Enum netlink_packet_audit::AuditMessage

pub enum AuditMessage {
    GetStatus(Option<StatusMessage>),
    SetStatus(StatusMessage),
    AddRule(RuleMessage),
    DelRule(RuleMessage),
    ListRules(Option<RuleMessage>),
    Event((u16, String)),
    Other((u16, String)),
}

Variants

GetStatus(Option<StatusMessage>)

SetStatus(StatusMessage)

AddRule(RuleMessage)

DelRule(RuleMessage)

ListRules(Option<RuleMessage>)

Event((u16, String))

Event message (message types 1300 through 1399). This includes the following message types (this list is non-exhaustive, and not really kept up to date): AUDIT_SYSCALL, AUDIT_PATH, AUDIT_IPC, AUDIT_SOCKETCALL, AUDIT_CONFIG_CHANGE, AUDIT_SOCKADDR, AUDIT_CWD, AUDIT_EXECVE, AUDIT_IPC_SET_PERM, AUDIT_MQ_OPEN, AUDIT_MQ_SENDRECV, AUDIT_MQ_NOTIFY, AUDIT_MQ_GETSETATTR, AUDIT_KERNEL_OTHER, AUDIT_FD_PAIR, AUDIT_OBJ_PID, AUDIT_TTY, AUDIT_EOE, AUDIT_BPRM_FCAPS, AUDIT_CAPSET, AUDIT_MMAP, AUDIT_NETFILTER_PKT, AUDIT_NETFILTER_CFG, AUDIT_SECCOMP, AUDIT_PROCTITLE, AUDIT_FEATURE_CHANGE, AUDIT_REPLACE, AUDIT_KERN_MODULE, AUDIT_FANOTIFY.

The first element of the tuple is the message type, and the second is the event data.

Other((u16, String))

All the other events are parsed as such as they can be parsed also.

Implementations

impl AuditMessage

pub fn is_event(&self) -> bool

pub fn is_get_status(&self) -> bool

pub fn is_set_status(&self) -> bool

pub fn is_add_rule(&self) -> bool

pub fn is_del_rule(&self) -> bool

pub fn is_list_rules(&self) -> bool

pub fn message_type(&self) -> u16

Trait Implementations

impl Clone for AuditMessage

fn clone(&self) -> AuditMessage

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AuditMessage

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Emitable for AuditMessage

fn buffer_len(&self) -> usize

Return the length of the serialized data.

fn emit(&self, buffer: &mut [u8])

Serialize this types and write the serialized data into the given buffer.

impl From<AuditMessage> for NetlinkPayload<AuditMessage>

fn from(message: AuditMessage) -> Self

Converts to this type from the input type.

impl NetlinkDeserializable for AuditMessage

type Error = DecodeError

fn deserialize(
    header: &NetlinkHeader,
    payload: &[u8]
) -> Result<Self, Self::Error>

Deserialize the given buffer into Self.

impl NetlinkSerializable for AuditMessage

fn message_type(&self) -> u16

fn buffer_len(&self) -> usize

Return the length of the serialized data.

fn serialize(&self, buffer: &mut [u8])

Serialize this types and write the serialized data into the given buffer. buffer’s length is exactly InnerMessage::buffer_len(). It means that if InnerMessage::buffer_len() is buggy and does not return the appropriate length, bad things can happen:

impl<'a, T: AsRef<[u8]> + ?Sized> ParseableParametrized<AuditBuffer<&'a T>, u16> for AuditMessage

fn parse_with_param(
    buf: &AuditBuffer<&'a T>,
    message_type: u16
) -> Result<Self, DecodeError>

Deserialize the current type.

impl PartialEq<AuditMessage> for AuditMessage

fn eq(&self, other: &AuditMessage) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &AuditMessage) -> bool

This method tests for !=.

impl Eq for AuditMessage

impl StructuralEq for AuditMessage

impl StructuralPartialEq for AuditMessage