Our audit logging was not logging the IP/port information for IPv6 accept() syscalls. It turns out there were 2 problems
- kaudit_to_bsm: Log IPv6 as well as IPv4 and unix addrs
- au_to_sock_inet128: Treat ports the same way as au_to_sock_inet32(). Just pushing a uint16 causes byte ordering problems on little endian systems.