audit: Fix logging of IPv6 addresses
Needs ReviewPublic
Actions

Authored by gallatin on Apr 18 2023, 12:22 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, May 14, 9:14 AM

	Unknown Object (File)
	Tue, May 14, 8:38 AM

	Unknown Object (File)
	Tue, May 14, 8:02 AM

	Unknown Object (File)
	Jan 6 2024, 12:46 AM

	Unknown Object (File)
	Dec 20 2023, 7:45 AM

	Unknown Object (File)
	May 7 2023, 4:38 AM

Subscribers

imp

Details

Reviewers

glebius
rwatson
csjp

Summary

Our audit logging was not logging the IP/port information for IPv6 accept() syscalls. It turns out there were 2 problems

kaudit_to_bsm: Log IPv6 as well as IPv4 and unix addrs
au_to_sock_inet128: Treat ports the same way as au_to_sock_inet32(). Just pushing a uint16 causes byte ordering problems on little endian systems.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

gallatin created this revision.Apr 18 2023, 12:22 AM

Herald added a subscriber: imp. · View Herald TranscriptApr 18 2023, 12:22 AM

gallatin requested review of this revision.Apr 18 2023, 12:22 AM

Revision Contents
Changeset List

Path

Size

sys/

security/

audit/

audit_bsm.c

17 lines

bsm_token.c

2 lines

Diff 120517

View Options

sys/security/audit/audit_bsm.c