1 files changed, 130 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_addrlist.c b/net/netlabel/netlabel_addrlist.c
index dd928aa52db1..b0925a303353 100644
--- a/net/netlabel/netlabel_addrlist.c
+++ b/net/netlabel/netlabel_addrlist.c
@@ -39,6 +39,7 @@
 #include <linux/ipv6.h>
 #include <net/ip.h>
 #include <net/ipv6.h>
+#include <linux/audit.h>
 #include "netlabel_addrlist.h"
@@ -69,6 +70,32 @@ struct netlbl_af4list *netlbl_af4list_search(__be32 addr,
        return NULL;
 }
+/**
+ * netlbl_af4list_search_exact - Search for an exact IPv4 address entry
+ * @addr: IPv4 address
+ * @mask: IPv4 address mask
+ * @head: the list head
+ *
+ * Description:
+ * Searches the IPv4 address list given by @head.  If an exact match if found
+ * it is returned, otherwise NULL is returned.  The caller is responsible for
+ * calling the rcu_read_[un]lock() functions.
+ *
+ */
+struct netlbl_af4list *netlbl_af4list_search_exact(__be32 addr,
+                                                   __be32 mask,
+                                                   struct list_head *head)
+{
+        struct netlbl_af4list *iter;
+        list_for_each_entry_rcu(iter, head, list)
+                if (iter->valid && iter->addr == addr && iter->mask == mask)
+                        return iter;
+        return NULL;
+}
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 /**
 * netlbl_af6list_search - Search for a matching IPv6 address entry
@@ -93,6 +120,33 @@ struct netlbl_af6list *netlbl_af6list_search(const struct in6_addr *addr,
        return NULL;
 }
+/**
+ * netlbl_af6list_search_exact - Search for an exact IPv6 address entry
+ * @addr: IPv6 address
+ * @mask: IPv6 address mask
+ * @head: the list head
+ *
+ * Description:
+ * Searches the IPv6 address list given by @head.  If an exact match if found
+ * it is returned, otherwise NULL is returned.  The caller is responsible for
+ * calling the rcu_read_[un]lock() functions.
+ *
+ */
+struct netlbl_af6list *netlbl_af6list_search_exact(const struct in6_addr *addr,
+                                                   const struct in6_addr *mask,
+                                                   struct list_head *head)
+{
+        struct netlbl_af6list *iter;
+        list_for_each_entry_rcu(iter, head, list)
+                if (iter->valid &&
+                    ipv6_addr_equal(&iter->addr, addr) &&
+                    ipv6_addr_equal(&iter->mask, mask))
+                        return iter;
+        return NULL;
+}
 #endif /* IPv6 */
 /**
@@ -256,3 +310,79 @@ struct netlbl_af6list *netlbl_af6list_remove(const struct in6_addr *addr,
        return NULL;
 }
 #endif /* IPv6 */
+/*
+ * Audit Helper Functions
+ */
+/**
+ * netlbl_af4list_audit_addr - Audit an IPv4 address
+ * @audit_buf: audit buffer
+ * @src: true if source address, false if destination
+ * @dev: network interface
+ * @addr: IP address
+ * @mask: IP address mask
+ *
+ * Description:
+ * Write the IPv4 address and address mask, if necessary, to @audit_buf.
+ *
+ */
+void netlbl_af4list_audit_addr(struct audit_buffer *audit_buf,
+                                        int src, const char *dev,
+                                        __be32 addr, __be32 mask)
+{
+        u32 mask_val = ntohl(mask);
+        char *dir = (src ? "src" : "dst");
+        if (dev != NULL)
+                audit_log_format(audit_buf, " netif=%s", dev);
+        audit_log_format(audit_buf, " %s=" NIPQUAD_FMT, dir, NIPQUAD(addr));
+        if (mask_val != 0xffffffff) {
+                u32 mask_len = 0;
+                while (mask_val > 0) {
+                        mask_val <<= 1;
+                        mask_len++;
+                }
+                audit_log_format(audit_buf, " %s_prefixlen=%d", dir, mask_len);
+        }
+}
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+/**
+ * netlbl_af6list_audit_addr - Audit an IPv6 address
+ * @audit_buf: audit buffer
+ * @src: true if source address, false if destination
+ * @dev: network interface
+ * @addr: IP address
+ * @mask: IP address mask
+ *
+ * Description:
+ * Write the IPv6 address and address mask, if necessary, to @audit_buf.
+ *
+ */
+void netlbl_af6list_audit_addr(struct audit_buffer *audit_buf,
+                                 int src,
+                                 const char *dev,
+                                 const struct in6_addr *addr,
+                                 const struct in6_addr *mask)
+{
+        char *dir = (src ? "src" : "dst");
+        if (dev != NULL)
+                audit_log_format(audit_buf, " netif=%s", dev);
+        audit_log_format(audit_buf, " %s=" NIP6_FMT, dir, NIP6(*addr));
+        if (ntohl(mask->s6_addr32[3]) != 0xffffffff) {
+                u32 mask_len = 0;
+                u32 mask_val;
+                int iter = -1;
+                while (ntohl(mask->s6_addr32[++iter]) == 0xffffffff)
+                        mask_len += 32;
+                mask_val = ntohl(mask->s6_addr32[iter]);
+                while (mask_val > 0) {
+                        mask_val <<= 1;
+                        mask_len++;
+                }
+                audit_log_format(audit_buf, " %s_prefixlen=%d", dir, mask_len);
+        }
+}
+#endif /* IPv6 */

diff --git a/net/netlabel/netlabel_addrlist.c b/net/netlabel/netlabel_addrlist.c index dd928aa52db1..b0925a303353 100644 --- a/net/netlabel/netlabel_addrlist.c +++ b/net/netlabel/netlabel_addrlist.c
@@ -39,6 +39,7 @@
39	#include <linux/ipv6.h>	39	#include <linux/ipv6.h>
40	#include <net/ip.h>	40	#include <net/ip.h>
41	#include <net/ipv6.h>	41	#include <net/ipv6.h>
		42	#include <linux/audit.h>
42		43
43	#include "netlabel_addrlist.h"	44	#include "netlabel_addrlist.h"
44		45
@@ -69,6 +70,32 @@ struct netlbl_af4list *netlbl_af4list_search(__be32 addr,
69	return NULL;	70	return NULL;
70	}	71	}
71		72
		73	/**
		74	* netlbl_af4list_search_exact - Search for an exact IPv4 address entry
		75	* @addr: IPv4 address
		76	* @mask: IPv4 address mask
		77	* @head: the list head
		78	*
		79	* Description:
		80	* Searches the IPv4 address list given by @head. If an exact match if found
		81	* it is returned, otherwise NULL is returned. The caller is responsible for
		82	* calling the rcu_read_[un]lock() functions.
		83	*
		84	*/
		85	struct netlbl_af4list *netlbl_af4list_search_exact(__be32 addr,
		86	__be32 mask,
		87	struct list_head *head)
		88	{
		89	struct netlbl_af4list *iter;
		90
		91	list_for_each_entry_rcu(iter, head, list)
		92	if (iter->valid && iter->addr == addr && iter->mask == mask)
		93	return iter;
		94
		95	return NULL;
		96	}
		97
		98
72	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	99	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
73	/**	100	/**
74	* netlbl_af6list_search - Search for a matching IPv6 address entry	101	* netlbl_af6list_search - Search for a matching IPv6 address entry
@@ -93,6 +120,33 @@ struct netlbl_af6list netlbl_af6list_search(const struct in6_addr addr,
93		120
94	return NULL;	121	return NULL;
95	}	122	}
		123
		124	/**
		125	* netlbl_af6list_search_exact - Search for an exact IPv6 address entry
		126	* @addr: IPv6 address
		127	* @mask: IPv6 address mask
		128	* @head: the list head
		129	*
		130	* Description:
		131	* Searches the IPv6 address list given by @head. If an exact match if found
		132	* it is returned, otherwise NULL is returned. The caller is responsible for
		133	* calling the rcu_read_[un]lock() functions.
		134	*
		135	*/
		136	struct netlbl_af6list netlbl_af6list_search_exact(const struct in6_addr addr,
		137	const struct in6_addr *mask,
		138	struct list_head *head)
		139	{
		140	struct netlbl_af6list *iter;
		141
		142	list_for_each_entry_rcu(iter, head, list)
		143	if (iter->valid &&
		144	ipv6_addr_equal(&iter->addr, addr) &&
		145	ipv6_addr_equal(&iter->mask, mask))
		146	return iter;
		147
		148	return NULL;
		149	}
96	#endif /* IPv6 */	150	#endif /* IPv6 */
97		151
98	/**	152	/**
@@ -256,3 +310,79 @@ struct netlbl_af6list netlbl_af6list_remove(const struct in6_addr addr,
256	return NULL;	310	return NULL;
257	}	311	}
258	#endif /* IPv6 */	312	#endif /* IPv6 */
		313
		314	/*
		315	* Audit Helper Functions
		316	*/
		317
		318	/**
		319	* netlbl_af4list_audit_addr - Audit an IPv4 address
		320	* @audit_buf: audit buffer
		321	* @src: true if source address, false if destination
		322	* @dev: network interface
		323	* @addr: IP address
		324	* @mask: IP address mask
		325	*
		326	* Description:
		327	* Write the IPv4 address and address mask, if necessary, to @audit_buf.
		328	*
		329	*/
		330	void netlbl_af4list_audit_addr(struct audit_buffer *audit_buf,
		331	int src, const char *dev,
		332	__be32 addr, __be32 mask)
		333	{
		334	u32 mask_val = ntohl(mask);
		335	char *dir = (src ? "src" : "dst");
		336
		337	if (dev != NULL)
		338	audit_log_format(audit_buf, " netif=%s", dev);
		339	audit_log_format(audit_buf, " %s=" NIPQUAD_FMT, dir, NIPQUAD(addr));
		340	if (mask_val != 0xffffffff) {
		341	u32 mask_len = 0;
		342	while (mask_val > 0) {
		343	mask_val <<= 1;
		344	mask_len++;
		345	}
		346	audit_log_format(audit_buf, " %s_prefixlen=%d", dir, mask_len);
		347	}
		348	}
		349
		350	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		351	/**
		352	* netlbl_af6list_audit_addr - Audit an IPv6 address
		353	* @audit_buf: audit buffer
		354	* @src: true if source address, false if destination
		355	* @dev: network interface
		356	* @addr: IP address
		357	* @mask: IP address mask
		358	*
		359	* Description:
		360	* Write the IPv6 address and address mask, if necessary, to @audit_buf.
		361	*
		362	*/
		363	void netlbl_af6list_audit_addr(struct audit_buffer *audit_buf,
		364	int src,
		365	const char *dev,
		366	const struct in6_addr *addr,
		367	const struct in6_addr *mask)
		368	{
		369	char *dir = (src ? "src" : "dst");
		370
		371	if (dev != NULL)
		372	audit_log_format(audit_buf, " netif=%s", dev);
		373	audit_log_format(audit_buf, " %s=" NIP6_FMT, dir, NIP6(*addr));
		374	if (ntohl(mask->s6_addr32[3]) != 0xffffffff) {
		375	u32 mask_len = 0;
		376	u32 mask_val;
		377	int iter = -1;
		378	while (ntohl(mask->s6_addr32[++iter]) == 0xffffffff)
		379	mask_len += 32;
		380	mask_val = ntohl(mask->s6_addr32[iter]);
		381	while (mask_val > 0) {
		382	mask_val <<= 1;
		383	mask_len++;
		384	}
		385	audit_log_format(audit_buf, " %s_prefixlen=%d", dir, mask_len);
		386	}
		387	}
		388	#endif /* IPv6 */