3 files changed, 58 insertions, 12 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 25872747762c..9d88c3df804a 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2469,13 +2469,11 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
                                         sel->prefixlen_d);
                break;
        case AF_INET6:
-                audit_log_format(audit_buf, " src=" NIP6_FMT,
+                audit_log_format(audit_buf, " src=%pI6", sel->saddr.a6);
-                                 NIP6(*(struct in6_addr *)sel->saddr.a6));
                if (sel->prefixlen_s != 128)
                        audit_log_format(audit_buf, " src_prefixlen=%d",
                                         sel->prefixlen_s);
-                audit_log_format(audit_buf, " dst=" NIP6_FMT,
+                audit_log_format(audit_buf, " dst=%pI6", sel->daddr.a6);
-                                 NIP6(*(struct in6_addr *)sel->daddr.a6));
                if (sel->prefixlen_d != 128)
                        audit_log_format(audit_buf, " dst_prefixlen=%d",
                                         sel->prefixlen_d);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 508337f97249..304eca4ac970 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2115,10 +2115,8 @@ static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
                                 NIPQUAD(x->id.daddr.a4));
                break;
        case AF_INET6:
-                audit_log_format(audit_buf,
+                audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
-                                 " src=" NIP6_FMT " dst=" NIP6_FMT,
+                                 x->props.saddr.a6, x->id.daddr.a6);
-                                 NIP6(*(struct in6_addr *)x->props.saddr.a6),
-                                 NIP6(*(struct in6_addr *)x->id.daddr.a6));
                break;
        }
@@ -2142,10 +2140,8 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
        case AF_INET6:
                iph6 = ipv6_hdr(skb);
                audit_log_format(audit_buf,
-                                 " src=" NIP6_FMT " dst=" NIP6_FMT
+                                 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
-                                 " flowlbl=0x%x%02x%02x",
+                                 &iph6->saddr,&iph6->daddr,
-                                 NIP6(iph6->saddr),
-                                 NIP6(iph6->daddr),
                                 iph6->flow_lbl[0] & 0x0f,
                                 iph6->flow_lbl[1],
                                 iph6->flow_lbl[2]);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 4a8a1abb59ee..76cf56d5d834 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2503,6 +2503,57 @@ static int xfrm_send_report(u8 proto, struct xfrm_selector *sel,
        return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC);
 }
+static inline size_t xfrm_mapping_msgsize(void)
+{
+        return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping));
+}
+static int build_mapping(struct sk_buff *skb, struct xfrm_state *x,
+                         xfrm_address_t *new_saddr, __be16 new_sport)
+{
+        struct xfrm_user_mapping *um;
+        struct nlmsghdr *nlh;
+        nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0);
+        if (nlh == NULL)
+                return -EMSGSIZE;
+        um = nlmsg_data(nlh);
+        memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr));
+        um->id.spi = x->id.spi;
+        um->id.family = x->props.family;
+        um->id.proto = x->id.proto;
+        memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr));
+        memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr));
+        um->new_sport = new_sport;
+        um->old_sport = x->encap->encap_sport;
+        um->reqid = x->props.reqid;
+        return nlmsg_end(skb, nlh);
+}
+static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
+                             __be16 sport)
+{
+        struct sk_buff *skb;
+        if (x->id.proto != IPPROTO_ESP)
+                return -EINVAL;
+        if (!x->encap)
+                return -EINVAL;
+        skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC);
+        if (skb == NULL)
+                return -ENOMEM;
+        if (build_mapping(skb, x, ipaddr, sport) < 0)
+                BUG();
+        return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_MAPPING, GFP_ATOMIC);
+}
 static struct xfrm_mgr netlink_mgr = {
        .id             = "netlink",
        .notify         = xfrm_send_state_notify,
@@ -2511,6 +2562,7 @@ static struct xfrm_mgr netlink_mgr = {
        .notify_policy  = xfrm_send_policy_notify,
        .report         = xfrm_send_report,
        .migrate        = xfrm_send_migrate,
+        .new_mapping    = xfrm_send_mapping,
 };
 static int __init xfrm_user_init(void)

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 25872747762c..9d88c3df804a 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -2469,13 +2469,11 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2469	sel->prefixlen_d);	2469	sel->prefixlen_d);
2470	break;	2470	break;
2471	case AF_INET6:	2471	case AF_INET6:
2472	audit_log_format(audit_buf, " src=" NIP6_FMT,	2472	audit_log_format(audit_buf, " src=%pI6", sel->saddr.a6);
2473	NIP6((struct in6_addr )sel->saddr.a6));
2474	if (sel->prefixlen_s != 128)	2473	if (sel->prefixlen_s != 128)
2475	audit_log_format(audit_buf, " src_prefixlen=%d",	2474	audit_log_format(audit_buf, " src_prefixlen=%d",
2476	sel->prefixlen_s);	2475	sel->prefixlen_s);
2477	audit_log_format(audit_buf, " dst=" NIP6_FMT,	2476	audit_log_format(audit_buf, " dst=%pI6", sel->daddr.a6);
2478	NIP6((struct in6_addr )sel->daddr.a6));
2479	if (sel->prefixlen_d != 128)	2477	if (sel->prefixlen_d != 128)
2480	audit_log_format(audit_buf, " dst_prefixlen=%d",	2478	audit_log_format(audit_buf, " dst_prefixlen=%d",
2481	sel->prefixlen_d);	2479	sel->prefixlen_d);


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 508337f97249..304eca4ac970 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -2115,10 +2115,8 @@ static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2115	NIPQUAD(x->id.daddr.a4));	2115	NIPQUAD(x->id.daddr.a4));
2116	break;	2116	break;
2117	case AF_INET6:	2117	case AF_INET6:
2118	audit_log_format(audit_buf,	2118	audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2119	" src=" NIP6_FMT " dst=" NIP6_FMT,	2119	x->props.saddr.a6, x->id.daddr.a6);
2120	NIP6((struct in6_addr )x->props.saddr.a6),
2121	NIP6((struct in6_addr )x->id.daddr.a6));
2122	break;	2120	break;
2123	}	2121	}
2124		2122
@@ -2142,10 +2140,8 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2142	case AF_INET6:	2140	case AF_INET6:
2143	iph6 = ipv6_hdr(skb);	2141	iph6 = ipv6_hdr(skb);
2144	audit_log_format(audit_buf,	2142	audit_log_format(audit_buf,
2145	" src=" NIP6_FMT " dst=" NIP6_FMT	2143	" src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2146	" flowlbl=0x%x%02x%02x",	2144	&iph6->saddr,&iph6->daddr,
2147	NIP6(iph6->saddr),
2148	NIP6(iph6->daddr),
2149	iph6->flow_lbl[0] & 0x0f,	2145	iph6->flow_lbl[0] & 0x0f,
2150	iph6->flow_lbl[1],	2146	iph6->flow_lbl[1],
2151	iph6->flow_lbl[2]);	2147	iph6->flow_lbl[2]);


diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 4a8a1abb59ee..76cf56d5d834 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c
@@ -2503,6 +2503,57 @@ static int xfrm_send_report(u8 proto, struct xfrm_selector *sel,
2503	return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC);	2503	return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC);
2504	}	2504	}
2505		2505
		2506	static inline size_t xfrm_mapping_msgsize(void)
		2507	{
		2508	return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping));
		2509	}
		2510
		2511	static int build_mapping(struct sk_buff skb, struct xfrm_state x,
		2512	xfrm_address_t *new_saddr, __be16 new_sport)
		2513	{
		2514	struct xfrm_user_mapping *um;
		2515	struct nlmsghdr *nlh;
		2516
		2517	nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0);
		2518	if (nlh == NULL)
		2519	return -EMSGSIZE;
		2520
		2521	um = nlmsg_data(nlh);
		2522
		2523	memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr));
		2524	um->id.spi = x->id.spi;
		2525	um->id.family = x->props.family;
		2526	um->id.proto = x->id.proto;
		2527	memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr));
		2528	memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr));
		2529	um->new_sport = new_sport;
		2530	um->old_sport = x->encap->encap_sport;
		2531	um->reqid = x->props.reqid;
		2532
		2533	return nlmsg_end(skb, nlh);
		2534	}
		2535
		2536	static int xfrm_send_mapping(struct xfrm_state x, xfrm_address_t ipaddr,
		2537	__be16 sport)
		2538	{
		2539	struct sk_buff *skb;
		2540
		2541	if (x->id.proto != IPPROTO_ESP)
		2542	return -EINVAL;
		2543
		2544	if (!x->encap)
		2545	return -EINVAL;
		2546
		2547	skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC);
		2548	if (skb == NULL)
		2549	return -ENOMEM;
		2550
		2551	if (build_mapping(skb, x, ipaddr, sport) < 0)
		2552	BUG();
		2553
		2554	return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_MAPPING, GFP_ATOMIC);
		2555	}
		2556
2506	static struct xfrm_mgr netlink_mgr = {	2557	static struct xfrm_mgr netlink_mgr = {
2507	.id = "netlink",	2558	.id = "netlink",
2508	.notify = xfrm_send_state_notify,	2559	.notify = xfrm_send_state_notify,
@@ -2511,6 +2562,7 @@ static struct xfrm_mgr netlink_mgr = {
2511	.notify_policy = xfrm_send_policy_notify,	2562	.notify_policy = xfrm_send_policy_notify,
2512	.report = xfrm_send_report,	2563	.report = xfrm_send_report,
2513	.migrate = xfrm_send_migrate,	2564	.migrate = xfrm_send_migrate,
		2565	.new_mapping = xfrm_send_mapping,
2514	};	2566	};
2515		2567
2516	static int __init xfrm_user_init(void)	2568	static int __init xfrm_user_init(void)