1 files changed, 13 insertions, 83 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index ab8131a8e489..e8a5c32b0f10 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -146,76 +146,6 @@ static const struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1
 };
 /*
- * Audit Helper Functions
- */
-/**
- * netlbl_unlabel_audit_addr4 - Audit an IPv4 address
- * @audit_buf: audit buffer
- * @dev: network interface
- * @addr: IP address
- * @mask: IP address mask
- *
- * Description:
- * Write the IPv4 address and address mask, if necessary, to @audit_buf.
- *
- */
-static void netlbl_unlabel_audit_addr4(struct audit_buffer *audit_buf,
-                                     const char *dev,
-                                     __be32 addr, __be32 mask)
-{
-        u32 mask_val = ntohl(mask);
-        if (dev != NULL)
-                audit_log_format(audit_buf, " netif=%s", dev);
-        audit_log_format(audit_buf, " src=" NIPQUAD_FMT, NIPQUAD(addr));
-        if (mask_val != 0xffffffff) {
-                u32 mask_len = 0;
-                while (mask_val > 0) {
-                        mask_val <<= 1;
-                        mask_len++;
-                }
-                audit_log_format(audit_buf, " src_prefixlen=%d", mask_len);
-        }
-}
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-/**
- * netlbl_unlabel_audit_addr6 - Audit an IPv6 address
- * @audit_buf: audit buffer
- * @dev: network interface
- * @addr: IP address
- * @mask: IP address mask
- *
- * Description:
- * Write the IPv6 address and address mask, if necessary, to @audit_buf.
- *
- */
-static void netlbl_unlabel_audit_addr6(struct audit_buffer *audit_buf,
-                                     const char *dev,
-                                     const struct in6_addr *addr,
-                                     const struct in6_addr *mask)
-{
-        if (dev != NULL)
-                audit_log_format(audit_buf, " netif=%s", dev);
-        audit_log_format(audit_buf, " src=" NIP6_FMT, NIP6(*addr));
-        if (ntohl(mask->s6_addr32[3]) != 0xffffffff) {
-                u32 mask_len = 0;
-                u32 mask_val;
-                int iter = -1;
-                while (ntohl(mask->s6_addr32[++iter]) == 0xffffffff)
-                        mask_len += 32;
-                mask_val = ntohl(mask->s6_addr32[iter]);
-                while (mask_val > 0) {
-                        mask_val <<= 1;
-                        mask_len++;
-                }
-                audit_log_format(audit_buf, " src_prefixlen=%d", mask_len);
-        }
-}
-#endif /* IPv6 */
-/*
 * Unlabeled Connection Hash Table Functions
 */
@@ -571,10 +501,10 @@ static int netlbl_unlhsh_add(struct net *net,
                mask4 = (struct in_addr *)mask;
                ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid);
                if (audit_buf != NULL)
-                        netlbl_unlabel_audit_addr4(audit_buf,
+                        netlbl_af4list_audit_addr(audit_buf, 1,
-                                                   dev_name,
+                                                  dev_name,
-                                                   addr4->s_addr,
+                                                  addr4->s_addr,
-                                                   mask4->s_addr);
+                                                  mask4->s_addr);
                break;
        }
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
@@ -585,9 +515,9 @@ static int netlbl_unlhsh_add(struct net *net,
                mask6 = (struct in6_addr *)mask;
                ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid);
                if (audit_buf != NULL)
-                        netlbl_unlabel_audit_addr6(audit_buf,
+                        netlbl_af6list_audit_addr(audit_buf, 1,
-                                                   dev_name,
+                                                  dev_name,
-                                                   addr6, mask6);
+                                                  addr6, mask6);
                break;
        }
 #endif /* IPv6 */
@@ -652,9 +582,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
                                              audit_info);
        if (audit_buf != NULL) {
                dev = dev_get_by_index(net, iface->ifindex);
-                netlbl_unlabel_audit_addr4(audit_buf,
+                netlbl_af4list_audit_addr(audit_buf, 1,
-                                           (dev != NULL ? dev->name : NULL),
+                                          (dev != NULL ? dev->name : NULL),
-                                           addr->s_addr, mask->s_addr);
+                                          addr->s_addr, mask->s_addr);
                if (dev != NULL)
                        dev_put(dev);
                if (entry && security_secid_to_secctx(entry->secid,
@@ -712,9 +642,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
                                              audit_info);
        if (audit_buf != NULL) {
                dev = dev_get_by_index(net, iface->ifindex);
-                netlbl_unlabel_audit_addr6(audit_buf,
+                netlbl_af6list_audit_addr(audit_buf, 1,
-                                           (dev != NULL ? dev->name : NULL),
+                                          (dev != NULL ? dev->name : NULL),
-                                           addr, mask);
+                                          addr, mask);
                if (dev != NULL)
                        dev_put(dev);
                if (entry && security_secid_to_secctx(entry->secid,

diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index ab8131a8e489..e8a5c32b0f10 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c
@@ -146,76 +146,6 @@ static const struct nla_policy netlbl_unlabel_genl_policy[NLBL_UNLABEL_A_MAX + 1
146	};	146	};
147		147
148	/*	148	/*
149	* Audit Helper Functions
150	*/
151
152	/**
153	* netlbl_unlabel_audit_addr4 - Audit an IPv4 address
154	* @audit_buf: audit buffer
155	* @dev: network interface
156	* @addr: IP address
157	* @mask: IP address mask
158	*
159	* Description:
160	* Write the IPv4 address and address mask, if necessary, to @audit_buf.
161	*
162	*/
163	static void netlbl_unlabel_audit_addr4(struct audit_buffer *audit_buf,
164	const char *dev,
165	__be32 addr, __be32 mask)
166	{
167	u32 mask_val = ntohl(mask);
168
169	if (dev != NULL)
170	audit_log_format(audit_buf, " netif=%s", dev);
171	audit_log_format(audit_buf, " src=" NIPQUAD_FMT, NIPQUAD(addr));
172	if (mask_val != 0xffffffff) {
173	u32 mask_len = 0;
174	while (mask_val > 0) {
175	mask_val <<= 1;
176	mask_len++;
177	}
178	audit_log_format(audit_buf, " src_prefixlen=%d", mask_len);
179	}
180	}
181
182	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
183	/**
184	* netlbl_unlabel_audit_addr6 - Audit an IPv6 address
185	* @audit_buf: audit buffer
186	* @dev: network interface
187	* @addr: IP address
188	* @mask: IP address mask
189	*
190	* Description:
191	* Write the IPv6 address and address mask, if necessary, to @audit_buf.
192	*
193	*/
194	static void netlbl_unlabel_audit_addr6(struct audit_buffer *audit_buf,
195	const char *dev,
196	const struct in6_addr *addr,
197	const struct in6_addr *mask)
198	{
199	if (dev != NULL)
200	audit_log_format(audit_buf, " netif=%s", dev);
201	audit_log_format(audit_buf, " src=" NIP6_FMT, NIP6(*addr));
202	if (ntohl(mask->s6_addr32[3]) != 0xffffffff) {
203	u32 mask_len = 0;
204	u32 mask_val;
205	int iter = -1;
206	while (ntohl(mask->s6_addr32[++iter]) == 0xffffffff)
207	mask_len += 32;
208	mask_val = ntohl(mask->s6_addr32[iter]);
209	while (mask_val > 0) {
210	mask_val <<= 1;
211	mask_len++;
212	}
213	audit_log_format(audit_buf, " src_prefixlen=%d", mask_len);
214	}
215	}
216	#endif /* IPv6 */
217
218	/*
219	* Unlabeled Connection Hash Table Functions	149	* Unlabeled Connection Hash Table Functions
220	*/	150	*/
221		151
@@ -571,10 +501,10 @@ static int netlbl_unlhsh_add(struct net *net,
571	mask4 = (struct in_addr *)mask;	501	mask4 = (struct in_addr *)mask;
572	ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid);	502	ret_val = netlbl_unlhsh_add_addr4(iface, addr4, mask4, secid);
573	if (audit_buf != NULL)	503	if (audit_buf != NULL)
574	netlbl_unlabel_audit_addr4(audit_buf,	504	netlbl_af4list_audit_addr(audit_buf, 1,
575	dev_name,	505	dev_name,
576	addr4->s_addr,	506	addr4->s_addr,
577	mask4->s_addr);	507	mask4->s_addr);
578	break;	508	break;
579	}	509	}
580	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	510	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
@@ -585,9 +515,9 @@ static int netlbl_unlhsh_add(struct net *net,
585	mask6 = (struct in6_addr *)mask;	515	mask6 = (struct in6_addr *)mask;
586	ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid);	516	ret_val = netlbl_unlhsh_add_addr6(iface, addr6, mask6, secid);
587	if (audit_buf != NULL)	517	if (audit_buf != NULL)
588	netlbl_unlabel_audit_addr6(audit_buf,	518	netlbl_af6list_audit_addr(audit_buf, 1,
589	dev_name,	519	dev_name,
590	addr6, mask6);	520	addr6, mask6);
591	break;	521	break;
592	}	522	}
593	#endif /* IPv6 */	523	#endif /* IPv6 */
@@ -652,9 +582,9 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
652	audit_info);	582	audit_info);
653	if (audit_buf != NULL) {	583	if (audit_buf != NULL) {
654	dev = dev_get_by_index(net, iface->ifindex);	584	dev = dev_get_by_index(net, iface->ifindex);
655	netlbl_unlabel_audit_addr4(audit_buf,	585	netlbl_af4list_audit_addr(audit_buf, 1,
656	(dev != NULL ? dev->name : NULL),	586	(dev != NULL ? dev->name : NULL),
657	addr->s_addr, mask->s_addr);	587	addr->s_addr, mask->s_addr);
658	if (dev != NULL)	588	if (dev != NULL)
659	dev_put(dev);	589	dev_put(dev);
660	if (entry && security_secid_to_secctx(entry->secid,	590	if (entry && security_secid_to_secctx(entry->secid,
@@ -712,9 +642,9 @@ static int netlbl_unlhsh_remove_addr6(struct net *net,
712	audit_info);	642	audit_info);
713	if (audit_buf != NULL) {	643	if (audit_buf != NULL) {
714	dev = dev_get_by_index(net, iface->ifindex);	644	dev = dev_get_by_index(net, iface->ifindex);
715	netlbl_unlabel_audit_addr6(audit_buf,	645	netlbl_af6list_audit_addr(audit_buf, 1,
716	(dev != NULL ? dev->name : NULL),	646	(dev != NULL ? dev->name : NULL),
717	addr, mask);	647	addr, mask);
718	if (dev != NULL)	648	if (dev != NULL)
719	dev_put(dev);	649	dev_put(dev);
720	if (entry && security_secid_to_secctx(entry->secid,	650	if (entry && security_secid_to_secctx(entry->secid,