Enum netlink_packet_audit::AuditMessage

source · 
#[non_exhaustive]
pub enum AuditMessage {
    GetStatus(Option<StatusMessage>),
    SetStatus(StatusMessage),
    AddRule(RuleMessage),
    DelRule(RuleMessage),
    ListRules(Option<RuleMessage>),
    Event((u16, String)),
    Other((u16, String)),
}

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

GetStatus(Option<StatusMessage>)

§

SetStatus(StatusMessage)

§

AddRule(RuleMessage)

§

DelRule(RuleMessage)

§

ListRules(Option<RuleMessage>)

§

Event((u16, String))

Event message (message types 1300 through 1399). This includes the following message types (this list is non-exhaustive, and not really kept up to date): AUDIT_SYSCALL, AUDIT_PATH, AUDIT_IPC, AUDIT_SOCKETCALL, AUDIT_CONFIG_CHANGE, AUDIT_SOCKADDR, AUDIT_CWD, AUDIT_EXECVE, AUDIT_IPC_SET_PERM, AUDIT_MQ_OPEN, AUDIT_MQ_SENDRECV, AUDIT_MQ_NOTIFY, AUDIT_MQ_GETSETATTR, AUDIT_KERNEL_OTHER, AUDIT_FD_PAIR, AUDIT_OBJ_PID, AUDIT_TTY, AUDIT_EOE, AUDIT_BPRM_FCAPS, AUDIT_CAPSET, AUDIT_MMAP, AUDIT_NETFILTER_PKT, AUDIT_NETFILTER_CFG, AUDIT_SECCOMP, AUDIT_PROCTITLE, AUDIT_FEATURE_CHANGE, AUDIT_REPLACE, AUDIT_KERN_MODULE, AUDIT_FANOTIFY.

The first element of the tuple is the message type, and the second is the event data.

§

Other((u16, String))

All the other events are parsed as such as they can be parsed also.

Implementations§

source§

impl AuditMessage

source

pub fn is_event(&self) -> bool

source

pub fn is_get_status(&self) -> bool

source

pub fn is_set_status(&self) -> bool

source

pub fn is_add_rule(&self) -> bool

source

pub fn is_del_rule(&self) -> bool

source

pub fn is_list_rules(&self) -> bool

source

pub fn message_type(&self) -> u16

Trait Implementations§

source§

impl Clone for AuditMessage

source§

fn clone(&self) -> AuditMessage

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for AuditMessage

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Emitable for AuditMessage

source§

fn buffer_len(&self) -> usize

Return the length of the serialized data.
source§

fn emit(&self, buffer: &mut [u8])

Serialize this types and write the serialized data into the given buffer. Read more
source§

impl From<AuditMessage> for NetlinkPayload<AuditMessage>

source§

fn from(message: AuditMessage) -> Self

Converts to this type from the input type.
source§

impl NetlinkDeserializable for AuditMessage

§

type Error = DecodeError

source§

fn deserialize( header: &NetlinkHeader, payload: &[u8] ) -> Result<Self, Self::Error>

Deserialize the given buffer into Self.
source§

impl NetlinkSerializable for AuditMessage

source§

fn message_type(&self) -> u16

source§

fn buffer_len(&self) -> usize

Return the length of the serialized data. Read more
source§

fn serialize(&self, buffer: &mut [u8])

Serialize this types and write the serialized data into the given buffer. buffer’s length is exactly InnerMessage::buffer_len(). It means that if InnerMessage::buffer_len() is buggy and does not return the appropriate length, bad things can happen: Read more
source§

impl<'a, T: AsRef<[u8]> + ?Sized> ParseableParametrized<AuditBuffer<&'a T>, u16> for AuditMessage

source§

fn parse_with_param( buf: &AuditBuffer<&'a T>, message_type: u16 ) -> Result<Self, DecodeError>

Deserialize the current type.
source§

impl PartialEq<AuditMessage> for AuditMessage

source§

fn eq(&self, other: &AuditMessage) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Eq for AuditMessage

source§

impl StructuralEq for AuditMessage

source§

impl StructuralPartialEq for AuditMessage

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.