const char *aulookup_syscall(llist *l, char *buf, size_t size)
{
const char *sys;
if (report_format <= RPT_DEFAULT) {
snprintf(buf, size, "%d", l->s.syscall);
return buf;
}
machine = audit_elf_to_machine(l->s.arch);
if (machine < 0)
return Q;
sys = audit_syscall_to_name(l->s.syscall, machine);
if (sys) {
const char *func = NULL;
if (strcmp(sys, "socketcall") == 0) {
if (list_find_item(l, AUDIT_SYSCALL))
func = aulookup_socketcall((long)l->cur->a0);
} else if (strcmp(sys, "ipc") == 0) {
if(list_find_item(l, AUDIT_SYSCALL))
func = aulookup_ipccall((long)l->cur->a0);
}
if (func) {
snprintf(buf, size, "%s(%s)", sys, func);
return buf;
}
return sys;
}
snprintf(buf, size, "%d", l->s.syscall);
return buf;
}
static void print_syscall(const char *val)
{
const char *sys;
int ival;
if (machine < 0)
machine = audit_detect_machine();
if (machine < 0) {
printf("%s ", val);
return;
}
errno = 0;
ival = strtoul(val, NULL, 10);
if (errno) {
printf("conversion error(%s) ", val);
return;
}
sys = audit_syscall_to_name(ival, machine);
if (sys) {
const char *func = NULL;
if (strcmp(sys, "socketcall") == 0)
func = aulookup_socketcall((long)a0);
else if (strcmp(sys, "ipc") == 0)
func = aulookup_ipccall((long)a0);
if (func)
printf("%s(%s) ", sys, func);
else
printf("%s ", sys);
}
else
printf("unknown syscall(%s) ", val);
}