Lines Matching defs:fp
146 print_delim(FILE *fp, const char *del)
149 fprintf(fp, "%s", del);
156 print_1_byte(FILE *fp, u_char val, const char *format)
159 fprintf(fp, format, val);
166 print_2_bytes(FILE *fp, u_int16_t val, const char *format)
169 fprintf(fp, format, val);
176 print_4_bytes(FILE *fp, u_int32_t val, const char *format)
179 fprintf(fp, format, val);
186 print_8_bytes(FILE *fp, u_int64_t val, const char *format)
189 fprintf(fp, format, val);
196 print_mem(FILE *fp, u_char *data, size_t len)
201 fprintf(fp, "0x");
203 fprintf(fp, "%02x", data[i]);
211 print_string(FILE *fp, const char *str, size_t len)
218 fprintf(fp, "%c", str[i]);
227 print_xml_string(FILE *fp, const char *str, size_t len)
241 (void) fprintf(fp, "&");
245 (void) fprintf(fp, "<");
249 (void) fprintf(fp, ">");
253 (void) fprintf(fp, """);
257 (void) fprintf(fp, "'");
262 (void) fprintf(fp, "%s", visbuf);
272 open_attr(FILE *fp, const char *str)
275 fprintf(fp,"%s=\"", str);
282 close_attr(FILE *fp)
285 fprintf(fp,"\" ");
292 close_tag(FILE *fp, u_char type)
297 fprintf(fp, ">");
301 fprintf(fp, ">");
305 fprintf(fp, ">");
309 fprintf(fp, ">");
313 fprintf(fp, "/>");
317 fprintf(fp, "/>");
321 fprintf(fp, "/>");
325 fprintf(fp, "/>");
329 fprintf(fp, "/>");
333 fprintf(fp, "</exec_args>");
337 fprintf(fp, "</exec_env>");
341 fprintf(fp, "</file>");
345 fprintf(fp, "</group>");
349 fprintf(fp, "</ip_address>");
353 fprintf(fp, "</ip_address>");
357 fprintf(fp, "/>");
361 fprintf(fp, "/>");
365 fprintf(fp, "/>");
369 fprintf(fp, "</ip_port>");
373 fprintf(fp, "</opaque>");
377 fprintf(fp, "</path>");
381 fprintf(fp, "/>");
385 fprintf(fp, "/>");
389 fprintf(fp, "/>");
393 fprintf(fp, "/>");
397 fprintf(fp, "/>");
401 fprintf(fp, "/>");
405 fprintf(fp, "/>");
409 fprintf(fp, "/>");
413 fprintf(fp, "/>");
417 fprintf(fp, "/>");
421 fprintf(fp, "/>");
425 fprintf(fp, "/>");
429 fprintf(fp, "/>");
433 fprintf(fp, "/>");
437 fprintf(fp, "/>");
441 fprintf(fp, "</text>");
445 fprintf(fp, "/>");
449 fprintf(fp, "</arbitrary>");
453 fprintf(fp, "/>");
462 print_tok_type(FILE *fp, u_char type, const char *tokname, int oflags)
468 fprintf(fp, "<record ");
472 fprintf(fp, "<record ");
476 fprintf(fp, "<record ");
480 fprintf(fp, "<record ");
484 fprintf(fp, "</record>");
488 fprintf(fp, "<argument ");
492 fprintf(fp, "<argument ");
496 fprintf(fp, "<attribute ");
500 fprintf(fp, "<attribute ");
504 fprintf(fp, "<exit ");
508 fprintf(fp, "<exec_args>");
512 fprintf(fp, "<exec_env>");
516 fprintf(fp, "<file ");
520 fprintf(fp, "<group>");
524 fprintf(fp, "<ip_address>");
528 fprintf(fp, "<ip_address>");
532 fprintf(fp, "<ip ");
536 fprintf(fp, "<IPC");
540 fprintf(fp, "<IPC_perm ");
544 fprintf(fp, "<ip_port>");
548 fprintf(fp, "<opaque>");
552 fprintf(fp, "<path>");
556 fprintf(fp, "<process ");
560 fprintf(fp, "<process ");
564 fprintf(fp, "<process ");
568 fprintf(fp, "<process ");
572 fprintf(fp, "<return ");
576 fprintf(fp, "<return ");
580 fprintf(fp, "<sequence ");
584 fprintf(fp, "<socket ");
588 fprintf(fp, "<socket-inet ");
592 fprintf(fp, "<socket-unix ");
596 fprintf(fp, "<socket-inet6 ");
600 fprintf(fp, "<subject ");
604 fprintf(fp, "<subject ");
608 fprintf(fp, "<subject ");
612 fprintf(fp, "<subject ");
616 fprintf(fp, "<text>");
620 fprintf(fp, "<socket ");
624 fprintf(fp, "<arbitrary ");
628 fprintf(fp, "<zone ");
633 fprintf(fp, "%u", type);
635 fprintf(fp, "%s", tokname);
643 print_user(FILE *fp, u_int32_t usr, int oflags)
648 fprintf(fp, "%d", usr);
652 fprintf(fp, "%s", pwent->pw_name);
654 fprintf(fp, "%d", usr);
662 print_group(FILE *fp, u_int32_t grp, int oflags)
667 fprintf(fp, "%d", grp);
671 fprintf(fp, "%s", grpent->gr_name);
673 fprintf(fp, "%d", grp);
682 print_event(FILE *fp, u_int16_t ev, int oflags)
696 fprintf(fp, "%u", ev);
701 fprintf(fp, "%u", ev);
703 fprintf(fp, "%s", e.ae_name);
705 fprintf(fp, "%s", e.ae_desc);
714 print_evmod(FILE *fp, u_int16_t evmod, int oflags)
717 fprintf(fp, "%u", evmod);
719 fprintf(fp, "%u", evmod);
726 print_sec32(FILE *fp, u_int32_t sec, int oflags)
732 fprintf(fp, "%u", sec);
737 fprintf(fp, "%s", timestr);
746 print_sec64(FILE *fp, u_int64_t sec, int oflags)
752 fprintf(fp, "%u", (u_int32_t)sec);
757 fprintf(fp, "%s", timestr);
765 print_msec32(FILE *fp, u_int32_t msec, int oflags)
768 fprintf(fp, "%u", msec);
770 fprintf(fp, " + %u msec", msec);
778 print_msec64(FILE *fp, u_int64_t msec, int oflags)
783 fprintf(fp, "%u", (u_int32_t)msec);
785 fprintf(fp, " + %u msec", (u_int32_t)msec);
792 print_ip_address(FILE *fp, u_int32_t ip)
797 fprintf(fp, "%s", inet_ntoa(ipaddr));
804 print_ip_ex_address(FILE *fp, u_int32_t type, u_int32_t *ipaddr)
813 fprintf(fp, "%s", inet_ntop(AF_INET, &ipv4, dst,
819 fprintf(fp, "%s", inet_ntop(AF_INET6, &ipv6, dst,
824 fprintf(fp, "invalid");
832 print_retval(FILE *fp, u_char status, int oflags)
837 fprintf(fp, "%u", status);
847 fprintf(fp, "success");
849 fprintf(fp, "failure : %s", strerror(error));
851 fprintf(fp, "failure: Unknown error: %d", status);
859 print_errval(FILE *fp, u_int32_t val)
862 fprintf(fp, "Error %u", val);
869 print_ipctype(FILE *fp, u_char type, int oflags)
872 fprintf(fp, "%u", type);
875 fprintf(fp, "Message IPC");
877 fprintf(fp, "Semaphore IPC");
879 fprintf(fp, "Shared Memory IPC");
881 fprintf(fp, "%u", type);
947 print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
950 print_tok_type(fp, tok->id, "header", oflags);
952 open_attr(fp, "version");
953 print_1_byte(fp, tok->tt.hdr32.version, "%u");
954 close_attr(fp);
955 open_attr(fp, "event");
956 print_event(fp, tok->tt.hdr32.e_type, oflags);
957 close_attr(fp);
958 open_attr(fp, "modifier");
959 print_evmod(fp, tok->tt.hdr32.e_mod, oflags);
960 close_attr(fp);
961 open_attr(fp, "time");
962 print_sec32(fp, tok->tt.hdr32.s, oflags);
963 close_attr(fp);
964 open_attr(fp, "msec");
965 print_msec32(fp, tok->tt.hdr32.ms, oflags);
966 close_attr(fp);
967 close_tag(fp, tok->id);
969 print_delim(fp, del);
970 print_4_bytes(fp, tok->tt.hdr32.size, "%u");
971 print_delim(fp, del);
972 print_1_byte(fp, tok->tt.hdr32.version, "%u");
973 print_delim(fp, del);
974 print_event(fp, tok->tt.hdr32.e_type, oflags);
975 print_delim(fp, del);
976 print_evmod(fp, tok->tt.hdr32.e_mod, oflags);
977 print_delim(fp, del);
978 print_sec32(fp, tok->tt.hdr32.s, oflags);
979 print_delim(fp, del);
980 print_msec32(fp, tok->tt.hdr32.ms, oflags);
1054 print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1057 print_tok_type(fp, tok->id, "header_ex", oflags);
1059 open_attr(fp, "version");
1060 print_1_byte(fp, tok->tt.hdr32_ex.version, "%u");
1061 close_attr(fp);
1062 open_attr(fp, "event");
1063 print_event(fp, tok->tt.hdr32_ex.e_type, oflags);
1064 close_attr(fp);
1065 open_attr(fp, "modifier");
1066 print_evmod(fp, tok->tt.hdr32_ex.e_mod, oflags);
1067 close_attr(fp);
1068 open_attr(fp, "host");
1069 print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type,
1071 close_attr(fp);
1072 open_attr(fp, "time");
1073 print_sec32(fp, tok->tt.hdr32_ex.s, oflags);
1074 close_attr(fp);
1075 open_attr(fp, "msec");
1076 print_msec32(fp, tok->tt.hdr32_ex.ms, oflags);
1077 close_attr(fp);
1078 close_tag(fp, tok->id);
1080 print_delim(fp, del);
1081 print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u");
1082 print_delim(fp, del);
1083 print_1_byte(fp, tok->tt.hdr32_ex.version, "%u");
1084 print_delim(fp, del);
1085 print_event(fp, tok->tt.hdr32_ex.e_type, oflags);
1086 print_delim(fp, del);
1087 print_evmod(fp, tok->tt.hdr32_ex.e_mod, oflags);
1088 print_delim(fp, del);
1089 print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type,
1091 print_delim(fp, del);
1092 print_sec32(fp, tok->tt.hdr32_ex.s, oflags);
1093 print_delim(fp, del);
1094 print_msec32(fp, tok->tt.hdr32_ex.ms, oflags);
1139 print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1142 print_tok_type(fp, tok->id, "header", oflags);
1144 open_attr(fp, "version");
1145 print_1_byte(fp, tok->tt.hdr64.version, "%u");
1146 close_attr(fp);
1147 open_attr(fp, "event");
1148 print_event(fp, tok->tt.hdr64.e_type, oflags);
1149 close_attr(fp);
1150 open_attr(fp, "modifier");
1151 print_evmod(fp, tok->tt.hdr64.e_mod, oflags);
1152 close_attr(fp);
1153 open_attr(fp, "time");
1154 print_sec64(fp, tok->tt.hdr64.s, oflags);
1155 close_attr(fp);
1156 open_attr(fp, "msec");
1157 print_msec64(fp, tok->tt.hdr64.ms, oflags);
1158 close_attr(fp);
1159 close_tag(fp, tok->id);
1161 print_delim(fp, del);
1162 print_4_bytes(fp, tok->tt.hdr64.size, "%u");
1163 print_delim(fp, del);
1164 print_1_byte(fp, tok->tt.hdr64.version, "%u");
1165 print_delim(fp, del);
1166 print_event(fp, tok->tt.hdr64.e_type, oflags);
1167 print_delim(fp, del);
1168 print_evmod(fp, tok->tt.hdr64.e_mod, oflags);
1169 print_delim(fp, del);
1170 print_sec64(fp, tok->tt.hdr64.s, oflags);
1171 print_delim(fp, del);
1172 print_msec64(fp, tok->tt.hdr64.ms, oflags);
1242 print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1245 print_tok_type(fp, tok->id, "header_ex", oflags);
1247 open_attr(fp, "version");
1248 print_1_byte(fp, tok->tt.hdr64_ex.version, "%u");
1249 close_attr(fp);
1250 open_attr(fp, "event");
1251 print_event(fp, tok->tt.hdr64_ex.e_type, oflags);
1252 close_attr(fp);
1253 open_attr(fp, "modifier");
1254 print_evmod(fp, tok->tt.hdr64_ex.e_mod, oflags);
1255 close_attr(fp);
1256 open_attr(fp, "host");
1257 print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type,
1259 close_attr(fp);
1260 open_attr(fp, "time");
1261 print_sec64(fp, tok->tt.hdr64_ex.s, oflags);
1262 close_attr(fp);
1263 open_attr(fp, "msec");
1264 print_msec64(fp, tok->tt.hdr64_ex.ms, oflags);
1265 close_attr(fp);
1266 close_tag(fp, tok->id);
1268 print_delim(fp, del);
1269 print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u");
1270 print_delim(fp, del);
1271 print_1_byte(fp, tok->tt.hdr64_ex.version, "%u");
1272 print_delim(fp, del);
1273 print_event(fp, tok->tt.hdr64_ex.e_type, oflags);
1274 print_delim(fp, del);
1275 print_evmod(fp, tok->tt.hdr64_ex.e_mod, oflags);
1276 print_delim(fp, del);
1277 print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type,
1279 print_delim(fp, del);
1280 print_sec64(fp, tok->tt.hdr64_ex.s, oflags);
1281 print_delim(fp, del);
1282 print_msec64(fp, tok->tt.hdr64_ex.ms, oflags);
1307 print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1310 print_tok_type(fp, tok->id, "trailer", oflags);
1312 print_delim(fp, del);
1313 print_4_bytes(fp, tok->tt.trail.count, "%u");
1349 print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1352 print_tok_type(fp, tok->id, "argument", oflags);
1354 open_attr(fp, "arg-num");
1355 print_1_byte(fp, tok->tt.arg32.no, "%u");
1356 close_attr(fp);
1357 open_attr(fp, "value");
1358 print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
1359 close_attr(fp);
1360 open_attr(fp, "desc");
1361 print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
1362 close_attr(fp);
1363 close_tag(fp, tok->id);
1365 print_delim(fp, del);
1366 print_1_byte(fp, tok->tt.arg32.no, "%u");
1367 print_delim(fp, del);
1368 print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
1369 print_delim(fp, del);
1370 print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
1400 print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1403 print_tok_type(fp, tok->id, "argument", oflags);
1405 open_attr(fp, "arg-num");
1406 print_1_byte(fp, tok->tt.arg64.no, "%u");
1407 close_attr(fp);
1408 open_attr(fp, "value");
1409 print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
1410 close_attr(fp);
1411 open_attr(fp, "desc");
1412 print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
1413 close_attr(fp);
1414 close_tag(fp, tok->id);
1416 print_delim(fp, del);
1417 print_1_byte(fp, tok->tt.arg64.no, "%u");
1418 print_delim(fp, del);
1419 print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
1420 print_delim(fp, del);
1421 print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
1484 print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1491 print_tok_type(fp, tok->id, "arbitrary", oflags);
1493 print_delim(fp, del);
1526 open_attr(fp, "print");
1527 fprintf(fp, "%s",str);
1528 close_attr(fp);
1530 print_string(fp, str, strlen(str));
1531 print_delim(fp, del);
1539 open_attr(fp, "type");
1540 fprintf(fp, "%zu", size);
1541 close_attr(fp);
1542 open_attr(fp, "count");
1543 print_1_byte(fp, tok->tt.arb.uc, "%u");
1544 close_attr(fp);
1545 fprintf(fp, ">");
1547 fprintf(fp, format, *(tok->tt.arb.data +
1549 close_tag(fp, tok->id);
1551 print_string(fp, str, strlen(str));
1552 print_delim(fp, del);
1553 print_1_byte(fp, tok->tt.arb.uc, "%u");
1554 print_delim(fp, del);
1556 fprintf(fp, format, *(tok->tt.arb.data +
1565 open_attr(fp, "type");
1566 fprintf(fp, "%zu", size);
1567 close_attr(fp);
1568 open_attr(fp, "count");
1569 print_1_byte(fp, tok->tt.arb.uc, "%u");
1570 close_attr(fp);
1571 fprintf(fp, ">");
1573 fprintf(fp, format,
1576 close_tag(fp, tok->id);
1578 print_string(fp, str, strlen(str));
1579 print_delim(fp, del);
1580 print_1_byte(fp, tok->tt.arb.uc, "%u");
1581 print_delim(fp, del);
1583 fprintf(fp, format,
1594 open_attr(fp, "type");
1595 fprintf(fp, "%zu", size);
1596 close_attr(fp);
1597 open_attr(fp, "count");
1598 print_1_byte(fp, tok->tt.arb.uc, "%u");
1599 close_attr(fp);
1600 fprintf(fp, ">");
1602 fprintf(fp, format,
1605 close_tag(fp, tok->id);
1607 print_string(fp, str, strlen(str));
1608 print_delim(fp, del);
1609 print_1_byte(fp, tok->tt.arb.uc, "%u");
1610 print_delim(fp, del);
1612 fprintf(fp, format,
1622 open_attr(fp, "type");
1623 fprintf(fp, "%zu", size);
1624 close_attr(fp);
1625 open_attr(fp, "count");
1626 print_1_byte(fp, tok->tt.arb.uc, "%u");
1627 close_attr(fp);
1628 fprintf(fp, ">");
1630 fprintf(fp, format,
1633 close_tag(fp, tok->id);
1635 print_string(fp, str, strlen(str));
1636 print_delim(fp, del);
1637 print_1_byte(fp, tok->tt.arb.uc, "%u");
1638 print_delim(fp, del);
1640 fprintf(fp, format,
1692 print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1695 print_tok_type(fp, tok->id, "attribute", oflags);
1697 open_attr(fp, "mode");
1698 print_4_bytes(fp, tok->tt.attr32.mode, "%o");
1699 close_attr(fp);
1700 open_attr(fp, "uid");
1701 print_user(fp, tok->tt.attr32.uid, oflags);
1702 close_attr(fp);
1703 open_attr(fp, "gid");
1704 print_group(fp, tok->tt.attr32.gid, oflags);
1705 close_attr(fp);
1706 open_attr(fp, "fsid");
1707 print_4_bytes(fp, tok->tt.attr32.fsid, "%u");
1708 close_attr(fp);
1709 open_attr(fp, "nodeid");
1710 print_8_bytes(fp, tok->tt.attr32.nid, "%lld");
1711 close_attr(fp);
1712 open_attr(fp, "device");
1713 print_4_bytes(fp, tok->tt.attr32.dev, "%u");
1714 close_attr(fp);
1715 close_tag(fp, tok->id);
1717 print_delim(fp, del);
1718 print_4_bytes(fp, tok->tt.attr32.mode, "%o");
1719 print_delim(fp, del);
1720 print_user(fp, tok->tt.attr32.uid, oflags);
1721 print_delim(fp, del);
1722 print_group(fp, tok->tt.attr32.gid, oflags);
1723 print_delim(fp, del);
1724 print_4_bytes(fp, tok->tt.attr32.fsid, "%u");
1725 print_delim(fp, del);
1726 print_8_bytes(fp, tok->tt.attr32.nid, "%lld");
1727 print_delim(fp, del);
1728 print_4_bytes(fp, tok->tt.attr32.dev, "%u");
1773 print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1776 print_tok_type(fp, tok->id, "attribute", oflags);
1778 open_attr(fp, "mode");
1779 print_4_bytes(fp, tok->tt.attr64.mode, "%o");
1780 close_attr(fp);
1781 open_attr(fp, "uid");
1782 print_user(fp, tok->tt.attr64.uid, oflags);
1783 close_attr(fp);
1784 open_attr(fp, "gid");
1785 print_group(fp, tok->tt.attr64.gid, oflags);
1786 close_attr(fp);
1787 open_attr(fp, "fsid");
1788 print_4_bytes(fp, tok->tt.attr64.fsid, "%u");
1789 close_attr(fp);
1790 open_attr(fp, "nodeid");
1791 print_8_bytes(fp, tok->tt.attr64.nid, "%lld");
1792 close_attr(fp);
1793 open_attr(fp, "device");
1794 print_8_bytes(fp, tok->tt.attr64.dev, "%llu");
1795 close_attr(fp);
1796 close_tag(fp, tok->id);
1798 print_delim(fp, del);
1799 print_4_bytes(fp, tok->tt.attr64.mode, "%o");
1800 print_delim(fp, del);
1801 print_user(fp, tok->tt.attr64.uid, oflags);
1802 print_delim(fp, del);
1803 print_group(fp, tok->tt.attr64.gid, oflags);
1804 print_delim(fp, del);
1805 print_4_bytes(fp, tok->tt.attr64.fsid, "%u");
1806 print_delim(fp, del);
1807 print_8_bytes(fp, tok->tt.attr64.nid, "%lld");
1808 print_delim(fp, del);
1809 print_8_bytes(fp, tok->tt.attr64.dev, "%llu");
1834 print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1837 print_tok_type(fp, tok->id, "exit", oflags);
1839 open_attr(fp, "errval");
1840 print_errval(fp, tok->tt.exit.status);
1841 close_attr(fp);
1842 open_attr(fp, "retval");
1843 print_4_bytes(fp, tok->tt.exit.ret, "%u");
1844 close_attr(fp);
1845 close_tag(fp, tok->id);
1847 print_delim(fp, del);
1848 print_errval(fp, tok->tt.exit.status);
1849 print_delim(fp, del);
1850 print_4_bytes(fp, tok->tt.exit.ret, "%u");
1891 print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1895 print_tok_type(fp, tok->id, "exec arg", oflags);
1898 fprintf(fp, "<arg>");
1899 print_xml_string(fp, tok->tt.execarg.text[i],
1901 fprintf(fp, "</arg>");
1903 print_delim(fp, del);
1904 print_string(fp, tok->tt.execarg.text[i],
1909 close_tag(fp, tok->id);
1949 print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
1953 print_tok_type(fp, tok->id, "exec env", oflags);
1956 fprintf(fp, "<env>");
1957 print_xml_string(fp, tok->tt.execenv.text[i],
1959 fprintf(fp, "</env>");
1961 print_delim(fp, del);
1962 print_string(fp, tok->tt.execenv.text[i],
1967 close_tag(fp, tok->id);
2002 print_file_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2005 print_tok_type(fp, tok->id, "file", oflags);
2007 open_attr(fp, "time");
2008 print_sec32(fp, tok->tt.file.s, oflags);
2009 close_attr(fp);
2010 open_attr(fp, "msec");
2011 print_msec32(fp, tok->tt.file.ms, oflags);
2012 close_attr(fp);
2013 fprintf(fp, ">");
2014 print_string(fp, tok->tt.file.name, tok->tt.file.len);
2015 close_tag(fp, tok->id);
2017 print_delim(fp, del);
2018 print_sec32(fp, tok->tt.file.s, oflags);
2019 print_delim(fp, del);
2020 print_msec32(fp, tok->tt.file.ms, oflags);
2021 print_delim(fp, del);
2022 print_string(fp, tok->tt.file.name, tok->tt.file.len);
2051 print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2055 print_tok_type(fp, tok->id, "group", oflags);
2058 fprintf(fp, "<gid>");
2059 print_group(fp, tok->tt.grps.list[i], oflags);
2060 fprintf(fp, "</gid>");
2061 close_tag(fp, tok->id);
2063 print_delim(fp, del);
2064 print_group(fp, tok->tt.grps.list[i], oflags);
2087 print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2090 print_tok_type(fp, tok->id, "ip addr", oflags);
2092 print_ip_address(fp, tok->tt.inaddr.addr);
2093 close_tag(fp, tok->id);
2095 print_delim(fp, del);
2096 print_ip_address(fp, tok->tt.inaddr.addr);
2130 print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2133 print_tok_type(fp, tok->id, "ip addr ex", oflags);
2135 print_ip_ex_address(fp, tok->tt.inaddr_ex.type,
2137 close_tag(fp, tok->id);
2139 print_delim(fp, del);
2140 print_ip_ex_address(fp, tok->tt.inaddr_ex.type,
2203 print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2206 print_tok_type(fp, tok->id, "ip", oflags);
2208 open_attr(fp, "version");
2209 print_mem(fp, (u_char *)(&tok->tt.ip.version),
2211 close_attr(fp);
2212 open_attr(fp, "service_type");
2213 print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
2214 close_attr(fp);
2215 open_attr(fp, "len");
2216 print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
2217 close_attr(fp);
2218 open_attr(fp, "id");
2219 print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
2220 close_attr(fp);
2221 open_attr(fp, "offset");
2222 print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
2223 close_attr(fp);
2224 open_attr(fp, "time_to_live");
2225 print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
2226 close_attr(fp);
2227 open_attr(fp, "protocol");
2228 print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
2229 close_attr(fp);
2230 open_attr(fp, "cksum");
2231 print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
2232 close_attr(fp);
2233 open_attr(fp, "src_addr");
2234 print_ip_address(fp, tok->tt.ip.src);
2235 close_attr(fp);
2236 open_attr(fp, "dest_addr");
2237 print_ip_address(fp, tok->tt.ip.dest);
2238 close_attr(fp);
2239 close_tag(fp, tok->id);
2241 print_delim(fp, del);
2242 print_mem(fp, (u_char *)(&tok->tt.ip.version),
2244 print_delim(fp, del);
2245 print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
2246 print_delim(fp, del);
2247 print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
2248 print_delim(fp, del);
2249 print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
2250 print_delim(fp, del);
2251 print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
2252 print_delim(fp, del);
2253 print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
2254 print_delim(fp, del);
2255 print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
2256 print_delim(fp, del);
2257 print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
2258 print_delim(fp, del);
2259 print_ip_address(fp, tok->tt.ip.src);
2260 print_delim(fp, del);
2261 print_ip_address(fp, tok->tt.ip.dest);
2286 print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2289 print_tok_type(fp, tok->id, "IPC", oflags);
2291 open_attr(fp, "ipc-type");
2292 print_ipctype(fp, tok->tt.ipc.type, oflags);
2293 close_attr(fp);
2294 open_attr(fp, "ipc-id");
2295 print_4_bytes(fp, tok->tt.ipc.id, "%u");
2296 close_attr(fp);
2297 close_tag(fp, tok->id);
2299 print_delim(fp, del);
2300 print_ipctype(fp, tok->tt.ipc.type, oflags);
2301 print_delim(fp, del);
2302 print_4_bytes(fp, tok->tt.ipc.id, "%u");
2352 print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2355 print_tok_type(fp, tok->id, "IPC perm", oflags);
2357 open_attr(fp, "uid");
2358 print_user(fp, tok->tt.ipcperm.uid, oflags);
2359 close_attr(fp);
2360 open_attr(fp, "gid");
2361 print_group(fp, tok->tt.ipcperm.gid, oflags);
2362 close_attr(fp);
2363 open_attr(fp, "creator-uid");
2364 print_user(fp, tok->tt.ipcperm.puid, oflags);
2365 close_attr(fp);
2366 open_attr(fp, "creator-gid");
2367 print_group(fp, tok->tt.ipcperm.pgid, oflags);
2368 close_attr(fp);
2369 open_attr(fp, "mode");
2370 print_4_bytes(fp, tok->tt.ipcperm.mode, "%o");
2371 close_attr(fp);
2372 open_attr(fp, "seq");
2373 print_4_bytes(fp, tok->tt.ipcperm.seq, "%u");
2374 close_attr(fp);
2375 open_attr(fp, "key");
2376 print_4_bytes(fp, tok->tt.ipcperm.key, "%u");
2377 close_attr(fp);
2378 close_tag(fp, tok->id);
2380 print_delim(fp, del);
2381 print_user(fp, tok->tt.ipcperm.uid, oflags);
2382 print_delim(fp, del);
2383 print_group(fp, tok->tt.ipcperm.gid, oflags);
2384 print_delim(fp, del);
2385 print_user(fp, tok->tt.ipcperm.puid, oflags);
2386 print_delim(fp, del);
2387 print_group(fp, tok->tt.ipcperm.pgid, oflags);
2388 print_delim(fp, del);
2389 print_4_bytes(fp, tok->tt.ipcperm.mode, "%o");
2390 print_delim(fp, del);
2391 print_4_bytes(fp, tok->tt.ipcperm.seq, "%u");
2392 print_delim(fp, del);
2393 print_4_bytes(fp, tok->tt.ipcperm.key, "%u");
2414 print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2417 print_tok_type(fp, tok->id, "ip port", oflags);
2419 print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
2420 close_tag(fp, tok->id);
2422 print_delim(fp, del);
2423 print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
2449 print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2452 print_tok_type(fp, tok->id, "opaque", oflags);
2454 print_mem(fp, (u_char*)tok->tt.opaque.data,
2456 close_tag(fp, tok->id);
2458 print_delim(fp, del);
2459 print_2_bytes(fp, tok->tt.opaque.size, "%u");
2460 print_delim(fp, del);
2461 print_mem(fp, (u_char*)tok->tt.opaque.data,
2488 print_path_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2491 print_tok_type(fp, tok->id, "path", oflags);
2493 print_string(fp, tok->tt.path.path, tok->tt.path.len);
2494 close_tag(fp, tok->id);
2496 print_delim(fp, del);
2497 print_string(fp, tok->tt.path.path, tok->tt.path.len);
2560 print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2563 print_tok_type(fp, tok->id, "process", oflags);
2565 open_attr(fp, "audit-uid");
2566 print_user(fp, tok->tt.proc32.auid, oflags);
2567 close_attr(fp);
2568 open_attr(fp, "uid");
2569 print_user(fp, tok->tt.proc32.euid, oflags);
2570 close_attr(fp);
2571 open_attr(fp, "gid");
2572 print_group(fp, tok->tt.proc32.egid, oflags);
2573 close_attr(fp);
2574 open_attr(fp, "ruid");
2575 print_user(fp, tok->tt.proc32.ruid, oflags);
2576 close_attr(fp);
2577 open_attr(fp, "rgid");
2578 print_group(fp, tok->tt.proc32.rgid, oflags);
2579 close_attr(fp);
2580 open_attr(fp, "pid");
2581 print_4_bytes(fp, tok->tt.proc32.pid, "%u");
2582 close_attr(fp);
2583 open_attr(fp, "sid");
2584 print_4_bytes(fp, tok->tt.proc32.sid, "%u");
2585 close_attr(fp);
2586 open_attr(fp, "tid");
2587 print_4_bytes(fp, tok->tt.proc32.tid.port, "%u");
2588 print_ip_address(fp, tok->tt.proc32.tid.addr);
2589 close_attr(fp);
2590 close_tag(fp, tok->id);
2592 print_delim(fp, del);
2593 print_user(fp, tok->tt.proc32.auid, oflags);
2594 print_delim(fp, del);
2595 print_user(fp, tok->tt.proc32.euid, oflags);
2596 print_delim(fp, del);
2597 print_group(fp, tok->tt.proc32.egid, oflags);
2598 print_delim(fp, del);
2599 print_user(fp, tok->tt.proc32.ruid, oflags);
2600 print_delim(fp, del);
2601 print_group(fp, tok->tt.proc32.rgid, oflags);
2602 print_delim(fp, del);
2603 print_4_bytes(fp, tok->tt.proc32.pid, "%u");
2604 print_delim(fp, del);
2605 print_4_bytes(fp, tok->tt.proc32.sid, "%u");
2606 print_delim(fp, del);
2607 print_4_bytes(fp, tok->tt.proc32.tid.port, "%u");
2608 print_delim(fp, del);
2609 print_ip_address(fp, tok->tt.proc32.tid.addr);
2672 print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2674 print_tok_type(fp, tok->id, "process", oflags);
2676 open_attr(fp, "audit-uid");
2677 print_user(fp, tok->tt.proc64.auid, oflags);
2678 close_attr(fp);
2679 open_attr(fp, "uid");
2680 print_user(fp, tok->tt.proc64.euid, oflags);
2681 close_attr(fp);
2682 open_attr(fp, "gid");
2683 print_group(fp, tok->tt.proc64.egid, oflags);
2684 close_attr(fp);
2685 open_attr(fp, "ruid");
2686 print_user(fp, tok->tt.proc64.ruid, oflags);
2687 close_attr(fp);
2688 open_attr(fp, "rgid");
2689 print_group(fp, tok->tt.proc64.rgid, oflags);
2690 close_attr(fp);
2691 open_attr(fp, "pid");
2692 print_4_bytes(fp, tok->tt.proc64.pid, "%u");
2693 close_attr(fp);
2694 open_attr(fp, "sid");
2695 print_4_bytes(fp, tok->tt.proc64.sid, "%u");
2696 close_attr(fp);
2697 open_attr(fp, "tid");
2698 print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu");
2699 print_ip_address(fp, tok->tt.proc64.tid.addr);
2700 close_attr(fp);
2701 close_tag(fp, tok->id);
2703 print_delim(fp, del);
2704 print_user(fp, tok->tt.proc64.auid, oflags);
2705 print_delim(fp, del);
2706 print_user(fp, tok->tt.proc64.euid, oflags);
2707 print_delim(fp, del);
2708 print_group(fp, tok->tt.proc64.egid, oflags);
2709 print_delim(fp, del);
2710 print_user(fp, tok->tt.proc64.ruid, oflags);
2711 print_delim(fp, del);
2712 print_group(fp, tok->tt.proc64.rgid, oflags);
2713 print_delim(fp, del);
2714 print_4_bytes(fp, tok->tt.proc64.pid, "%u");
2715 print_delim(fp, del);
2716 print_4_bytes(fp, tok->tt.proc64.sid, "%u");
2717 print_delim(fp, del);
2718 print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu");
2719 print_delim(fp, del);
2720 print_ip_address(fp, tok->tt.proc64.tid.addr);
2798 print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2801 print_tok_type(fp, tok->id, "process_ex", oflags);
2803 open_attr(fp, "audit-uid");
2804 print_user(fp, tok->tt.proc32_ex.auid, oflags);
2805 close_attr(fp);
2806 open_attr(fp, "uid");
2807 print_user(fp, tok->tt.proc32_ex.euid, oflags);
2808 close_attr(fp);
2809 open_attr(fp, "gid");
2810 print_group(fp, tok->tt.proc32_ex.egid, oflags);
2811 close_attr(fp);
2812 open_attr(fp, "ruid");
2813 print_user(fp, tok->tt.proc32_ex.ruid, oflags);
2814 close_attr(fp);
2815 open_attr(fp, "rgid");
2816 print_group(fp, tok->tt.proc32_ex.rgid, oflags);
2817 close_attr(fp);
2818 open_attr(fp, "pid");
2819 print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u");
2820 close_attr(fp);
2821 open_attr(fp, "sid");
2822 print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u");
2823 close_attr(fp);
2824 open_attr(fp, "tid");
2825 print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u");
2826 print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type,
2828 close_attr(fp);
2829 close_tag(fp, tok->id);
2831 print_delim(fp, del);
2832 print_user(fp, tok->tt.proc32_ex.auid, oflags);
2833 print_delim(fp, del);
2834 print_user(fp, tok->tt.proc32_ex.euid, oflags);
2835 print_delim(fp, del);
2836 print_group(fp, tok->tt.proc32_ex.egid, oflags);
2837 print_delim(fp, del);
2838 print_user(fp, tok->tt.proc32_ex.ruid, oflags);
2839 print_delim(fp, del);
2840 print_group(fp, tok->tt.proc32_ex.rgid, oflags);
2841 print_delim(fp, del);
2842 print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u");
2843 print_delim(fp, del);
2844 print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u");
2845 print_delim(fp, del);
2846 print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u");
2847 print_delim(fp, del);
2848 print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type,
2927 print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
2929 print_tok_type(fp, tok->id, "process_ex", oflags);
2931 open_attr(fp, "audit-uid");
2932 print_user(fp, tok->tt.proc64_ex.auid, oflags);
2933 close_attr(fp);
2934 open_attr(fp, "uid");
2935 print_user(fp, tok->tt.proc64_ex.euid, oflags);
2936 close_attr(fp);
2937 open_attr(fp, "gid");
2938 print_group(fp, tok->tt.proc64_ex.egid, oflags);
2939 close_attr(fp);
2940 open_attr(fp, "ruid");
2941 print_user(fp, tok->tt.proc64_ex.ruid, oflags);
2942 close_attr(fp);
2943 open_attr(fp, "rgid");
2944 print_group(fp, tok->tt.proc64_ex.rgid, oflags);
2945 close_attr(fp);
2946 open_attr(fp, "pid");
2947 print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u");
2948 close_attr(fp);
2949 open_attr(fp, "sid");
2950 print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u");
2951 close_attr(fp);
2952 open_attr(fp, "tid");
2953 print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu");
2954 print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type,
2956 close_attr(fp);
2957 close_tag(fp, tok->id);
2959 print_delim(fp, del);
2960 print_user(fp, tok->tt.proc64_ex.auid, oflags);
2961 print_delim(fp, del);
2962 print_user(fp, tok->tt.proc64_ex.euid, oflags);
2963 print_delim(fp, del);
2964 print_group(fp, tok->tt.proc64_ex.egid, oflags);
2965 print_delim(fp, del);
2966 print_user(fp, tok->tt.proc64_ex.ruid, oflags);
2967 print_delim(fp, del);
2968 print_group(fp, tok->tt.proc64_ex.rgid, oflags);
2969 print_delim(fp, del);
2970 print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u");
2971 print_delim(fp, del);
2972 print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u");
2973 print_delim(fp, del);
2974 print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu");
2975 print_delim(fp, del);
2976 print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type,
3002 print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3005 print_tok_type(fp, tok->id, "return", oflags);
3007 open_attr(fp ,"errval");
3008 print_retval(fp, tok->tt.ret32.status, oflags);
3009 close_attr(fp);
3010 open_attr(fp, "retval");
3011 print_4_bytes(fp, tok->tt.ret32.ret, "%u");
3012 close_attr(fp);
3013 close_tag(fp, tok->id);
3015 print_delim(fp, del);
3016 print_retval(fp, tok->tt.ret32.status, oflags);
3017 print_delim(fp, del);
3018 print_4_bytes(fp, tok->tt.ret32.ret, "%u");
3039 print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3042 print_tok_type(fp, tok->id, "return", oflags);
3044 open_attr(fp, "errval");
3045 print_retval(fp, tok->tt.ret64.err, oflags);
3046 close_attr(fp);
3047 open_attr(fp, "retval");
3048 print_8_bytes(fp, tok->tt.ret64.val, "%lld");
3049 close_attr(fp);
3050 close_tag(fp, tok->id);
3052 print_delim(fp, del);
3053 print_retval(fp, tok->tt.ret64.err, oflags);
3054 print_delim(fp, del);
3055 print_8_bytes(fp, tok->tt.ret64.val, "%lld");
3075 print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3078 print_tok_type(fp, tok->id, "sequence", oflags);
3080 open_attr(fp, "seq-num");
3081 print_4_bytes(fp, tok->tt.seq.seqno, "%u");
3082 close_attr(fp);
3083 close_tag(fp, tok->id);
3085 print_delim(fp, del);
3086 print_4_bytes(fp, tok->tt.seq.seqno, "%u");
3119 print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3122 print_tok_type(fp, tok->id, "socket-inet", oflags);
3124 open_attr(fp, "type");
3125 print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u");
3126 close_attr(fp);
3127 open_attr(fp, "port");
3128 print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u");
3129 close_attr(fp);
3130 open_attr(fp, "addr");
3131 print_ip_address(fp, tok->tt.sockinet_ex32.addr[0]);
3132 close_attr(fp);
3133 close_tag(fp, tok->id);
3135 print_delim(fp, del);
3136 print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u");
3137 print_delim(fp, del);
3138 print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u");
3139 print_delim(fp, del);
3140 print_ip_address(fp, tok->tt.sockinet_ex32.addr[0]);
3173 print_sock_inet128_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3176 print_tok_type(fp, tok->id, "socket-inet6", oflags);
3178 open_attr(fp, "type");
3179 print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u");
3180 close_attr(fp);
3181 open_attr(fp, "port");
3182 print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u");
3183 close_attr(fp);
3184 open_attr(fp, "addr");
3185 print_ip_ex_address(fp, AU_IPv6, tok->tt.sockinet_ex32.addr);
3186 close_attr(fp);
3187 close_tag(fp, tok->id);
3189 print_delim(fp, del);
3190 print_2_bytes(fp, tok->tt.sockinet_ex32.family, "%u");
3191 print_delim(fp, del);
3192 print_2_bytes(fp, ntohs(tok->tt.sockinet_ex32.port), "%u");
3193 print_delim(fp, del);
3194 print_ip_ex_address(fp, AU_IPv6, tok->tt.sockinet_ex32.addr);
3226 print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3229 print_tok_type(fp, tok->id, "socket-unix", oflags);
3231 open_attr(fp, "type");
3232 print_2_bytes(fp, tok->tt.sockunix.family, "%u");
3233 close_attr(fp);
3234 open_attr(fp, "port");
3235 close_attr(fp);
3236 open_attr(fp, "addr");
3237 print_string(fp, tok->tt.sockunix.path,
3239 close_attr(fp);
3240 close_tag(fp, tok->id);
3242 print_delim(fp, del);
3243 print_2_bytes(fp, tok->tt.sockunix.family, "%u");
3244 print_delim(fp, del);
3245 print_string(fp, tok->tt.sockunix.path,
3290 print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3293 print_tok_type(fp, tok->id, "socket", oflags);
3295 open_attr(fp, "sock_type");
3296 print_2_bytes(fp, tok->tt.socket.type, "%u");
3297 close_attr(fp);
3298 open_attr(fp, "lport");
3299 print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
3300 close_attr(fp);
3301 open_attr(fp, "laddr");
3302 print_ip_address(fp, tok->tt.socket.l_addr);
3303 close_attr(fp);
3304 open_attr(fp, "fport");
3305 print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
3306 close_attr(fp);
3307 open_attr(fp, "faddr");
3308 print_ip_address(fp, tok->tt.socket.r_addr);
3309 close_attr(fp);
3310 close_tag(fp, tok->id);
3312 print_delim(fp, del);
3313 print_2_bytes(fp, tok->tt.socket.type, "%u");
3314 print_delim(fp, del);
3315 print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
3316 print_delim(fp, del);
3317 print_ip_address(fp, tok->tt.socket.l_addr);
3318 print_delim(fp, del);
3319 print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
3320 print_delim(fp, del);
3321 print_ip_address(fp, tok->tt.socket.r_addr);
3383 print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3386 print_tok_type(fp, tok->id, "subject", oflags);
3388 open_attr(fp, "audit-uid");
3389 print_user(fp, tok->tt.subj32.auid, oflags);
3390 close_attr(fp);
3391 open_attr(fp, "uid");
3392 print_user(fp, tok->tt.subj32.euid, oflags);
3393 close_attr(fp);
3394 open_attr(fp, "gid");
3395 print_group(fp, tok->tt.subj32.egid, oflags);
3396 close_attr(fp);
3397 open_attr(fp, "ruid");
3398 print_user(fp, tok->tt.subj32.ruid, oflags);
3399 close_attr(fp);
3400 open_attr(fp, "rgid");
3401 print_group(fp, tok->tt.subj32.rgid, oflags);
3402 close_attr(fp);
3403 open_attr(fp,"pid");
3404 print_4_bytes(fp, tok->tt.subj32.pid, "%u");
3405 close_attr(fp);
3406 open_attr(fp,"sid");
3407 print_4_bytes(fp, tok->tt.subj32.sid, "%u");
3408 close_attr(fp);
3409 open_attr(fp,"tid");
3410 print_4_bytes(fp, tok->tt.subj32.tid.port, "%u ");
3411 print_ip_address(fp, tok->tt.subj32.tid.addr);
3412 close_attr(fp);
3413 close_tag(fp, tok->id);
3415 print_delim(fp, del);
3416 print_user(fp, tok->tt.subj32.auid, oflags);
3417 print_delim(fp, del);
3418 print_user(fp, tok->tt.subj32.euid, oflags);
3419 print_delim(fp, del);
3420 print_group(fp, tok->tt.subj32.egid, oflags);
3421 print_delim(fp, del);
3422 print_user(fp, tok->tt.subj32.ruid, oflags);
3423 print_delim(fp, del);
3424 print_group(fp, tok->tt.subj32.rgid, oflags);
3425 print_delim(fp, del);
3426 print_4_bytes(fp, tok->tt.subj32.pid, "%u");
3427 print_delim(fp, del);
3428 print_4_bytes(fp, tok->tt.subj32.sid, "%u");
3429 print_delim(fp, del);
3430 print_4_bytes(fp, tok->tt.subj32.tid.port, "%u");
3431 print_delim(fp, del);
3432 print_ip_address(fp, tok->tt.subj32.tid.addr);
3437 print_upriv_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3440 print_tok_type(fp, tok->id, "use of privilege", oflags);
3442 open_attr(fp, "status");
3444 (void) fprintf(fp, "successful use of priv");
3446 (void) fprintf(fp, "failed use of priv");
3447 close_attr(fp);
3448 open_attr(fp, "name");
3449 print_string(fp, tok->tt.priv.priv, tok->tt.priv.privstrlen);
3450 close_attr(fp);
3451 close_tag(fp, tok->id);
3453 print_delim(fp, del);
3455 (void) fprintf(fp, "successful use of priv");
3457 (void) fprintf(fp, "failed use of priv");
3458 print_delim(fp, del);
3459 print_string(fp, tok->tt.priv.priv, tok->tt.priv.privstrlen);
3517 print_privset_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3520 print_tok_type(fp, tok->id, "privilege", oflags);
3522 open_attr(fp, "type");
3523 print_string(fp, tok->tt.privset.privtstr,
3525 close_attr(fp);
3526 open_attr(fp, "priv");
3527 print_string(fp, tok->tt.privset.privstr,
3529 close_attr(fp);
3531 print_delim(fp, del);
3532 print_string(fp, tok->tt.privset.privtstr,
3534 print_delim(fp, del);
3535 print_string(fp, tok->tt.privset.privstr,
3598 print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3601 print_tok_type(fp, tok->id, "subject", oflags);
3603 open_attr(fp, "audit-uid");
3604 print_user(fp, tok->tt.subj64.auid, oflags);
3605 close_attr(fp);
3606 open_attr(fp, "uid");
3607 print_user(fp, tok->tt.subj64.euid, oflags);
3608 close_attr(fp);
3609 open_attr(fp, "gid");
3610 print_group(fp, tok->tt.subj64.egid, oflags);
3611 close_attr(fp);
3612 open_attr(fp, "ruid");
3613 print_user(fp, tok->tt.subj64.ruid, oflags);
3614 close_attr(fp);
3615 open_attr(fp, "rgid");
3616 print_group(fp, tok->tt.subj64.rgid, oflags);
3617 close_attr(fp);
3618 open_attr(fp, "pid");
3619 print_4_bytes(fp, tok->tt.subj64.pid, "%u");
3620 close_attr(fp);
3621 open_attr(fp, "sid");
3622 print_4_bytes(fp, tok->tt.subj64.sid, "%u");
3623 close_attr(fp);
3624 open_attr(fp, "tid");
3625 print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu");
3626 print_ip_address(fp, tok->tt.subj64.tid.addr);
3627 close_attr(fp);
3628 close_tag(fp, tok->id);
3630 print_delim(fp, del);
3631 print_user(fp, tok->tt.subj64.auid, oflags);
3632 print_delim(fp, del);
3633 print_user(fp, tok->tt.subj64.euid, oflags);
3634 print_delim(fp, del);
3635 print_group(fp, tok->tt.subj64.egid, oflags);
3636 print_delim(fp, del);
3637 print_user(fp, tok->tt.subj64.ruid, oflags);
3638 print_delim(fp, del);
3639 print_group(fp, tok->tt.subj64.rgid, oflags);
3640 print_delim(fp, del);
3641 print_4_bytes(fp, tok->tt.subj64.pid, "%u");
3642 print_delim(fp, del);
3643 print_4_bytes(fp, tok->tt.subj64.sid, "%u");
3644 print_delim(fp, del);
3645 print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu");
3646 print_delim(fp, del);
3647 print_ip_address(fp, tok->tt.subj64.tid.addr);
3724 print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3727 print_tok_type(fp, tok->id, "subject_ex", oflags);
3729 open_attr(fp, "audit-uid");
3730 print_user(fp, tok->tt.subj32_ex.auid, oflags);
3731 close_attr(fp);
3732 open_attr(fp, "uid");
3733 print_user(fp, tok->tt.subj32_ex.euid, oflags);
3734 close_attr(fp);
3735 open_attr(fp, "gid");
3736 print_group(fp, tok->tt.subj32_ex.egid, oflags);
3737 close_attr(fp);
3738 open_attr(fp, "ruid");
3739 print_user(fp, tok->tt.subj32_ex.ruid, oflags);
3740 close_attr(fp);
3741 open_attr(fp, "rgid");
3742 print_group(fp, tok->tt.subj32_ex.rgid, oflags);
3743 close_attr(fp);
3744 open_attr(fp, "pid");
3745 print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
3746 close_attr(fp);
3747 open_attr(fp, "sid");
3748 print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");
3749 close_attr(fp);
3750 open_attr(fp, "tid");
3751 print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u");
3752 print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type,
3754 close_attr(fp);
3755 close_tag(fp, tok->id);
3757 print_delim(fp, del);
3758 print_user(fp, tok->tt.subj32_ex.auid, oflags);
3759 print_delim(fp, del);
3760 print_user(fp, tok->tt.subj32_ex.euid, oflags);
3761 print_delim(fp, del);
3762 print_group(fp, tok->tt.subj32_ex.egid, oflags);
3763 print_delim(fp, del);
3764 print_user(fp, tok->tt.subj32_ex.ruid, oflags);
3765 print_delim(fp, del);
3766 print_group(fp, tok->tt.subj32_ex.rgid, oflags);
3767 print_delim(fp, del);
3768 print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
3769 print_delim(fp, del);
3770 print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");
3771 print_delim(fp, del);
3772 print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u");
3773 print_delim(fp, del);
3774 print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type,
3852 print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3854 print_tok_type(fp, tok->id, "subject_ex", oflags);
3856 open_attr(fp, "audit-uid");
3857 print_user(fp, tok->tt.subj64_ex.auid, oflags);
3858 close_attr(fp);
3859 open_attr(fp, "uid");
3860 print_user(fp, tok->tt.subj64_ex.euid, oflags);
3861 close_attr(fp);
3862 open_attr(fp, "gid");
3863 print_group(fp, tok->tt.subj64_ex.egid, oflags);
3864 close_attr(fp);
3865 open_attr(fp, "ruid");
3866 print_user(fp, tok->tt.subj64_ex.ruid, oflags);
3867 close_attr(fp);
3868 open_attr(fp, "rgid");
3869 print_group(fp, tok->tt.subj64_ex.rgid, oflags);
3870 close_attr(fp);
3871 open_attr(fp, "pid");
3872 print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
3873 close_attr(fp);
3874 open_attr(fp, "sid");
3875 print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");
3876 close_attr(fp);
3877 open_attr(fp, "tid");
3878 print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu");
3879 print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type,
3881 close_attr(fp);
3882 close_tag(fp, tok->id);
3884 print_delim(fp, del);
3885 print_user(fp, tok->tt.subj64_ex.auid, oflags);
3886 print_delim(fp, del);
3887 print_user(fp, tok->tt.subj64_ex.euid, oflags);
3888 print_delim(fp, del);
3889 print_group(fp, tok->tt.subj64_ex.egid, oflags);
3890 print_delim(fp, del);
3891 print_user(fp, tok->tt.subj64_ex.ruid, oflags);
3892 print_delim(fp, del);
3893 print_group(fp, tok->tt.subj64_ex.rgid, oflags);
3894 print_delim(fp, del);
3895 print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
3896 print_delim(fp, del);
3897 print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");
3898 print_delim(fp, del);
3899 print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu");
3900 print_delim(fp, del);
3901 print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type,
3928 print_text_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
3931 print_tok_type(fp, tok->id, "text", oflags);
3933 print_string(fp, tok->tt.text.text, tok->tt.text.len);
3934 close_tag(fp, tok->id);
3936 print_delim(fp, del);
3937 print_string(fp, tok->tt.text.text, tok->tt.text.len);
4012 print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
4021 print_tok_type(fp, tok->id, "socket", oflags);
4023 open_attr(fp, "sock_dom");
4024 print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x");
4025 close_attr(fp);
4026 open_attr(fp, "sock_type");
4027 print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
4028 close_attr(fp);
4029 open_attr(fp, "lport");
4030 print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
4031 close_attr(fp);
4032 open_attr(fp, "laddr");
4033 print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
4035 close_attr(fp);
4036 open_attr(fp, "faddr");
4037 print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
4039 close_attr(fp);
4040 open_attr(fp, "fport");
4041 print_2_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
4042 close_attr(fp);
4043 close_tag(fp, tok->id);
4045 print_delim(fp, del);
4046 print_2_bytes(fp, tok->tt.socket_ex32.domain, "%#x");
4047 print_delim(fp, del);
4048 print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
4049 print_delim(fp, del);
4050 print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
4051 print_delim(fp, del);
4052 print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
4054 print_delim(fp, del);
4055 print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
4056 print_delim(fp, del);
4057 print_ip_ex_address(fp, tok->tt.socket_ex32.atype,
4083 print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
4087 print_tok_type(fp, tok->id, "unknown", oflags);
4088 print_delim(fp, del);
4089 print_mem(fp, (u_char*)tok->tt.invalid.data,
4115 print_zonename_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags)
4118 print_tok_type(fp, tok->id, "zone", oflags);
4120 open_attr(fp, "name");
4121 print_string(fp, tok->tt.zonename.zonename,
4123 close_attr(fp);
4124 close_tag(fp, tok->id);
4126 print_delim(fp, del);
4127 print_string(fp, tok->tt.zonename.zonename,
4510 au_read_rec(FILE *fp, u_char **buf)
4520 type = fgetc(fp);
4528 if (fread(&recsize, 1, sizeof(u_int32_t), fp) <
4555 if (fread(bptr, 1, bytestoread, fp) < bytestoread) {
4569 if (fread(&sec, 1, sizeof(sec), fp) < sizeof(sec)) {
4573 if (fread(&msec, 1, sizeof(msec), fp) < sizeof(msec)) {
4577 if (fread(&filenamelen, 1, sizeof(filenamelen), fp) <
4598 if (fread(bptr, 1, ntohs(filenamelen), fp) <