diff options
Diffstat (limited to 'net/xfrm/xfrm_state.c')
| -rw-r--r-- | net/xfrm/xfrm_state.c | 53 |
1 files changed, 22 insertions, 31 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f7c0951c9fd..9e57378c51d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -19,6 +19,7 @@ | |||
| 19 | #include <linux/ipsec.h> | 19 | #include <linux/ipsec.h> |
| 20 | #include <linux/module.h> | 20 | #include <linux/module.h> |
| 21 | #include <linux/cache.h> | 21 | #include <linux/cache.h> |
| 22 | #include <linux/audit.h> | ||
| 22 | #include <asm/uaccess.h> | 23 | #include <asm/uaccess.h> |
| 23 | 24 | ||
| 24 | #include "xfrm_hash.h" | 25 | #include "xfrm_hash.h" |
| @@ -1998,69 +1999,59 @@ void __init xfrm_state_init(void) | |||
| 1998 | static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x, | 1999 | static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x, |
| 1999 | struct audit_buffer *audit_buf) | 2000 | struct audit_buffer *audit_buf) |
| 2000 | { | 2001 | { |
| 2001 | if (x->security) | 2002 | struct xfrm_sec_ctx *ctx = x->security; |
| 2003 | u32 spi = ntohl(x->id.spi); | ||
| 2004 | |||
| 2005 | if (ctx) | ||
| 2002 | audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", | 2006 | audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", |
| 2003 | x->security->ctx_alg, x->security->ctx_doi, | 2007 | ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); |
| 2004 | x->security->ctx_str); | ||
| 2005 | 2008 | ||
| 2006 | switch(x->props.family) { | 2009 | switch(x->props.family) { |
| 2007 | case AF_INET: | 2010 | case AF_INET: |
| 2008 | audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u", | 2011 | audit_log_format(audit_buf, |
| 2012 | " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT, | ||
| 2009 | NIPQUAD(x->props.saddr.a4), | 2013 | NIPQUAD(x->props.saddr.a4), |
| 2010 | NIPQUAD(x->id.daddr.a4)); | 2014 | NIPQUAD(x->id.daddr.a4)); |
| 2011 | break; | 2015 | break; |
| 2012 | case AF_INET6: | 2016 | case AF_INET6: |
| 2013 | { | 2017 | audit_log_format(audit_buf, |
| 2014 | struct in6_addr saddr6, daddr6; | 2018 | " src=" NIP6_FMT " dst=" NIP6_FMT, |
| 2015 | 2019 | NIP6(*(struct in6_addr *)x->props.saddr.a6), | |
| 2016 | memcpy(&saddr6, x->props.saddr.a6, | 2020 | NIP6(*(struct in6_addr *)x->id.daddr.a6)); |
| 2017 | sizeof(struct in6_addr)); | ||
| 2018 | memcpy(&daddr6, x->id.daddr.a6, | ||
| 2019 | sizeof(struct in6_addr)); | ||
| 2020 | audit_log_format(audit_buf, | ||
| 2021 | " src=" NIP6_FMT " dst=" NIP6_FMT, | ||
| 2022 | NIP6(saddr6), NIP6(daddr6)); | ||
| 2023 | } | ||
| 2024 | break; | 2021 | break; |
| 2025 | } | 2022 | } |
| 2023 | |||
| 2024 | audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); | ||
| 2026 | } | 2025 | } |
| 2027 | 2026 | ||
| 2028 | void | 2027 | void xfrm_audit_state_add(struct xfrm_state *x, int result, |
| 2029 | xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid) | 2028 | u32 auid, u32 secid) |
| 2030 | { | 2029 | { |
| 2031 | struct audit_buffer *audit_buf; | 2030 | struct audit_buffer *audit_buf; |
| 2032 | u32 spi; | ||
| 2033 | extern int audit_enabled; | ||
| 2034 | 2031 | ||
| 2035 | if (audit_enabled == 0) | 2032 | if (audit_enabled == 0) |
| 2036 | return; | 2033 | return; |
| 2037 | audit_buf = xfrm_audit_start(auid, sid); | 2034 | audit_buf = xfrm_audit_start(auid, secid); |
| 2038 | if (audit_buf == NULL) | 2035 | if (audit_buf == NULL) |
| 2039 | return; | 2036 | return; |
| 2040 | audit_log_format(audit_buf, " op=SAD-add res=%u",result); | 2037 | audit_log_format(audit_buf, " op=SAD-add res=%u", result); |
| 2041 | xfrm_audit_common_stateinfo(x, audit_buf); | 2038 | xfrm_audit_common_stateinfo(x, audit_buf); |
| 2042 | spi = ntohl(x->id.spi); | ||
| 2043 | audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); | ||
| 2044 | audit_log_end(audit_buf); | 2039 | audit_log_end(audit_buf); |
| 2045 | } | 2040 | } |
| 2046 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); | 2041 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); |
| 2047 | 2042 | ||
| 2048 | void | 2043 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
| 2049 | xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid) | 2044 | u32 auid, u32 secid) |
| 2050 | { | 2045 | { |
| 2051 | struct audit_buffer *audit_buf; | 2046 | struct audit_buffer *audit_buf; |
| 2052 | u32 spi; | ||
| 2053 | extern int audit_enabled; | ||
| 2054 | 2047 | ||
| 2055 | if (audit_enabled == 0) | 2048 | if (audit_enabled == 0) |
| 2056 | return; | 2049 | return; |
| 2057 | audit_buf = xfrm_audit_start(auid, sid); | 2050 | audit_buf = xfrm_audit_start(auid, secid); |
| 2058 | if (audit_buf == NULL) | 2051 | if (audit_buf == NULL) |
| 2059 | return; | 2052 | return; |
| 2060 | audit_log_format(audit_buf, " op=SAD-delete res=%u",result); | 2053 | audit_log_format(audit_buf, " op=SAD-delete res=%u", result); |
| 2061 | xfrm_audit_common_stateinfo(x, audit_buf); | 2054 | xfrm_audit_common_stateinfo(x, audit_buf); |
| 2062 | spi = ntohl(x->id.spi); | ||
| 2063 | audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); | ||
| 2064 | audit_log_end(audit_buf); | 2055 | audit_log_end(audit_buf); |
| 2065 | } | 2056 | } |
| 2066 | EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); | 2057 | EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); |