audit: Fix logging of IPv6 addresses
Needs ReviewPublic
Actions

Authored by gallatin on Apr 18 2023, 12:22 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Jan 20, 12:36 AM

	Unknown Object (File)
	Nov 23 2025, 12:26 AM

	Unknown Object (File)
	Nov 21 2025, 4:03 PM

	Unknown Object (File)
	Nov 21 2025, 3:04 AM

	Unknown Object (File)
	Nov 20 2025, 12:36 AM

	Unknown Object (File)
	Nov 19 2025, 6:30 AM

	Unknown Object (File)
	Oct 22 2025, 3:11 PM

	Unknown Object (File)
	Oct 22 2025, 2:26 AM

View All 35 Files

Subscribers

imp

Details

Reviewers

glebius
rwatson
csjp

Summary

Our audit logging was not logging the IP/port information for IPv6 accept() syscalls. It turns out there were 2 problems

kaudit_to_bsm: Log IPv6 as well as IPv4 and unix addrs
au_to_sock_inet128: Treat ports the same way as au_to_sock_inet32(). Just pushing a uint16 causes byte ordering problems on little endian systems.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

gallatin created this revision.Apr 18 2023, 12:22 AM

Herald added a subscriber: imp. · View Herald TranscriptApr 18 2023, 12:22 AM

gallatin requested review of this revision.Apr 18 2023, 12:22 AM

Revision Contents
Changeset List

Path

Size

sys/

security/

audit/

audit_bsm.c

17 lines

bsm_token.c

2 lines

Diff 120517

View Options

sys/security/audit/audit_bsm.c