aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/xfrm.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2007-12-20 23:49:33 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:59:40 -0500
commit68277accb3a5f004344f4346498640601b8b7016 (patch)
treee6b541283a516406fbd936051028845a20f5a7c4 /include/net/xfrm.h
parent8ea843495df36036cb7f22f61994b34f8362b443 (diff)
[XFRM]: Assorted IPsec fixups
This patch fixes a number of small but potentially troublesome things in the XFRM/IPsec code: * Use the 'audit_enabled' variable already in include/linux/audit.h Removed the need for extern declarations local to each XFRM audit fuction * Convert 'sid' to 'secid' everywhere we can The 'sid' name is specific to SELinux, 'secid' is the common naming convention used by the kernel when refering to tokenized LSM labels, unfortunately we have to leave 'ctx_sid' in 'struct xfrm_sec_ctx' otherwise we risk breaking userspace * Convert address display to use standard NIP* macros Similar to what was recently done with the SPD audit code, this also also includes the removal of some unnecessary memcpy() calls * Move common code to xfrm_audit_common_stateinfo() Code consolidation from the "less is more" book on software development * Proper spacing around commas in function arguments Minor style tweak since I was already touching the code Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r--include/net/xfrm.h14
1 files changed, 7 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index a79702bcdcd0..f333c95c4189 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -565,7 +565,7 @@ struct xfrm_audit
565}; 565};
566 566
567#ifdef CONFIG_AUDITSYSCALL 567#ifdef CONFIG_AUDITSYSCALL
568static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid) 568static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 secid)
569{ 569{
570 struct audit_buffer *audit_buf = NULL; 570 struct audit_buffer *audit_buf = NULL;
571 char *secctx; 571 char *secctx;
@@ -578,8 +578,8 @@ static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
578 578
579 audit_log_format(audit_buf, "auid=%u", auid); 579 audit_log_format(audit_buf, "auid=%u", auid);
580 580
581 if (sid != 0 && 581 if (secid != 0 &&
582 security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) { 582 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
583 audit_log_format(audit_buf, " subj=%s", secctx); 583 audit_log_format(audit_buf, " subj=%s", secctx);
584 security_release_secctx(secctx, secctx_len); 584 security_release_secctx(secctx, secctx_len);
585 } else 585 } else
@@ -588,13 +588,13 @@ static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
588} 588}
589 589
590extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 590extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
591 u32 auid, u32 sid); 591 u32 auid, u32 secid);
592extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 592extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
593 u32 auid, u32 sid); 593 u32 auid, u32 secid);
594extern void xfrm_audit_state_add(struct xfrm_state *x, int result, 594extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
595 u32 auid, u32 sid); 595 u32 auid, u32 secid);
596extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, 596extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
597 u32 auid, u32 sid); 597 u32 auid, u32 secid);
598#else 598#else
599#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) 599#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0)
600#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) 600#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0)