diff options
Diffstat (limited to 'include/net/xfrm.h')
-rw-r--r-- | include/net/xfrm.h | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index f333c95c4189..5d5580ac0101 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -565,26 +565,33 @@ struct xfrm_audit | |||
565 | }; | 565 | }; |
566 | 566 | ||
567 | #ifdef CONFIG_AUDITSYSCALL | 567 | #ifdef CONFIG_AUDITSYSCALL |
568 | static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 secid) | 568 | static inline struct audit_buffer *xfrm_audit_start(const char *op) |
569 | { | 569 | { |
570 | struct audit_buffer *audit_buf = NULL; | 570 | struct audit_buffer *audit_buf = NULL; |
571 | char *secctx; | ||
572 | u32 secctx_len; | ||
573 | 571 | ||
572 | if (audit_enabled == 0) | ||
573 | return NULL; | ||
574 | audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, | 574 | audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, |
575 | AUDIT_MAC_IPSEC_EVENT); | 575 | AUDIT_MAC_IPSEC_EVENT); |
576 | if (audit_buf == NULL) | 576 | if (audit_buf == NULL) |
577 | return NULL; | 577 | return NULL; |
578 | audit_log_format(audit_buf, "op=%s", op); | ||
579 | return audit_buf; | ||
580 | } | ||
578 | 581 | ||
579 | audit_log_format(audit_buf, "auid=%u", auid); | 582 | static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid, |
583 | struct audit_buffer *audit_buf) | ||
584 | { | ||
585 | char *secctx; | ||
586 | u32 secctx_len; | ||
580 | 587 | ||
588 | audit_log_format(audit_buf, " auid=%u", auid); | ||
581 | if (secid != 0 && | 589 | if (secid != 0 && |
582 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { | 590 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { |
583 | audit_log_format(audit_buf, " subj=%s", secctx); | 591 | audit_log_format(audit_buf, " subj=%s", secctx); |
584 | security_release_secctx(secctx, secctx_len); | 592 | security_release_secctx(secctx, secctx_len); |
585 | } else | 593 | } else |
586 | audit_log_task_context(audit_buf); | 594 | audit_log_task_context(audit_buf); |
587 | return audit_buf; | ||
588 | } | 595 | } |
589 | 596 | ||
590 | extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | 597 | extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
@@ -595,11 +602,22 @@ extern void xfrm_audit_state_add(struct xfrm_state *x, int result, | |||
595 | u32 auid, u32 secid); | 602 | u32 auid, u32 secid); |
596 | extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, | 603 | extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
597 | u32 auid, u32 secid); | 604 | u32 auid, u32 secid); |
605 | extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, | ||
606 | struct sk_buff *skb); | ||
607 | extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); | ||
608 | extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, | ||
609 | __be32 net_spi, __be32 net_seq); | ||
610 | extern void xfrm_audit_state_icvfail(struct xfrm_state *x, | ||
611 | struct sk_buff *skb, u8 proto); | ||
598 | #else | 612 | #else |
599 | #define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) | 613 | #define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) |
600 | #define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) | 614 | #define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) |
601 | #define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) | 615 | #define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) |
602 | #define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) | 616 | #define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) |
617 | #define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0) | ||
618 | #define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0) | ||
619 | #define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0) | ||
620 | #define xfrm_audit_state_icvfail(x, s, p) do { ; } while (0) | ||
603 | #endif /* CONFIG_AUDITSYSCALL */ | 621 | #endif /* CONFIG_AUDITSYSCALL */ |
604 | 622 | ||
605 | static inline void xfrm_pol_hold(struct xfrm_policy *policy) | 623 | static inline void xfrm_pol_hold(struct xfrm_policy *policy) |
@@ -1214,7 +1232,8 @@ extern int xfrm_state_delete(struct xfrm_state *x); | |||
1214 | extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); | 1232 | extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); |
1215 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); | 1233 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); |
1216 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); | 1234 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); |
1217 | extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); | 1235 | extern int xfrm_replay_check(struct xfrm_state *x, |
1236 | struct sk_buff *skb, __be32 seq); | ||
1218 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); | 1237 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); |
1219 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | 1238 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); |
1220 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); | 1239 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); |