diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 15 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 53 |
2 files changed, 29 insertions, 39 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 74807a7d3d69..abc3e39b115b 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <linux/netfilter.h> | 24 | #include <linux/netfilter.h> |
25 | #include <linux/module.h> | 25 | #include <linux/module.h> |
26 | #include <linux/cache.h> | 26 | #include <linux/cache.h> |
27 | #include <linux/audit.h> | ||
27 | #include <net/dst.h> | 28 | #include <net/dst.h> |
28 | #include <net/xfrm.h> | 29 | #include <net/xfrm.h> |
29 | #include <net/ip.h> | 30 | #include <net/ip.h> |
@@ -2401,15 +2402,14 @@ static inline void xfrm_audit_common_policyinfo(struct xfrm_policy *xp, | |||
2401 | } | 2402 | } |
2402 | } | 2403 | } |
2403 | 2404 | ||
2404 | void | 2405 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
2405 | xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid) | 2406 | u32 auid, u32 secid) |
2406 | { | 2407 | { |
2407 | struct audit_buffer *audit_buf; | 2408 | struct audit_buffer *audit_buf; |
2408 | extern int audit_enabled; | ||
2409 | 2409 | ||
2410 | if (audit_enabled == 0) | 2410 | if (audit_enabled == 0) |
2411 | return; | 2411 | return; |
2412 | audit_buf = xfrm_audit_start(auid, sid); | 2412 | audit_buf = xfrm_audit_start(auid, secid); |
2413 | if (audit_buf == NULL) | 2413 | if (audit_buf == NULL) |
2414 | return; | 2414 | return; |
2415 | audit_log_format(audit_buf, " op=SPD-add res=%u", result); | 2415 | audit_log_format(audit_buf, " op=SPD-add res=%u", result); |
@@ -2418,15 +2418,14 @@ xfrm_audit_policy_add(struct xfrm_policy *xp, int result, u32 auid, u32 sid) | |||
2418 | } | 2418 | } |
2419 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); | 2419 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); |
2420 | 2420 | ||
2421 | void | 2421 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
2422 | xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, u32 auid, u32 sid) | 2422 | u32 auid, u32 secid) |
2423 | { | 2423 | { |
2424 | struct audit_buffer *audit_buf; | 2424 | struct audit_buffer *audit_buf; |
2425 | extern int audit_enabled; | ||
2426 | 2425 | ||
2427 | if (audit_enabled == 0) | 2426 | if (audit_enabled == 0) |
2428 | return; | 2427 | return; |
2429 | audit_buf = xfrm_audit_start(auid, sid); | 2428 | audit_buf = xfrm_audit_start(auid, secid); |
2430 | if (audit_buf == NULL) | 2429 | if (audit_buf == NULL) |
2431 | return; | 2430 | return; |
2432 | audit_log_format(audit_buf, " op=SPD-delete res=%u", result); | 2431 | audit_log_format(audit_buf, " op=SPD-delete res=%u", result); |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f7c0951c9fd9..9e57378c51df 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -19,6 +19,7 @@ | |||
19 | #include <linux/ipsec.h> | 19 | #include <linux/ipsec.h> |
20 | #include <linux/module.h> | 20 | #include <linux/module.h> |
21 | #include <linux/cache.h> | 21 | #include <linux/cache.h> |
22 | #include <linux/audit.h> | ||
22 | #include <asm/uaccess.h> | 23 | #include <asm/uaccess.h> |
23 | 24 | ||
24 | #include "xfrm_hash.h" | 25 | #include "xfrm_hash.h" |
@@ -1998,69 +1999,59 @@ void __init xfrm_state_init(void) | |||
1998 | static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x, | 1999 | static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x, |
1999 | struct audit_buffer *audit_buf) | 2000 | struct audit_buffer *audit_buf) |
2000 | { | 2001 | { |
2001 | if (x->security) | 2002 | struct xfrm_sec_ctx *ctx = x->security; |
2003 | u32 spi = ntohl(x->id.spi); | ||
2004 | |||
2005 | if (ctx) | ||
2002 | audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", | 2006 | audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", |
2003 | x->security->ctx_alg, x->security->ctx_doi, | 2007 | ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); |
2004 | x->security->ctx_str); | ||
2005 | 2008 | ||
2006 | switch(x->props.family) { | 2009 | switch(x->props.family) { |
2007 | case AF_INET: | 2010 | case AF_INET: |
2008 | audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u", | 2011 | audit_log_format(audit_buf, |
2012 | " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT, | ||
2009 | NIPQUAD(x->props.saddr.a4), | 2013 | NIPQUAD(x->props.saddr.a4), |
2010 | NIPQUAD(x->id.daddr.a4)); | 2014 | NIPQUAD(x->id.daddr.a4)); |
2011 | break; | 2015 | break; |
2012 | case AF_INET6: | 2016 | case AF_INET6: |
2013 | { | 2017 | audit_log_format(audit_buf, |
2014 | struct in6_addr saddr6, daddr6; | 2018 | " src=" NIP6_FMT " dst=" NIP6_FMT, |
2015 | 2019 | NIP6(*(struct in6_addr *)x->props.saddr.a6), | |
2016 | memcpy(&saddr6, x->props.saddr.a6, | 2020 | NIP6(*(struct in6_addr *)x->id.daddr.a6)); |
2017 | sizeof(struct in6_addr)); | ||
2018 | memcpy(&daddr6, x->id.daddr.a6, | ||
2019 | sizeof(struct in6_addr)); | ||
2020 | audit_log_format(audit_buf, | ||
2021 | " src=" NIP6_FMT " dst=" NIP6_FMT, | ||
2022 | NIP6(saddr6), NIP6(daddr6)); | ||
2023 | } | ||
2024 | break; | 2021 | break; |
2025 | } | 2022 | } |
2023 | |||
2024 | audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); | ||
2026 | } | 2025 | } |
2027 | 2026 | ||
2028 | void | 2027 | void xfrm_audit_state_add(struct xfrm_state *x, int result, |
2029 | xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid) | 2028 | u32 auid, u32 secid) |
2030 | { | 2029 | { |
2031 | struct audit_buffer *audit_buf; | 2030 | struct audit_buffer *audit_buf; |
2032 | u32 spi; | ||
2033 | extern int audit_enabled; | ||
2034 | 2031 | ||
2035 | if (audit_enabled == 0) | 2032 | if (audit_enabled == 0) |
2036 | return; | 2033 | return; |
2037 | audit_buf = xfrm_audit_start(auid, sid); | 2034 | audit_buf = xfrm_audit_start(auid, secid); |
2038 | if (audit_buf == NULL) | 2035 | if (audit_buf == NULL) |
2039 | return; | 2036 | return; |
2040 | audit_log_format(audit_buf, " op=SAD-add res=%u",result); | 2037 | audit_log_format(audit_buf, " op=SAD-add res=%u", result); |
2041 | xfrm_audit_common_stateinfo(x, audit_buf); | 2038 | xfrm_audit_common_stateinfo(x, audit_buf); |
2042 | spi = ntohl(x->id.spi); | ||
2043 | audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); | ||
2044 | audit_log_end(audit_buf); | 2039 | audit_log_end(audit_buf); |
2045 | } | 2040 | } |
2046 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); | 2041 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); |
2047 | 2042 | ||
2048 | void | 2043 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
2049 | xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid) | 2044 | u32 auid, u32 secid) |
2050 | { | 2045 | { |
2051 | struct audit_buffer *audit_buf; | 2046 | struct audit_buffer *audit_buf; |
2052 | u32 spi; | ||
2053 | extern int audit_enabled; | ||
2054 | 2047 | ||
2055 | if (audit_enabled == 0) | 2048 | if (audit_enabled == 0) |
2056 | return; | 2049 | return; |
2057 | audit_buf = xfrm_audit_start(auid, sid); | 2050 | audit_buf = xfrm_audit_start(auid, secid); |
2058 | if (audit_buf == NULL) | 2051 | if (audit_buf == NULL) |
2059 | return; | 2052 | return; |
2060 | audit_log_format(audit_buf, " op=SAD-delete res=%u",result); | 2053 | audit_log_format(audit_buf, " op=SAD-delete res=%u", result); |
2061 | xfrm_audit_common_stateinfo(x, audit_buf); | 2054 | xfrm_audit_common_stateinfo(x, audit_buf); |
2062 | spi = ntohl(x->id.spi); | ||
2063 | audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); | ||
2064 | audit_log_end(audit_buf); | 2055 | audit_log_end(audit_buf); |
2065 | } | 2056 | } |
2066 | EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); | 2057 | EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); |