Fix status message parsing on different kernels #12

vthib · 2023-07-21T09:14:03Z

First of all, thanks for this crate! I've been testing it in different environments and came upon an issue on older kernel versions. The StatusMessage has different length and fields depending on the kernel version, and it failed to parse correctly on centos7 for example, because of a received payload that was too short.

This PR does two things:

it fixes the parsing on older kernel versions. I've looked at a 2.6.32 one and up to a 6.4.3 one
it adds a new field added since the 5.9 kernel

audit_status struct on a 2.6.32 (centos6):

audit_status struct on a 6.4.3 (arch):

The status message has evolved, with fields being added in subsequent kernel versions. The parsing of this message excepts a recent version of it, making it fail to parse on older kernels. This is fixed by putting the newer fields behind an option. On parsing, those are set only if the received status payload is big enough.

This is a rather new field, seemingly present since the 5.9 kernel.

vthib · 2023-09-19T11:05:31Z

@cathay4t Can you take a look at the 3 PRs I submitted when you can?

vthib added 2 commits July 21, 2023 11:52

feat: add backlog_wait_time_actual in status message

ac6e4ce

This is a rather new field, seemingly present since the 5.9 kernel.

vthib force-pushed the fix-status-message-different-kernels branch from b64763a to ac6e4ce Compare July 21, 2023 09:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix status message parsing on different kernels #12

Fix status message parsing on different kernels #12

vthib commented Jul 21, 2023

vthib commented Sep 19, 2023

Fix status message parsing on different kernels #12

Are you sure you want to change the base?

Fix status message parsing on different kernels #12

Conversation

vthib commented Jul 21, 2023

vthib commented Sep 19, 2023