic_t audit_hold_lost = ATOMIC_INIT(0);
/* The netlink socket. */
static struct sock *audit_sock;
@@ -381,7 +382,10 @@ static void audit_hold_skb(struct sk_buff *skb)
skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit))
skb_queue_tail(&audit_skb_hold_queue, skb);
else
+ {
kfree_skb(skb);
+ atomic_inc(&audit_hold_lost);
+ }
}
/*
@@ -510,7 +514,10 @@ static void flush_hold_queue(void)
* dequeued an skb we need to drop ref
*/
if (skb)
+ {
consume_skb(skb);
+ atomic_inc(&audit_hold_lost);
+ }
}
static int kauditd_thread(void *dummy)
@@ -1174,6 +1181,45 @@ static struct pernet_operations audit_net_ops
__net_initdata = {
.size = sizeof(struct audit_net),
};
+/* Display information about audit subsystem */
+static int proc_auditstats_show(struct seq_file *m, void *v)
+{
+ //seq_printf(m, "audit_initialized\t%d\n", audit_initialized);
+ //seq_printf(m, "audit_enabled\t%u\n", audit_enabled);
+ //seq_printf(m, "audit_ever_enabled\t%u\n", audit_ever_enabled);
+ //seq_printf(m, "audit_default\t%u\n", audit_default);
+ //seq_printf(m, "audit_failure\t%u\n", audit_failure);
+ seq_printf(m, "audit_pid\t\t\t%d\n", audit_pid);
+ //seq_printf(m, "audit_nlk_portid\t%u\n", audit_nlk_portid);
+ //seq_printf(m, "audit_rate_limit\t%u\n", audit_rate_limit);
+ //seq_printf(m, "audit_backlog_limit\t%u\n", audit_backlog_limit);
+ //seq_printf(m, "audit_backlog_wait_time\t%u\n",
audit_backlog_wait_time);
+ //seq_printf(m, "audit_sig_uid\t%u\n", from_kuid(&init_user_ns,
audit_sig_uid));
+ //seq_printf(m, "audit_sig_pid\t%d\n", audit_sig_pid);
+ //seq_printf(m, "audit_sig_sid\t%u\n", audit_sig_sid);
+ seq_printf(m, "audit_lost\t\t\t%d\n", atomic_read(&audit_lost));
+ seq_printf(m, "audit_hold_lost\t\t\t%d\n",
atomic_read(&audit_hold_lost));
+ seq_printf(m, "audit_freelist_count\t\t%u\n", audit_freelist_count);
+ seq_printf(m, "audit_skb_queue len\t\t%d\n",
skb_queue_len(&audit_skb_queue));
+ seq_printf(m, "audit_skb_queue len_max\t\t%d\n",
skb_queue_len_max(&audit_skb_queue));
+ seq_printf(m, "audit_skb_hold_queue len\t%d\n",
skb_queue_len(&audit_skb_hold_queue));
+ seq_printf(m, "audit_skb_hold_queue len_max\t%d\n",
skb_queue_len_max(&audit_skb_hold_queue));
+
+ return 0;
+}
+
+static int auditstats_open(struct inode *inode, struct file *file)
+{
+ return single_open(file, proc_auditstats_show, NULL);
+}
+
+static const struct file_operations proc_auditstats_operations = {
+ .open = auditstats_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = single_release,
+};
+
/* Initialize audit support at boot time. */
static int __init audit_init(void)
{
@@ -1197,6 +1243,8 @@ static int __init audit_init(void)
for (i = 0; i < AUDIT_INODE_BUCKETS; i++)
INIT_LIST_HEAD(&audit_inode_hash[i]);
+ proc_create("audit", 0, NULL, &proc_auditstats_operations);
+
return 0;
}
__initcall(audit_init);
--
1.7.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
