原标题:Linux安全审计机制模块实现分析(13)-核心文件之一audit.c核心代码注释
2.4.1.6核心代码注释
//创建一个审计缓冲区,存放类型为type的审计消息
struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,int type)
{
struct audit_buffer*ab= NULL;
struct timespect;
unsigned intuninitialized_var(serial);
int reserve;
unsigned long timeout_start = jiffies;
if (audit_initialized != AUDIT_INITIALIZED) //审计系统未初始化
return NULL;
if (unlikely(audit_filter_type(type))) //要存放的审计消息是否type类型上某条规则不允许的?
return NULL;
if (gfp_mask & __GFP_WAIT)
reserve = 0;
else
reserve = 5; /* 允许调用存放超出消息数上限的5个消息*/
//套接字缓冲区队列中存放的消息数已达上限,并且预留的缓冲区也用完了
while (audit_backlog_limit && skb_queue_len(&audit_skb_queue) > audit_backlog_limit + reserve) {
if (gfp_mask &