| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAABTaaDc_1N90BQP5mEHCoBEX5KkS=cyHV0FnY9H3deEbc7_Xw@mail.gmail.com> Date: Fri, 3 Oct 2025 12:43:01 -0300 From: Ricardo Robaina <rrobaina@...hat.com> To: Florian Westphal <fw@...len.de>, paul@...l-moore.com Cc: audit@...r.kernel.org, linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org, coreteam@...filter.org, eparis@...hat.com, pablo@...filter.org, kadlec@...filter.org, ej@...i.de Subject: Re: [PATCH v3] audit: include source and destination ports to NETFILTER_PKT On Sat, Sep 27, 2025 at 7:45 AM Florian Westphal <fw@...len.de> wrote: > > Ricardo Robaina <rrobaina@...hat.com> wrote: > > + case IPPROTO_TCP: > > + audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu", > > + &ih->saddr, &ih->daddr, ih->protocol, > > + ntohs(tcp_hdr(skb)->source), ntohs(tcp_hdr(skb)->dest)); > > You need to use skb_header_pointer() like elsewhere in netfilter to > access the transport protocol header. > > You can have a look at nf_log_dump_tcp_header() in nf_log_syslog.c for > a template. > > Also please have a look at net/netfilter/nft_log.c, in particular > nft_log_eval_audit(): xt_AUDIT and nft audit should be kept in sync wrt. > their formatting. > Thanks for reviewing this patch, Florian! I’ll work on a newer version addressing your suggestions. > Maybe Paul would be open to adding something like audit_log_packet() to > kernel/audit.c and then have xt_AUDIT.c and nft_log.c just call the > common helper. > It sounds like a good idea to me. What do you think, Paul?
Powered by blists - more mailing lists