1 files changed, 26 insertions, 18 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index b153f7482052..a76280a14e72 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2266,29 +2266,37 @@ void __init xfrm_init(void)
 static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
                                                struct audit_buffer *audit_buf)
 {
-        if (xp->security)
+        struct xfrm_sec_ctx *ctx = xp->security;
+        struct xfrm_selector *sel = &xp->selector;
+        if (ctx)
                audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
-                                 xp->security->ctx_alg, xp->security->ctx_doi,
+                                 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
-                                 xp->security->ctx_str);
-        switch(xp->selector.family) {
+        switch(sel->family) {
        case AF_INET:
-                audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
+                audit_log_format(audit_buf, " src=" NIPQUAD_FMT,
-                                 NIPQUAD(xp->selector.saddr.a4),
+                                 NIPQUAD(sel->saddr.a4));
-                                 NIPQUAD(xp->selector.daddr.a4));
+                if (sel->prefixlen_s != 32)
+                        audit_log_format(audit_buf, " src_prefixlen=%d",
+                                         sel->prefixlen_s);
+                audit_log_format(audit_buf, " dst=" NIPQUAD_FMT,
+                                 NIPQUAD(sel->daddr.a4));
+                if (sel->prefixlen_d != 32)
+                        audit_log_format(audit_buf, " dst_prefixlen=%d",
+                                         sel->prefixlen_d);
                break;
        case AF_INET6:
-                {
+                audit_log_format(audit_buf, " src=" NIP6_FMT,
-                        struct in6_addr saddr6, daddr6;
+                                 NIP6(*(struct in6_addr *)sel->saddr.a6));
+                if (sel->prefixlen_s != 128)
-                        memcpy(&saddr6, xp->selector.saddr.a6,
+                        audit_log_format(audit_buf, " src_prefixlen=%d",
-                                sizeof(struct in6_addr));
+                                         sel->prefixlen_s);
-                        memcpy(&daddr6, xp->selector.daddr.a6,
+                audit_log_format(audit_buf, " dst=" NIP6_FMT,
-                                sizeof(struct in6_addr));
+                                 NIP6(*(struct in6_addr *)sel->daddr.a6));
-                        audit_log_format(audit_buf,
+                if (sel->prefixlen_d != 128)
-                                " src=" NIP6_FMT " dst=" NIP6_FMT,
+                        audit_log_format(audit_buf, " dst_prefixlen=%d",
-                                NIP6(saddr6), NIP6(daddr6));
+                                         sel->prefixlen_d);
-                }
                break;
        }
 }

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b153f7482052..a76280a14e72 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -2266,29 +2266,37 @@ void __init xfrm_init(void)
2266	static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,	2266	static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2267	struct audit_buffer *audit_buf)	2267	struct audit_buffer *audit_buf)
2268	{	2268	{
2269	if (xp->security)	2269	struct xfrm_sec_ctx *ctx = xp->security;
		2270	struct xfrm_selector *sel = &xp->selector;
		2271
		2272	if (ctx)
2270	audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",	2273	audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2271	xp->security->ctx_alg, xp->security->ctx_doi,	2274	ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2272	xp->security->ctx_str);
2273		2275
2274	switch(xp->selector.family) {	2276	switch(sel->family) {
2275	case AF_INET:	2277	case AF_INET:
2276	audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",	2278	audit_log_format(audit_buf, " src=" NIPQUAD_FMT,
2277	NIPQUAD(xp->selector.saddr.a4),	2279	NIPQUAD(sel->saddr.a4));
2278	NIPQUAD(xp->selector.daddr.a4));	2280	if (sel->prefixlen_s != 32)
		2281	audit_log_format(audit_buf, " src_prefixlen=%d",
		2282	sel->prefixlen_s);
		2283	audit_log_format(audit_buf, " dst=" NIPQUAD_FMT,
		2284	NIPQUAD(sel->daddr.a4));
		2285	if (sel->prefixlen_d != 32)
		2286	audit_log_format(audit_buf, " dst_prefixlen=%d",
		2287	sel->prefixlen_d);
2279	break;	2288	break;
2280	case AF_INET6:	2289	case AF_INET6:
2281	{	2290	audit_log_format(audit_buf, " src=" NIP6_FMT,
2282	struct in6_addr saddr6, daddr6;	2291	NIP6((struct in6_addr )sel->saddr.a6));
2283		2292	if (sel->prefixlen_s != 128)
2284	memcpy(&saddr6, xp->selector.saddr.a6,	2293	audit_log_format(audit_buf, " src_prefixlen=%d",
2285	sizeof(struct in6_addr));	2294	sel->prefixlen_s);
2286	memcpy(&daddr6, xp->selector.daddr.a6,	2295	audit_log_format(audit_buf, " dst=" NIP6_FMT,
2287	sizeof(struct in6_addr));	2296	NIP6((struct in6_addr )sel->daddr.a6));
2288	audit_log_format(audit_buf,	2297	if (sel->prefixlen_d != 128)
2289	" src=" NIP6_FMT " dst=" NIP6_FMT,	2298	audit_log_format(audit_buf, " dst_prefixlen=%d",
2290	NIP6(saddr6), NIP6(daddr6));	2299	sel->prefixlen_d);
2291	}
2292	break;	2300	break;
2293	}	2301	}
2294	}	2302	}