[PATCH v6 1/2] audit: add audit_log_nf_skb helper function

[PATCH v6 1/2] audit: add audit_log_nf_skb helper function

[Ricardo Robaina]

Netfilter code (net/netfilter/nft_log.c and net/netfilter/xt_AUDIT.c)
have to be kept in sync. Both source files had duplicated versions of
audit_ip4() and audit_ip6() functions, which can result in lack of
consistency and/or duplicated work.

This patch adds a helper function in audit.c that can be called by
netfilter code commonly, aiming to improve maintainability and
consistency.

Suggested-by: Florian Westphal <fw@strlen.de>
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
---
 include/linux/audit.h    |  8 +++++
 kernel/audit.c           | 64 ++++++++++++++++++++++++++++++++++++++++
 net/netfilter/nft_log.c  | 57 +----------------------------------
 net/netfilter/xt_AUDIT.c | 57 +----------------------------------
 4 files changed, 74 insertions(+), 112 deletions(-)

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 536f8ee8da81..d8173af498ba 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -195,6 +195,8 @@ extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop);
 extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop);
 extern int audit_log_task_context(struct audit_buffer *ab);
 extern void audit_log_task_info(struct audit_buffer *ab);
+extern int audit_log_nf_skb(struct audit_buffer *ab,
+			    const struct sk_buff *skb, u8 nfproto);
 
 extern int		    audit_update_lsm_rules(void);
 
@@ -272,6 +274,12 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
 static inline void audit_log_task_info(struct audit_buffer *ab)
 { }
 
+static inline int audit_log_nf_skb(struct audit_buffer *ab,
+				   const struct sk_buff *skb, u8 nfproto)
+{
+	return 0;
+}
+
 static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
 {
 	return INVALID_UID;
diff --git a/kernel/audit.c b/kernel/audit.c
index 26a332ffb1b8..5c302c4592db 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -58,6 +58,8 @@
 #include <linux/freezer.h>
 #include <linux/pid_namespace.h>
 #include <net/netns/generic.h>
+#include <net/ip.h>
+#include <net/ipv6.h>
 
 #include "audit.h"
 
@@ -2488,6 +2490,68 @@ void audit_log_path_denied(int type, const char *operation)
 	audit_log_end(ab);
 }
 
+int audit_log_nf_skb(struct audit_buffer *ab,
+		     const struct sk_buff *skb, u8 nfproto)
+{
+	/* find the IP protocol in the case of NFPROTO_BRIDGE */
+	if (nfproto == NFPROTO_BRIDGE) {
+		switch (eth_hdr(skb)->h_proto) {
+		case htons(ETH_P_IP):
+			nfproto = NFPROTO_IPV4;
+			break;
+		case htons(ETH_P_IPV6):
+			nfproto = NFPROTO_IPV6;
+			break;
+		default:
+			goto unknown_proto;
+		}
+	}
+
+	switch (nfproto) {
+	case NFPROTO_IPV4: {
+		struct iphdr iph;
+		const struct iphdr *ih;
+
+		ih = skb_header_pointer(skb, skb_network_offset(skb),
+					sizeof(iph), &iph);
+		if (!ih)
+			return -ENOMEM;
+
+		audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
+				 &ih->saddr, &ih->daddr, ih->protocol);
+		break;
+	}
+	case NFPROTO_IPV6: {
+		struct ipv6hdr iph;
+		const struct ipv6hdr *ih;
+		u8 nexthdr;
+		__be16 frag_off;
+
+		ih = skb_header_pointer(skb, skb_network_offset(skb),
+					sizeof(iph), &iph);
+		if (!ih)
+			return -ENOMEM;
+
+		nexthdr = ih->nexthdr;
+		ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(iph),
+				 &nexthdr, &frag_off);
+
+		audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
+				 &ih->saddr, &ih->daddr, nexthdr);
+		break;
+	}
+	default:
+		goto unknown_proto;
+	}
+
+	return 0;
+
+unknown_proto:
+	audit_log_format(ab, " saddr=? daddr=? proto=?");
+	return -EPFNOSUPPORT;
+}
+EXPORT_SYMBOL(audit_log_nf_skb);
+
 /* global counter which is incremented every time something logs in */
 static atomic_t session_id = ATOMIC_INIT(0);
 
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index e35588137995..cd4fc175d9e4 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -26,41 +26,6 @@ struct nft_log {
 	char			*prefix;
 };
 
-static bool audit_ip4(struct audit_buffer *ab, struct sk_buff *skb)
-{
-	struct iphdr _iph;
-	const struct iphdr *ih;
-
-	ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
-	if (!ih)
-		return false;
-
-	audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
-			 &ih->saddr, &ih->daddr, ih->protocol);
-
-	return true;
-}
-
-static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
-{
-	struct ipv6hdr _ip6h;
-	const struct ipv6hdr *ih;
-	u8 nexthdr;
-	__be16 frag_off;
-
-	ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h);
-	if (!ih)
-		return false;
-
-	nexthdr = ih->nexthdr;
-	ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off);
-
-	audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
-			 &ih->saddr, &ih->daddr, nexthdr);
-
-	return true;
-}
-
 static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
 {
 	struct sk_buff *skb = pkt->skb;
@@ -76,27 +41,7 @@ static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
 
 	audit_log_format(ab, "mark=%#x", skb->mark);
 
-	switch (nft_pf(pkt)) {
-	case NFPROTO_BRIDGE:
-		switch (eth_hdr(skb)->h_proto) {
-		case htons(ETH_P_IP):
-			fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
-			break;
-		case htons(ETH_P_IPV6):
-			fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
-			break;
-		}
-		break;
-	case NFPROTO_IPV4:
-		fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
-		break;
-	case NFPROTO_IPV6:
-		fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
-		break;
-	}
-
-	if (fam == -1)
-		audit_log_format(ab, " saddr=? daddr=? proto=-1");
+	audit_log_nf_skb(ab, skb, nft_pf(pkt));
 
 	audit_log_end(ab);
 }
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index b6a015aee0ce..6881a7833707 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -28,41 +28,6 @@ MODULE_ALIAS("ip6t_AUDIT");
 MODULE_ALIAS("ebt_AUDIT");
 MODULE_ALIAS("arpt_AUDIT");
 
-static bool audit_ip4(struct audit_buffer *ab, struct sk_buff *skb)
-{
-	struct iphdr _iph;
-	const struct iphdr *ih;
-
-	ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
-	if (!ih)
-		return false;
-
-	audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
-			 &ih->saddr, &ih->daddr, ih->protocol);
-
-	return true;
-}
-
-static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
-{
-	struct ipv6hdr _ip6h;
-	const struct ipv6hdr *ih;
-	u8 nexthdr;
-	__be16 frag_off;
-
-	ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h);
-	if (!ih)
-		return false;
-
-	nexthdr = ih->nexthdr;
-	ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off);
-
-	audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
-			 &ih->saddr, &ih->daddr, nexthdr);
-
-	return true;
-}
-
 static unsigned int
 audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
@@ -77,27 +42,7 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
 
 	audit_log_format(ab, "mark=%#x", skb->mark);
 
-	switch (xt_family(par)) {
-	case NFPROTO_BRIDGE:
-		switch (eth_hdr(skb)->h_proto) {
-		case htons(ETH_P_IP):
-			fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
-			break;
-		case htons(ETH_P_IPV6):
-			fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
-			break;
-		}
-		break;
-	case NFPROTO_IPV4:
-		fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
-		break;
-	case NFPROTO_IPV6:
-		fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
-		break;
-	}
-
-	if (fam == -1)
-		audit_log_format(ab, " saddr=? daddr=? proto=-1");
+	audit_log_nf_skb(ab, skb, xt_family(par));
 
 	audit_log_end(ab);
 
-- 
2.51.1

[PATCH v6 2/2] audit: include source and destination ports to NETFILTER_PKT

[Ricardo Robaina]

NETFILTER_PKT records show both source and destination
addresses, in addition to the associated networking protocol.
However, it lacks the ports information, which is often
valuable for troubleshooting.

This patch adds both source and destination port numbers,
'sport' and 'dport' respectively, to TCP, UDP, UDP-Lite and
SCTP-related NETFILTER_PKT records.

 $ TESTS="netfilter_pkt" make -e test &> /dev/null
 $ ausearch -i -ts recent |grep NETFILTER_PKT
 type=NETFILTER_PKT ... proto=icmp
 type=NETFILTER_PKT ... proto=ipv6-icmp
 type=NETFILTER_PKT ... proto=udp sport=46333 dport=42424
 type=NETFILTER_PKT ... proto=udp sport=35953 dport=42424
 type=NETFILTER_PKT ... proto=tcp sport=50314 dport=42424
 type=NETFILTER_PKT ... proto=tcp sport=57346 dport=42424

Link: https://github.com/linux-audit/audit-kernel/issues/162

Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
---
 kernel/audit.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 99 insertions(+), 4 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 5c302c4592db..39c4f26c484d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -60,6 +60,7 @@
 #include <net/netns/generic.h>
 #include <net/ip.h>
 #include <net/ipv6.h>
+#include <linux/sctp.h>
 
 #include "audit.h"
 
@@ -2517,8 +2518,55 @@ int audit_log_nf_skb(struct audit_buffer *ab,
 		if (!ih)
 			return -ENOMEM;
 
-		audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
-				 &ih->saddr, &ih->daddr, ih->protocol);
+		switch (ih->protocol) {
+		case IPPROTO_TCP: {
+			struct tcphdr _tcph;
+			const struct tcphdr *th;
+
+			th = skb_header_pointer(skb, skb_transport_offset(skb),
+						sizeof(_tcph), &_tcph);
+			if (!th)
+				return -ENOMEM;
+
+			audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
+					 &ih->saddr, &ih->daddr, ih->protocol,
+					 ntohs(th->source), ntohs(th->dest));
+			break;
+		}
+		case IPPROTO_UDP:
+		case IPPROTO_UDPLITE: {
+			struct udphdr _udph;
+			const struct udphdr *uh;
+
+			uh = skb_header_pointer(skb, skb_transport_offset(skb),
+						sizeof(_udph), &_udph);
+			if (!uh)
+				return -ENOMEM;
+
+			audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
+					 &ih->saddr, &ih->daddr, ih->protocol,
+					 ntohs(uh->source), ntohs(uh->dest));
+			break;
+		}
+		case IPPROTO_SCTP: {
+			struct sctphdr _sctph;
+			const struct sctphdr *sh;
+
+			sh = skb_header_pointer(skb, skb_transport_offset(skb),
+						sizeof(_sctph), &_sctph);
+			if (!sh)
+				return -ENOMEM;
+
+			audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
+					 &ih->saddr, &ih->daddr, ih->protocol,
+					 ntohs(sh->source), ntohs(sh->dest));
+			break;
+		}
+		default:
+			audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
+					 &ih->saddr, &ih->daddr, ih->protocol);
+		}
+
 		break;
 	}
 	case NFPROTO_IPV6: {
@@ -2536,8 +2584,55 @@ int audit_log_nf_skb(struct audit_buffer *ab,
 		ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(iph),
 				 &nexthdr, &frag_off);
 
-		audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
-				 &ih->saddr, &ih->daddr, nexthdr);
+		switch (nexthdr) {
+		case IPPROTO_TCP: {
+			struct tcphdr _tcph;
+			const struct tcphdr *th;
+
+			th = skb_header_pointer(skb, skb_transport_offset(skb),
+						sizeof(_tcph), &_tcph);
+			if (!th)
+				return -ENOMEM;
+
+			audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu sport=%hu dport=%hu",
+					 &ih->saddr, &ih->daddr, nexthdr,
+					 ntohs(th->source), ntohs(th->dest));
+			break;
+		}
+		case IPPROTO_UDP:
+		case IPPROTO_UDPLITE: {
+			struct udphdr _udph;
+			const struct udphdr *uh;
+
+			uh = skb_header_pointer(skb, skb_transport_offset(skb),
+						sizeof(_udph), &_udph);
+			if (!uh)
+				return -ENOMEM;
+
+			audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu sport=%hu dport=%hu",
+					 &ih->saddr, &ih->daddr, nexthdr,
+					 ntohs(uh->source), ntohs(uh->dest));
+			break;
+		}
+		case IPPROTO_SCTP: {
+			struct sctphdr _sctph;
+			const struct sctphdr *sh;
+
+			sh = skb_header_pointer(skb, skb_transport_offset(skb),
+						sizeof(_sctph), &_sctph);
+			if (!sh)
+				return -ENOMEM;
+
+			audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu sport=%hu dport=%hu",
+					 &ih->saddr, &ih->daddr, nexthdr,
+					 ntohs(sh->source), ntohs(sh->dest));
+			break;
+		}
+		default:
+			audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
+					 &ih->saddr, &ih->daddr, nexthdr);
+		}
+
 		break;
 	}
 	default:
-- 
2.51.1

Re: [PATCH v6 1/2] audit: add audit_log_nf_skb helper function

[kernel test robot]

Hi Ricardo,

kernel test robot noticed the following build warnings:

[auto build test WARNING on pcmoore-audit/next]
[also build test WARNING on netfilter-nf/main nf-next/master linus/master v6.18-rc5 next-20251113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-include-source-and-destination-ports-to-NETFILTER_PKT/20251113-223721
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link:    https://lore.kernel.org/r/589b485078a65c766bcdee2fd9881c540813f8c5.1763036807.git.rrobaina%40redhat.com
patch subject: [PATCH v6 1/2] audit: add audit_log_nf_skb helper function
config: x86_64-rhel-9.4 (https://download.01.org/0day-ci/archive/20251114/202511141108.IPL3PRtd-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251114/202511141108.IPL3PRtd-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511141108.IPL3PRtd-lkp@intel.com/

All warnings (new ones prefixed by >>):

   net/netfilter/nft_log.c: In function 'nft_log_eval_audit':
>> net/netfilter/nft_log.c:33:13: warning: unused variable 'fam' [-Wunused-variable]
      33 |         int fam = -1;
         |             ^~~


vim +/fam +33 net/netfilter/nft_log.c

96518518cc417bb Patrick McHardy 2013-10-14  28  
1a893b44de45288 Phil Sutter     2018-05-30  29  static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
1a893b44de45288 Phil Sutter     2018-05-30  30  {
1a893b44de45288 Phil Sutter     2018-05-30  31  	struct sk_buff *skb = pkt->skb;
1a893b44de45288 Phil Sutter     2018-05-30  32  	struct audit_buffer *ab;
1a893b44de45288 Phil Sutter     2018-05-30 @33  	int fam = -1;
1a893b44de45288 Phil Sutter     2018-05-30  34  
1a893b44de45288 Phil Sutter     2018-05-30  35  	if (!audit_enabled)
1a893b44de45288 Phil Sutter     2018-05-30  36  		return;
1a893b44de45288 Phil Sutter     2018-05-30  37  
1a893b44de45288 Phil Sutter     2018-05-30  38  	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
1a893b44de45288 Phil Sutter     2018-05-30  39  	if (!ab)
1a893b44de45288 Phil Sutter     2018-05-30  40  		return;
1a893b44de45288 Phil Sutter     2018-05-30  41  
1a893b44de45288 Phil Sutter     2018-05-30  42  	audit_log_format(ab, "mark=%#x", skb->mark);
1a893b44de45288 Phil Sutter     2018-05-30  43  
832662a8b1d3d70 Ricardo Robaina 2025-11-13  44  	audit_log_nf_skb(ab, skb, nft_pf(pkt));
1a893b44de45288 Phil Sutter     2018-05-30  45  
1a893b44de45288 Phil Sutter     2018-05-30  46  	audit_log_end(ab);
1a893b44de45288 Phil Sutter     2018-05-30  47  }
1a893b44de45288 Phil Sutter     2018-05-30  48  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v6 1/2] audit: add audit_log_nf_skb helper function

[kernel test robot]

Hi Ricardo,

kernel test robot noticed the following build warnings:

[auto build test WARNING on pcmoore-audit/next]
[also build test WARNING on netfilter-nf/main nf-next/master linus/master v6.18-rc5 next-20251113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-include-source-and-destination-ports-to-NETFILTER_PKT/20251113-223721
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link:    https://lore.kernel.org/r/589b485078a65c766bcdee2fd9881c540813f8c5.1763036807.git.rrobaina%40redhat.com
patch subject: [PATCH v6 1/2] audit: add audit_log_nf_skb helper function
config: arm-randconfig-002-20251114 (https://download.01.org/0day-ci/archive/20251114/202511141355.QCbxBTw0-lkp@intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 14.3.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251114/202511141355.QCbxBTw0-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511141355.QCbxBTw0-lkp@intel.com/

All warnings (new ones prefixed by >>):

   net/netfilter/xt_AUDIT.c: In function 'audit_tg':
>> net/netfilter/xt_AUDIT.c:35:13: warning: unused variable 'fam' [-Wunused-variable]
      35 |         int fam = -1;
         |             ^~~


vim +/fam +35 net/netfilter/xt_AUDIT.c

43f393caec0362a Thomas Graf        2011-01-16  30  
43f393caec0362a Thomas Graf        2011-01-16  31  static unsigned int
43f393caec0362a Thomas Graf        2011-01-16  32  audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
43f393caec0362a Thomas Graf        2011-01-16  33  {
43f393caec0362a Thomas Graf        2011-01-16  34  	struct audit_buffer *ab;
2173c519d5e912a Richard Guy Briggs 2017-05-02 @35  	int fam = -1;
43f393caec0362a Thomas Graf        2011-01-16  36  
f7859590d976148 Richard Guy Briggs 2018-06-05  37  	if (audit_enabled == AUDIT_OFF)
ed018fa4dfc3d26 Gao feng           2013-03-04  38  		goto errout;
43f393caec0362a Thomas Graf        2011-01-16  39  	ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
43f393caec0362a Thomas Graf        2011-01-16  40  	if (ab == NULL)
43f393caec0362a Thomas Graf        2011-01-16  41  		goto errout;
43f393caec0362a Thomas Graf        2011-01-16  42  
43f393caec0362a Thomas Graf        2011-01-16  43  	audit_log_format(ab, "mark=%#x", skb->mark);
43f393caec0362a Thomas Graf        2011-01-16  44  
832662a8b1d3d70 Ricardo Robaina    2025-11-13  45  	audit_log_nf_skb(ab, skb, xt_family(par));
131ad62d8fc06d9 Mr Dash Four       2011-06-30  46  
43f393caec0362a Thomas Graf        2011-01-16  47  	audit_log_end(ab);
43f393caec0362a Thomas Graf        2011-01-16  48  
43f393caec0362a Thomas Graf        2011-01-16  49  errout:
43f393caec0362a Thomas Graf        2011-01-16  50  	return XT_CONTINUE;
43f393caec0362a Thomas Graf        2011-01-16  51  }
43f393caec0362a Thomas Graf        2011-01-16  52  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v6 1/2] audit: add audit_log_nf_skb helper function

[Ricardo Robaina]

Dear reviewers,

I missed that unused variable, please disregard this version. I'm
submitting an updated one right away.

On Fri, Nov 14, 2025 at 3:48 AM kernel test robot <lkp@intel.com> wrote:
>
> Hi Ricardo,
>
> kernel test robot noticed the following build warnings:
>
> [auto build test WARNING on pcmoore-audit/next]
> [also build test WARNING on netfilter-nf/main nf-next/master linus/master v6.18-rc5 next-20251113]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url:    https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-include-source-and-destination-ports-to-NETFILTER_PKT/20251113-223721
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
> patch link:    https://lore.kernel.org/r/589b485078a65c766bcdee2fd9881c540813f8c5.1763036807.git.rrobaina%40redhat.com
> patch subject: [PATCH v6 1/2] audit: add audit_log_nf_skb helper function
> config: arm-randconfig-002-20251114 (https://download.01.org/0day-ci/archive/20251114/202511141355.QCbxBTw0-lkp@intel.com/config)
> compiler: arm-linux-gnueabi-gcc (GCC) 14.3.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251114/202511141355.QCbxBTw0-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202511141355.QCbxBTw0-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
>    net/netfilter/xt_AUDIT.c: In function 'audit_tg':
> >> net/netfilter/xt_AUDIT.c:35:13: warning: unused variable 'fam' [-Wunused-variable]
>       35 |         int fam = -1;
>          |             ^~~
>
>
> vim +/fam +35 net/netfilter/xt_AUDIT.c
>
> 43f393caec0362a Thomas Graf        2011-01-16  30
> 43f393caec0362a Thomas Graf        2011-01-16  31  static unsigned int
> 43f393caec0362a Thomas Graf        2011-01-16  32  audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
> 43f393caec0362a Thomas Graf        2011-01-16  33  {
> 43f393caec0362a Thomas Graf        2011-01-16  34       struct audit_buffer *ab;
> 2173c519d5e912a Richard Guy Briggs 2017-05-02 @35       int fam = -1;
> 43f393caec0362a Thomas Graf        2011-01-16  36
> f7859590d976148 Richard Guy Briggs 2018-06-05  37       if (audit_enabled == AUDIT_OFF)
> ed018fa4dfc3d26 Gao feng           2013-03-04  38               goto errout;
> 43f393caec0362a Thomas Graf        2011-01-16  39       ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
> 43f393caec0362a Thomas Graf        2011-01-16  40       if (ab == NULL)
> 43f393caec0362a Thomas Graf        2011-01-16  41               goto errout;
> 43f393caec0362a Thomas Graf        2011-01-16  42
> 43f393caec0362a Thomas Graf        2011-01-16  43       audit_log_format(ab, "mark=%#x", skb->mark);
> 43f393caec0362a Thomas Graf        2011-01-16  44
> 832662a8b1d3d70 Ricardo Robaina    2025-11-13  45       audit_log_nf_skb(ab, skb, xt_family(par));
> 131ad62d8fc06d9 Mr Dash Four       2011-06-30  46
> 43f393caec0362a Thomas Graf        2011-01-16  47       audit_log_end(ab);
> 43f393caec0362a Thomas Graf        2011-01-16  48
> 43f393caec0362a Thomas Graf        2011-01-16  49  errout:
> 43f393caec0362a Thomas Graf        2011-01-16  50       return XT_CONTINUE;
> 43f393caec0362a Thomas Graf        2011-01-16  51  }
> 43f393caec0362a Thomas Graf        2011-01-16  52
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>