audit: Fix logging of IPv6 addresses
Needs ReviewPublic
Actions

Authored by gallatin on Apr 18 2023, 12:22 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Apr 5, 1:42 AM

	Unknown Object (File)
	Fri, Apr 3, 8:27 AM

	Unknown Object (File)
	Fri, Apr 3, 1:00 AM

	Unknown Object (File)
	Jan 27 2026, 12:56 AM

	Unknown Object (File)
	Jan 24 2026, 11:50 AM

	Unknown Object (File)
	Jan 22 2026, 7:00 AM

	Unknown Object (File)
	Jan 20 2026, 12:36 AM

	Unknown Object (File)
	Nov 23 2025, 12:26 AM

View All 41 Files

Subscribers

imp

Details

Reviewers

glebius
rwatson
csjp

Summary

Our audit logging was not logging the IP/port information for IPv6 accept() syscalls. It turns out there were 2 problems

kaudit_to_bsm: Log IPv6 as well as IPv4 and unix addrs
au_to_sock_inet128: Treat ports the same way as au_to_sock_inet32(). Just pushing a uint16 causes byte ordering problems on little endian systems.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

gallatin created this revision.Apr 18 2023, 12:22 AM

Herald added a subscriber: imp. · View Herald TranscriptApr 18 2023, 12:22 AM

gallatin requested review of this revision.Apr 18 2023, 12:22 AM

Revision Contents
Changeset List

Path

Size

sys/

security/

audit/

audit_bsm.c

17 lines

bsm_token.c

2 lines

Diff 120517

View Options

sys/security/audit/audit_bsm.c