From: Florian Westphal <fw@strlen.de>
To: Ricardo Robaina <rrobaina@redhat.com>
Cc: audit@vger.kernel.org, linux-kernel@vger.kernel.org,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
paul@paul-moore.com, eparis@redhat.com, pablo@netfilter.org,
kadlec@netfilter.org
Subject: Re: [PATCH v7 2/2] audit: include source and destination ports to NETFILTER_PKT
Date: Tue, 16 Dec 2025 14:44:07 +0100 [thread overview]
Message-ID: <aUFiJ5aWIxXR0t9i@strlen.de> (raw)
In-Reply-To: <0fb9e8efdc66c2bbd3d9b81e808c58407f7b4b68.1763122537.git.rrobaina@redhat.com>
Ricardo Robaina <rrobaina@redhat.com> wrote:
> NETFILTER_PKT records show both source and destination
> addresses, in addition to the associated networking protocol.
> However, it lacks the ports information, which is often
> valuable for troubleshooting.
>
> This patch adds both source and destination port numbers,
> 'sport' and 'dport' respectively, to TCP, UDP, UDP-Lite and
> SCTP-related NETFILTER_PKT records.
>
> $ TESTS="netfilter_pkt" make -e test &> /dev/null
> $ ausearch -i -ts recent |grep NETFILTER_PKT
> type=NETFILTER_PKT ... proto=icmp
> type=NETFILTER_PKT ... proto=ipv6-icmp
> type=NETFILTER_PKT ... proto=udp sport=46333 dport=42424
> type=NETFILTER_PKT ... proto=udp sport=35953 dport=42424
> type=NETFILTER_PKT ... proto=tcp sport=50314 dport=42424
> type=NETFILTER_PKT ... proto=tcp sport=57346 dport=42424
>
> Link: https://github.com/linux-audit/audit-kernel/issues/162
Acked-by: Florian Westphal <fw@strlen.de>
next prev parent reply other threads:[~2025-12-16 13:44 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-14 12:36 [PATCH v7 0/2] audit: improve NETFILTER_PKT records Ricardo Robaina
2025-11-14 12:36 ` [PATCH v7 1/2] audit: add audit_log_nf_skb helper function Ricardo Robaina
2025-12-16 13:42 ` Florian Westphal
2025-11-14 12:36 ` [PATCH v7 2/2] audit: include source and destination ports to NETFILTER_PKT Ricardo Robaina
2025-12-16 13:44 ` Florian Westphal [this message]
2025-12-16 2:07 ` [PATCH v7 0/2] audit: improve NETFILTER_PKT records Paul Moore
2025-12-16 16:10 ` Paul Moore
2025-12-17 11:39 ` Ricardo Robaina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUFiJ5aWIxXR0t9i@strlen.de \
--to=fw@strlen.de \
--cc=audit@vger.kernel.org \
--cc=coreteam@netfilter.org \
--cc=eparis@redhat.com \
--cc=kadlec@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=paul@paul-moore.com \
--cc=rrobaina@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox