diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/xfrm.h | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index f333c95c4189..5d5580ac0101 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -565,26 +565,33 @@ struct xfrm_audit | |||
| 565 | }; | 565 | }; |
| 566 | 566 | ||
| 567 | #ifdef CONFIG_AUDITSYSCALL | 567 | #ifdef CONFIG_AUDITSYSCALL |
| 568 | static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 secid) | 568 | static inline struct audit_buffer *xfrm_audit_start(const char *op) |
| 569 | { | 569 | { |
| 570 | struct audit_buffer *audit_buf = NULL; | 570 | struct audit_buffer *audit_buf = NULL; |
| 571 | char *secctx; | ||
| 572 | u32 secctx_len; | ||
| 573 | 571 | ||
| 572 | if (audit_enabled == 0) | ||
| 573 | return NULL; | ||
| 574 | audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, | 574 | audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, |
| 575 | AUDIT_MAC_IPSEC_EVENT); | 575 | AUDIT_MAC_IPSEC_EVENT); |
| 576 | if (audit_buf == NULL) | 576 | if (audit_buf == NULL) |
| 577 | return NULL; | 577 | return NULL; |
| 578 | audit_log_format(audit_buf, "op=%s", op); | ||
| 579 | return audit_buf; | ||
| 580 | } | ||
| 578 | 581 | ||
| 579 | audit_log_format(audit_buf, "auid=%u", auid); | 582 | static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid, |
| 583 | struct audit_buffer *audit_buf) | ||
| 584 | { | ||
| 585 | char *secctx; | ||
| 586 | u32 secctx_len; | ||
| 580 | 587 | ||
| 588 | audit_log_format(audit_buf, " auid=%u", auid); | ||
| 581 | if (secid != 0 && | 589 | if (secid != 0 && |
| 582 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { | 590 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { |
| 583 | audit_log_format(audit_buf, " subj=%s", secctx); | 591 | audit_log_format(audit_buf, " subj=%s", secctx); |
| 584 | security_release_secctx(secctx, secctx_len); | 592 | security_release_secctx(secctx, secctx_len); |
| 585 | } else | 593 | } else |
| 586 | audit_log_task_context(audit_buf); | 594 | audit_log_task_context(audit_buf); |
| 587 | return audit_buf; | ||
| 588 | } | 595 | } |
| 589 | 596 | ||
| 590 | extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, | 597 | extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
| @@ -595,11 +602,22 @@ extern void xfrm_audit_state_add(struct xfrm_state *x, int result, | |||
| 595 | u32 auid, u32 secid); | 602 | u32 auid, u32 secid); |
| 596 | extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, | 603 | extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
| 597 | u32 auid, u32 secid); | 604 | u32 auid, u32 secid); |
| 605 | extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, | ||
| 606 | struct sk_buff *skb); | ||
| 607 | extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); | ||
| 608 | extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, | ||
| 609 | __be32 net_spi, __be32 net_seq); | ||
| 610 | extern void xfrm_audit_state_icvfail(struct xfrm_state *x, | ||
| 611 | struct sk_buff *skb, u8 proto); | ||
| 598 | #else | 612 | #else |
| 599 | #define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) | 613 | #define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) |
| 600 | #define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) | 614 | #define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) |
| 601 | #define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) | 615 | #define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) |
| 602 | #define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) | 616 | #define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) |
| 617 | #define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0) | ||
| 618 | #define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0) | ||
| 619 | #define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0) | ||
| 620 | #define xfrm_audit_state_icvfail(x, s, p) do { ; } while (0) | ||
| 603 | #endif /* CONFIG_AUDITSYSCALL */ | 621 | #endif /* CONFIG_AUDITSYSCALL */ |
| 604 | 622 | ||
| 605 | static inline void xfrm_pol_hold(struct xfrm_policy *policy) | 623 | static inline void xfrm_pol_hold(struct xfrm_policy *policy) |
| @@ -1214,7 +1232,8 @@ extern int xfrm_state_delete(struct xfrm_state *x); | |||
| 1214 | extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); | 1232 | extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); |
| 1215 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); | 1233 | extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si); |
| 1216 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); | 1234 | extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si); |
| 1217 | extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); | 1235 | extern int xfrm_replay_check(struct xfrm_state *x, |
| 1236 | struct sk_buff *skb, __be32 seq); | ||
| 1218 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); | 1237 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); |
| 1219 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | 1238 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); |
| 1220 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); | 1239 | extern int xfrm_state_mtu(struct xfrm_state *x, int mtu); |