* [PATCH v4 0/2] audit: improve NETFILTER_PKT records
@ 2025-10-31 13:59 Ricardo Robaina
2025-10-31 13:59 ` [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions Ricardo Robaina
2025-10-31 13:59 ` [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT Ricardo Robaina
0 siblings, 2 replies; 8+ messages in thread
From: Ricardo Robaina @ 2025-10-31 13:59 UTC (permalink / raw)
To: audit, linux-kernel, netfilter-devel, coreteam
Cc: paul, eparis, fw, pablo, kadlec, Ricardo Robaina
The first patch moves duplicated code from netfilter-related source
files to audit.c by creating two helper functions 'audit_log_packet_ip4'
and 'audit_log_packet_ip6'. The second one improves the NETFILTER_PKT
records, by including source and destination ports for protocols of
interest.
Ricardo Robaina (2):
audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper
functions
audit: include source and destination ports to NETFILTER_PKT
include/linux/audit.h | 2 +
kernel/audit.c | 120 +++++++++++++++++++++++++++++++++++++++
net/netfilter/nft_log.c | 43 ++------------
net/netfilter/xt_AUDIT.c | 43 ++------------
4 files changed, 130 insertions(+), 78 deletions(-)
--
2.51.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
2025-10-31 13:59 [PATCH v4 0/2] audit: improve NETFILTER_PKT records Ricardo Robaina
@ 2025-10-31 13:59 ` Ricardo Robaina
2025-11-01 6:08 ` kernel test robot
2025-11-01 13:14 ` kernel test robot
2025-10-31 13:59 ` [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT Ricardo Robaina
1 sibling, 2 replies; 8+ messages in thread
From: Ricardo Robaina @ 2025-10-31 13:59 UTC (permalink / raw)
To: audit, linux-kernel, netfilter-devel, coreteam
Cc: paul, eparis, fw, pablo, kadlec, Ricardo Robaina
Netfilter code (net/netfilter/nft_log.c and net/netfilter/xt_AUDIT.c)
have to be kept in sync. Both source files had duplicated versions of
audit_ip4() and audit_ip6() functions, which can result in lack of
consistency and/or duplicated work.
This patch adds two helper functions in audit.c that can be called by
netfilter code commonly, aiming to improve maintainability and
consistency.
Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
---
include/linux/audit.h | 2 ++
kernel/audit.c | 39 ++++++++++++++++++++++++++++++++++++
net/netfilter/nft_log.c | 43 ++++------------------------------------
net/netfilter/xt_AUDIT.c | 43 ++++------------------------------------
4 files changed, 49 insertions(+), 78 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 536f8ee8da81..5edb83ea63fd 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -195,6 +195,8 @@ extern int audit_log_subj_ctx(struct audit_buffer *ab, struct lsm_prop *prop);
extern int audit_log_obj_ctx(struct audit_buffer *ab, struct lsm_prop *prop);
extern int audit_log_task_context(struct audit_buffer *ab);
extern void audit_log_task_info(struct audit_buffer *ab);
+extern bool audit_log_packet_ip4(struct audit_buffer *ab, struct sk_buff *skb);
+extern bool audit_log_packet_ip6(struct audit_buffer *ab, struct sk_buff *skb);
extern int audit_update_lsm_rules(void);
diff --git a/kernel/audit.c b/kernel/audit.c
index 26a332ffb1b8..09764003db74 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -58,6 +58,8 @@
#include <linux/freezer.h>
#include <linux/pid_namespace.h>
#include <net/netns/generic.h>
+#include <net/ip.h>
+#include <net/ipv6.h>
#include "audit.h"
@@ -2538,6 +2540,43 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
audit_log_end(ab);
}
+bool audit_log_packet_ip4(struct audit_buffer *ab, struct sk_buff *skb)
+{
+ struct iphdr _iph;
+ const struct iphdr *ih;
+
+ ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
+ if (!ih)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
+ &ih->saddr, &ih->daddr, ih->protocol);
+
+ return true;
+}
+EXPORT_SYMBOL(audit_log_packet_ip4);
+
+bool audit_log_packet_ip6(struct audit_buffer *ab, struct sk_buff *skb)
+{
+ struct ipv6hdr _ip6h;
+ const struct ipv6hdr *ih;
+ u8 nexthdr;
+ __be16 frag_off;
+
+ ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h);
+ if (!ih)
+ return false;
+
+ nexthdr = ih->nexthdr;
+ ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off);
+
+ audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
+ &ih->saddr, &ih->daddr, nexthdr);
+
+ return true;
+}
+EXPORT_SYMBOL(audit_log_packet_ip6);
+
/**
* audit_set_loginuid - set current task's loginuid
* @loginuid: loginuid value
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index e35588137995..f53fb4222134 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -26,41 +26,6 @@ struct nft_log {
char *prefix;
};
-static bool audit_ip4(struct audit_buffer *ab, struct sk_buff *skb)
-{
- struct iphdr _iph;
- const struct iphdr *ih;
-
- ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
- if (!ih)
- return false;
-
- audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
- &ih->saddr, &ih->daddr, ih->protocol);
-
- return true;
-}
-
-static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
-{
- struct ipv6hdr _ip6h;
- const struct ipv6hdr *ih;
- u8 nexthdr;
- __be16 frag_off;
-
- ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h);
- if (!ih)
- return false;
-
- nexthdr = ih->nexthdr;
- ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off);
-
- audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
- &ih->saddr, &ih->daddr, nexthdr);
-
- return true;
-}
-
static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
{
struct sk_buff *skb = pkt->skb;
@@ -80,18 +45,18 @@ static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
case NFPROTO_BRIDGE:
switch (eth_hdr(skb)->h_proto) {
case htons(ETH_P_IP):
- fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
+ fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
break;
case htons(ETH_P_IPV6):
- fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
+ fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
break;
}
break;
case NFPROTO_IPV4:
- fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
+ fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
break;
case NFPROTO_IPV6:
- fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
+ fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
break;
}
diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
index b6a015aee0ce..28cdd6435d56 100644
--- a/net/netfilter/xt_AUDIT.c
+++ b/net/netfilter/xt_AUDIT.c
@@ -28,41 +28,6 @@ MODULE_ALIAS("ip6t_AUDIT");
MODULE_ALIAS("ebt_AUDIT");
MODULE_ALIAS("arpt_AUDIT");
-static bool audit_ip4(struct audit_buffer *ab, struct sk_buff *skb)
-{
- struct iphdr _iph;
- const struct iphdr *ih;
-
- ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
- if (!ih)
- return false;
-
- audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
- &ih->saddr, &ih->daddr, ih->protocol);
-
- return true;
-}
-
-static bool audit_ip6(struct audit_buffer *ab, struct sk_buff *skb)
-{
- struct ipv6hdr _ip6h;
- const struct ipv6hdr *ih;
- u8 nexthdr;
- __be16 frag_off;
-
- ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h);
- if (!ih)
- return false;
-
- nexthdr = ih->nexthdr;
- ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off);
-
- audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
- &ih->saddr, &ih->daddr, nexthdr);
-
- return true;
-}
-
static unsigned int
audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
@@ -81,18 +46,18 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
case NFPROTO_BRIDGE:
switch (eth_hdr(skb)->h_proto) {
case htons(ETH_P_IP):
- fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
+ fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
break;
case htons(ETH_P_IPV6):
- fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
+ fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
break;
}
break;
case NFPROTO_IPV4:
- fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
+ fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
break;
case NFPROTO_IPV6:
- fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
+ fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
break;
}
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT
2025-10-31 13:59 [PATCH v4 0/2] audit: improve NETFILTER_PKT records Ricardo Robaina
2025-10-31 13:59 ` [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions Ricardo Robaina
@ 2025-10-31 13:59 ` Ricardo Robaina
2025-11-01 4:03 ` kernel test robot
1 sibling, 1 reply; 8+ messages in thread
From: Ricardo Robaina @ 2025-10-31 13:59 UTC (permalink / raw)
To: audit, linux-kernel, netfilter-devel, coreteam
Cc: paul, eparis, fw, pablo, kadlec, Ricardo Robaina
NETFILTER_PKT records show both source and destination
addresses, in addition to the associated networking protocol.
However, it lacks the ports information, which is often
valuable for troubleshooting.
This patch adds both source and destination port numbers,
'sport' and 'dport' respectively, to TCP, UDP, UDP-Lite and
SCTP-related NETFILTER_PKT records.
$ TESTS="netfilter_pkt" make -e test &> /dev/null
$ ausearch -i -ts recent |grep NETFILTER_PKT
type=NETFILTER_PKT ... proto=icmp
type=NETFILTER_PKT ... proto=ipv6-icmp
type=NETFILTER_PKT ... proto=udp sport=46333 dport=42424
type=NETFILTER_PKT ... proto=udp sport=35953 dport=42424
type=NETFILTER_PKT ... proto=tcp sport=50314 dport=42424
type=NETFILTER_PKT ... proto=tcp sport=57346 dport=42424
Link: https://github.com/linux-audit/audit-kernel/issues/162
Signed-off-by: Ricardo Robaina <rrobaina@redhat.com>
---
kernel/audit.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 85 insertions(+), 4 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 09764003db74..bc7217402a35 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -60,6 +60,7 @@
#include <net/netns/generic.h>
#include <net/ip.h>
#include <net/ipv6.h>
+#include <linux/sctp.h>
#include "audit.h"
@@ -2549,8 +2550,48 @@ bool audit_log_packet_ip4(struct audit_buffer *ab, struct sk_buff *skb)
if (!ih)
return false;
- audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
- &ih->saddr, &ih->daddr, ih->protocol);
+ switch (ih->protocol) {
+ case IPPROTO_TCP:
+ struct tcphdr _tcph;
+ const struct tcphdr *th;
+
+ th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
+ if (!th)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
+ &ih->saddr, &ih->daddr, ih->protocol,
+ ntohs(th->source), ntohs(th->dest));
+ break;
+ case IPPROTO_UDP:
+ case IPPROTO_UDPLITE:
+ struct udphdr _udph;
+ const struct udphdr *uh;
+
+ uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
+ if (!uh)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
+ &ih->saddr, &ih->daddr, ih->protocol,
+ ntohs(uh->source), ntohs(uh->dest));
+ break;
+ case IPPROTO_SCTP:
+ struct sctphdr _sctph;
+ const struct sctphdr *sh;
+
+ sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
+ if (!sh)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
+ &ih->saddr, &ih->daddr, ih->protocol,
+ ntohs(sh->source), ntohs(sh->dest));
+ break;
+ default:
+ audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
+ &ih->saddr, &ih->daddr, ih->protocol);
+ }
return true;
}
@@ -2570,8 +2611,48 @@ bool audit_log_packet_ip6(struct audit_buffer *ab, struct sk_buff *skb)
nexthdr = ih->nexthdr;
ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr, &frag_off);
- audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
- &ih->saddr, &ih->daddr, nexthdr);
+ switch (nexthdr) {
+ case IPPROTO_TCP:
+ struct tcphdr _tcph;
+ const struct tcphdr *th;
+
+ th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
+ if (!th)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu sport=%hu dport=%hu",
+ &ih->saddr, &ih->daddr, nexthdr,
+ ntohs(th->source), ntohs(th->dest));
+ break;
+ case IPPROTO_UDP:
+ case IPPROTO_UDPLITE:
+ struct udphdr _udph;
+ const struct udphdr *uh;
+
+ uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
+ if (!uh)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu sport=%hu dport=%hu",
+ &ih->saddr, &ih->daddr, nexthdr,
+ ntohs(uh->source), ntohs(uh->dest));
+ break;
+ case IPPROTO_SCTP:
+ struct sctphdr _sctph;
+ const struct sctphdr *sh;
+
+ sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
+ if (!sh)
+ return false;
+
+ audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu sport=%hu dport=%hu",
+ &ih->saddr, &ih->daddr, nexthdr,
+ ntohs(sh->source), ntohs(sh->dest));
+ break;
+ default:
+ audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu",
+ &ih->saddr, &ih->daddr, nexthdr);
+ }
return true;
}
--
2.51.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT
2025-10-31 13:59 ` [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT Ricardo Robaina
@ 2025-11-01 4:03 ` kernel test robot
2025-11-03 11:05 ` Ricardo Robaina
0 siblings, 1 reply; 8+ messages in thread
From: kernel test robot @ 2025-11-01 4:03 UTC (permalink / raw)
To: Ricardo Robaina, audit, linux-kernel, netfilter-devel, coreteam
Cc: oe-kbuild-all, paul, eparis, fw, pablo, kadlec, Ricardo Robaina
Hi Ricardo,
kernel test robot noticed the following build errors:
[auto build test ERROR on pcmoore-audit/next]
[also build test ERROR on netfilter-nf/main nf-next/master linus/master v6.18-rc3 next-20251031]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-add-audit_log_packet_ip4-and-audit_log_packet_ip6-helper-functions/20251031-220605
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/r/6ac2baf0d5ae176cbd3279a4dff9e2c7750c6d45.1761918165.git.rrobaina%40redhat.com
patch subject: [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT
config: arc-randconfig-002-20251101 (https://download.01.org/0day-ci/archive/20251101/202511011146.aPtw8SOn-lkp@intel.com/config)
compiler: arc-linux-gcc (GCC) 8.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251101/202511011146.aPtw8SOn-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511011146.aPtw8SOn-lkp@intel.com/
All errors (new ones prefixed by >>):
kernel/audit.c: In function 'audit_log_packet_ip4':
>> kernel/audit.c:2555:3: error: a label can only be part of a statement and a declaration is not a statement
struct tcphdr _tcph;
^~~~~~
>> kernel/audit.c:2556:3: error: expected expression before 'const'
const struct tcphdr *th;
^~~~~
>> kernel/audit.c:2558:3: error: 'th' undeclared (first use in this function); did you mean 'ih'?
th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
^~
ih
kernel/audit.c:2558:3: note: each undeclared identifier is reported only once for each function it appears in
kernel/audit.c:2568:3: error: a label can only be part of a statement and a declaration is not a statement
struct udphdr _udph;
^~~~~~
kernel/audit.c:2569:3: error: expected expression before 'const'
const struct udphdr *uh;
^~~~~
>> kernel/audit.c:2571:3: error: 'uh' undeclared (first use in this function); did you mean 'ih'?
uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
^~
ih
kernel/audit.c:2580:3: error: a label can only be part of a statement and a declaration is not a statement
struct sctphdr _sctph;
^~~~~~
kernel/audit.c:2581:3: error: expected expression before 'const'
const struct sctphdr *sh;
^~~~~
>> kernel/audit.c:2583:3: error: 'sh' undeclared (first use in this function); did you mean 'ih'?
sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
^~
ih
kernel/audit.c: In function 'audit_log_packet_ip6':
kernel/audit.c:2616:3: error: a label can only be part of a statement and a declaration is not a statement
struct tcphdr _tcph;
^~~~~~
kernel/audit.c:2617:3: error: expected expression before 'const'
const struct tcphdr *th;
^~~~~
kernel/audit.c:2619:3: error: 'th' undeclared (first use in this function); did you mean 'ih'?
th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
^~
ih
kernel/audit.c:2629:3: error: a label can only be part of a statement and a declaration is not a statement
struct udphdr _udph;
^~~~~~
kernel/audit.c:2630:3: error: expected expression before 'const'
const struct udphdr *uh;
^~~~~
kernel/audit.c:2632:3: error: 'uh' undeclared (first use in this function); did you mean 'ih'?
uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
^~
ih
kernel/audit.c:2641:3: error: a label can only be part of a statement and a declaration is not a statement
struct sctphdr _sctph;
^~~~~~
kernel/audit.c:2642:3: error: expected expression before 'const'
const struct sctphdr *sh;
^~~~~
kernel/audit.c:2644:3: error: 'sh' undeclared (first use in this function); did you mean 'ih'?
sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
^~
ih
vim +2555 kernel/audit.c
2543
2544 bool audit_log_packet_ip4(struct audit_buffer *ab, struct sk_buff *skb)
2545 {
2546 struct iphdr _iph;
2547 const struct iphdr *ih;
2548
2549 ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
2550 if (!ih)
2551 return false;
2552
2553 switch (ih->protocol) {
2554 case IPPROTO_TCP:
> 2555 struct tcphdr _tcph;
> 2556 const struct tcphdr *th;
2557
> 2558 th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
2559 if (!th)
2560 return false;
2561
2562 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
2563 &ih->saddr, &ih->daddr, ih->protocol,
2564 ntohs(th->source), ntohs(th->dest));
2565 break;
2566 case IPPROTO_UDP:
2567 case IPPROTO_UDPLITE:
2568 struct udphdr _udph;
2569 const struct udphdr *uh;
2570
> 2571 uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
2572 if (!uh)
2573 return false;
2574
2575 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
2576 &ih->saddr, &ih->daddr, ih->protocol,
2577 ntohs(uh->source), ntohs(uh->dest));
2578 break;
2579 case IPPROTO_SCTP:
2580 struct sctphdr _sctph;
2581 const struct sctphdr *sh;
2582
> 2583 sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
2584 if (!sh)
2585 return false;
2586
2587 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
2588 &ih->saddr, &ih->daddr, ih->protocol,
2589 ntohs(sh->source), ntohs(sh->dest));
2590 break;
2591 default:
2592 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
2593 &ih->saddr, &ih->daddr, ih->protocol);
2594 }
2595
2596 return true;
2597 }
2598 EXPORT_SYMBOL(audit_log_packet_ip4);
2599
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
2025-10-31 13:59 ` [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions Ricardo Robaina
@ 2025-11-01 6:08 ` kernel test robot
2025-11-01 13:14 ` kernel test robot
1 sibling, 0 replies; 8+ messages in thread
From: kernel test robot @ 2025-11-01 6:08 UTC (permalink / raw)
To: Ricardo Robaina, audit, linux-kernel, netfilter-devel, coreteam
Cc: llvm, oe-kbuild-all, paul, eparis, fw, pablo, kadlec,
Ricardo Robaina
Hi Ricardo,
kernel test robot noticed the following build errors:
[auto build test ERROR on pcmoore-audit/next]
[also build test ERROR on netfilter-nf/main linus/master v6.18-rc3 next-20251031]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-add-audit_log_packet_ip4-and-audit_log_packet_ip6-helper-functions/20251031-220605
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/r/cfafc5247fbfcd2561de16bcff67c1afd5676c9e.1761918165.git.rrobaina%40redhat.com
patch subject: [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
config: s390-randconfig-002-20251101 (https://download.01.org/0day-ci/archive/20251101/202511011350.ye4VgG6l-lkp@intel.com/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project be2081d9457ed095c4a6ebe2a920f0f7b76369c6)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251101/202511011350.ye4VgG6l-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511011350.ye4VgG6l-lkp@intel.com/
All errors (new ones prefixed by >>):
>> net/netfilter/nft_log.c:48:10: error: call to undeclared function 'audit_log_packet_ip4'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
48 | fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
| ^
>> net/netfilter/nft_log.c:51:10: error: call to undeclared function 'audit_log_packet_ip6'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
51 | fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
| ^
net/netfilter/nft_log.c:56:9: error: call to undeclared function 'audit_log_packet_ip4'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
56 | fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
| ^
net/netfilter/nft_log.c:59:9: error: call to undeclared function 'audit_log_packet_ip6'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
59 | fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
| ^
4 errors generated.
vim +/audit_log_packet_ip4 +48 net/netfilter/nft_log.c
28
29 static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
30 {
31 struct sk_buff *skb = pkt->skb;
32 struct audit_buffer *ab;
33 int fam = -1;
34
35 if (!audit_enabled)
36 return;
37
38 ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
39 if (!ab)
40 return;
41
42 audit_log_format(ab, "mark=%#x", skb->mark);
43
44 switch (nft_pf(pkt)) {
45 case NFPROTO_BRIDGE:
46 switch (eth_hdr(skb)->h_proto) {
47 case htons(ETH_P_IP):
> 48 fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
49 break;
50 case htons(ETH_P_IPV6):
> 51 fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
52 break;
53 }
54 break;
55 case NFPROTO_IPV4:
56 fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
57 break;
58 case NFPROTO_IPV6:
59 fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
60 break;
61 }
62
63 if (fam == -1)
64 audit_log_format(ab, " saddr=? daddr=? proto=-1");
65
66 audit_log_end(ab);
67 }
68
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
2025-10-31 13:59 ` [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions Ricardo Robaina
2025-11-01 6:08 ` kernel test robot
@ 2025-11-01 13:14 ` kernel test robot
2025-11-03 11:03 ` Ricardo Robaina
1 sibling, 1 reply; 8+ messages in thread
From: kernel test robot @ 2025-11-01 13:14 UTC (permalink / raw)
To: Ricardo Robaina, audit, linux-kernel, netfilter-devel, coreteam
Cc: oe-kbuild-all, paul, eparis, fw, pablo, kadlec, Ricardo Robaina
Hi Ricardo,
kernel test robot noticed the following build errors:
[auto build test ERROR on pcmoore-audit/next]
[also build test ERROR on netfilter-nf/main nf-next/master linus/master v6.18-rc3 next-20251031]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-add-audit_log_packet_ip4-and-audit_log_packet_ip6-helper-functions/20251031-220605
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/r/cfafc5247fbfcd2561de16bcff67c1afd5676c9e.1761918165.git.rrobaina%40redhat.com
patch subject: [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
config: m68k-defconfig (https://download.01.org/0day-ci/archive/20251101/202511012016.TaXzGDDi-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 15.1.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251101/202511012016.TaXzGDDi-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202511012016.TaXzGDDi-lkp@intel.com/
All errors (new ones prefixed by >>):
net/netfilter/nft_log.c: In function 'nft_log_eval_audit':
>> net/netfilter/nft_log.c:48:31: error: implicit declaration of function 'audit_log_packet_ip4'; did you mean 'audit_log_capset'? [-Wimplicit-function-declaration]
48 | fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
| ^~~~~~~~~~~~~~~~~~~~
| audit_log_capset
>> net/netfilter/nft_log.c:51:31: error: implicit declaration of function 'audit_log_packet_ip6'; did you mean 'audit_log_capset'? [-Wimplicit-function-declaration]
51 | fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
| ^~~~~~~~~~~~~~~~~~~~
| audit_log_capset
vim +48 net/netfilter/nft_log.c
28
29 static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
30 {
31 struct sk_buff *skb = pkt->skb;
32 struct audit_buffer *ab;
33 int fam = -1;
34
35 if (!audit_enabled)
36 return;
37
38 ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
39 if (!ab)
40 return;
41
42 audit_log_format(ab, "mark=%#x", skb->mark);
43
44 switch (nft_pf(pkt)) {
45 case NFPROTO_BRIDGE:
46 switch (eth_hdr(skb)->h_proto) {
47 case htons(ETH_P_IP):
> 48 fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
49 break;
50 case htons(ETH_P_IPV6):
> 51 fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
52 break;
53 }
54 break;
55 case NFPROTO_IPV4:
56 fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
57 break;
58 case NFPROTO_IPV6:
59 fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
60 break;
61 }
62
63 if (fam == -1)
64 audit_log_format(ab, " saddr=? daddr=? proto=-1");
65
66 audit_log_end(ab);
67 }
68
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
2025-11-01 13:14 ` kernel test robot
@ 2025-11-03 11:03 ` Ricardo Robaina
0 siblings, 0 replies; 8+ messages in thread
From: Ricardo Robaina @ 2025-11-03 11:03 UTC (permalink / raw)
To: kernel test robot
Cc: audit, linux-kernel, netfilter-devel, coreteam, oe-kbuild-all,
paul, eparis, fw, pablo, kadlec
I didn't get these warning messages in my local build. I'll fix it and
submit a new version.
On Sat, Nov 1, 2025 at 10:15 AM kernel test robot <lkp@intel.com> wrote:
>
> Hi Ricardo,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on pcmoore-audit/next]
> [also build test ERROR on netfilter-nf/main nf-next/master linus/master v6.18-rc3 next-20251031]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-add-audit_log_packet_ip4-and-audit_log_packet_ip6-helper-functions/20251031-220605
> base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
> patch link: https://lore.kernel.org/r/cfafc5247fbfcd2561de16bcff67c1afd5676c9e.1761918165.git.rrobaina%40redhat.com
> patch subject: [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions
> config: m68k-defconfig (https://download.01.org/0day-ci/archive/20251101/202511012016.TaXzGDDi-lkp@intel.com/config)
> compiler: m68k-linux-gcc (GCC) 15.1.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251101/202511012016.TaXzGDDi-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202511012016.TaXzGDDi-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
> net/netfilter/nft_log.c: In function 'nft_log_eval_audit':
> >> net/netfilter/nft_log.c:48:31: error: implicit declaration of function 'audit_log_packet_ip4'; did you mean 'audit_log_capset'? [-Wimplicit-function-declaration]
> 48 | fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> | ^~~~~~~~~~~~~~~~~~~~
> | audit_log_capset
> >> net/netfilter/nft_log.c:51:31: error: implicit declaration of function 'audit_log_packet_ip6'; did you mean 'audit_log_capset'? [-Wimplicit-function-declaration]
> 51 | fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> | ^~~~~~~~~~~~~~~~~~~~
> | audit_log_capset
>
>
> vim +48 net/netfilter/nft_log.c
>
> 28
> 29 static void nft_log_eval_audit(const struct nft_pktinfo *pkt)
> 30 {
> 31 struct sk_buff *skb = pkt->skb;
> 32 struct audit_buffer *ab;
> 33 int fam = -1;
> 34
> 35 if (!audit_enabled)
> 36 return;
> 37
> 38 ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
> 39 if (!ab)
> 40 return;
> 41
> 42 audit_log_format(ab, "mark=%#x", skb->mark);
> 43
> 44 switch (nft_pf(pkt)) {
> 45 case NFPROTO_BRIDGE:
> 46 switch (eth_hdr(skb)->h_proto) {
> 47 case htons(ETH_P_IP):
> > 48 fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> 49 break;
> 50 case htons(ETH_P_IPV6):
> > 51 fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> 52 break;
> 53 }
> 54 break;
> 55 case NFPROTO_IPV4:
> 56 fam = audit_log_packet_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> 57 break;
> 58 case NFPROTO_IPV6:
> 59 fam = audit_log_packet_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> 60 break;
> 61 }
> 62
> 63 if (fam == -1)
> 64 audit_log_format(ab, " saddr=? daddr=? proto=-1");
> 65
> 66 audit_log_end(ab);
> 67 }
> 68
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT
2025-11-01 4:03 ` kernel test robot
@ 2025-11-03 11:05 ` Ricardo Robaina
0 siblings, 0 replies; 8+ messages in thread
From: Ricardo Robaina @ 2025-11-03 11:05 UTC (permalink / raw)
To: kernel test robot
Cc: audit, linux-kernel, netfilter-devel, coreteam, oe-kbuild-all,
paul, eparis, fw, pablo, kadlec
Same thing here. I didn't get these warning messages in my local
build. I'll fix it and submit a new version.
On Sat, Nov 1, 2025 at 1:05 AM kernel test robot <lkp@intel.com> wrote:
>
> Hi Ricardo,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on pcmoore-audit/next]
> [also build test ERROR on netfilter-nf/main nf-next/master linus/master v6.18-rc3 next-20251031]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Ricardo-Robaina/audit-add-audit_log_packet_ip4-and-audit_log_packet_ip6-helper-functions/20251031-220605
> base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
> patch link: https://lore.kernel.org/r/6ac2baf0d5ae176cbd3279a4dff9e2c7750c6d45.1761918165.git.rrobaina%40redhat.com
> patch subject: [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT
> config: arc-randconfig-002-20251101 (https://download.01.org/0day-ci/archive/20251101/202511011146.aPtw8SOn-lkp@intel.com/config)
> compiler: arc-linux-gcc (GCC) 8.5.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251101/202511011146.aPtw8SOn-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202511011146.aPtw8SOn-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
> kernel/audit.c: In function 'audit_log_packet_ip4':
> >> kernel/audit.c:2555:3: error: a label can only be part of a statement and a declaration is not a statement
> struct tcphdr _tcph;
> ^~~~~~
> >> kernel/audit.c:2556:3: error: expected expression before 'const'
> const struct tcphdr *th;
> ^~~~~
> >> kernel/audit.c:2558:3: error: 'th' undeclared (first use in this function); did you mean 'ih'?
> th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
> ^~
> ih
> kernel/audit.c:2558:3: note: each undeclared identifier is reported only once for each function it appears in
> kernel/audit.c:2568:3: error: a label can only be part of a statement and a declaration is not a statement
> struct udphdr _udph;
> ^~~~~~
> kernel/audit.c:2569:3: error: expected expression before 'const'
> const struct udphdr *uh;
> ^~~~~
> >> kernel/audit.c:2571:3: error: 'uh' undeclared (first use in this function); did you mean 'ih'?
> uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
> ^~
> ih
> kernel/audit.c:2580:3: error: a label can only be part of a statement and a declaration is not a statement
> struct sctphdr _sctph;
> ^~~~~~
> kernel/audit.c:2581:3: error: expected expression before 'const'
> const struct sctphdr *sh;
> ^~~~~
> >> kernel/audit.c:2583:3: error: 'sh' undeclared (first use in this function); did you mean 'ih'?
> sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
> ^~
> ih
> kernel/audit.c: In function 'audit_log_packet_ip6':
> kernel/audit.c:2616:3: error: a label can only be part of a statement and a declaration is not a statement
> struct tcphdr _tcph;
> ^~~~~~
> kernel/audit.c:2617:3: error: expected expression before 'const'
> const struct tcphdr *th;
> ^~~~~
> kernel/audit.c:2619:3: error: 'th' undeclared (first use in this function); did you mean 'ih'?
> th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
> ^~
> ih
> kernel/audit.c:2629:3: error: a label can only be part of a statement and a declaration is not a statement
> struct udphdr _udph;
> ^~~~~~
> kernel/audit.c:2630:3: error: expected expression before 'const'
> const struct udphdr *uh;
> ^~~~~
> kernel/audit.c:2632:3: error: 'uh' undeclared (first use in this function); did you mean 'ih'?
> uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
> ^~
> ih
> kernel/audit.c:2641:3: error: a label can only be part of a statement and a declaration is not a statement
> struct sctphdr _sctph;
> ^~~~~~
> kernel/audit.c:2642:3: error: expected expression before 'const'
> const struct sctphdr *sh;
> ^~~~~
> kernel/audit.c:2644:3: error: 'sh' undeclared (first use in this function); did you mean 'ih'?
> sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
> ^~
> ih
>
>
> vim +2555 kernel/audit.c
>
> 2543
> 2544 bool audit_log_packet_ip4(struct audit_buffer *ab, struct sk_buff *skb)
> 2545 {
> 2546 struct iphdr _iph;
> 2547 const struct iphdr *ih;
> 2548
> 2549 ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph);
> 2550 if (!ih)
> 2551 return false;
> 2552
> 2553 switch (ih->protocol) {
> 2554 case IPPROTO_TCP:
> > 2555 struct tcphdr _tcph;
> > 2556 const struct tcphdr *th;
> 2557
> > 2558 th = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_tcph), &_tcph);
> 2559 if (!th)
> 2560 return false;
> 2561
> 2562 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
> 2563 &ih->saddr, &ih->daddr, ih->protocol,
> 2564 ntohs(th->source), ntohs(th->dest));
> 2565 break;
> 2566 case IPPROTO_UDP:
> 2567 case IPPROTO_UDPLITE:
> 2568 struct udphdr _udph;
> 2569 const struct udphdr *uh;
> 2570
> > 2571 uh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_udph), &_udph);
> 2572 if (!uh)
> 2573 return false;
> 2574
> 2575 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
> 2576 &ih->saddr, &ih->daddr, ih->protocol,
> 2577 ntohs(uh->source), ntohs(uh->dest));
> 2578 break;
> 2579 case IPPROTO_SCTP:
> 2580 struct sctphdr _sctph;
> 2581 const struct sctphdr *sh;
> 2582
> > 2583 sh = skb_header_pointer(skb, skb_transport_offset(skb), sizeof(_sctph), &_sctph);
> 2584 if (!sh)
> 2585 return false;
> 2586
> 2587 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu sport=%hu dport=%hu",
> 2588 &ih->saddr, &ih->daddr, ih->protocol,
> 2589 ntohs(sh->source), ntohs(sh->dest));
> 2590 break;
> 2591 default:
> 2592 audit_log_format(ab, " saddr=%pI4 daddr=%pI4 proto=%hhu",
> 2593 &ih->saddr, &ih->daddr, ih->protocol);
> 2594 }
> 2595
> 2596 return true;
> 2597 }
> 2598 EXPORT_SYMBOL(audit_log_packet_ip4);
> 2599
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-11-03 11:05 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-31 13:59 [PATCH v4 0/2] audit: improve NETFILTER_PKT records Ricardo Robaina
2025-10-31 13:59 ` [PATCH v4 1/2] audit: add audit_log_packet_ip4 and audit_log_packet_ip6 helper functions Ricardo Robaina
2025-11-01 6:08 ` kernel test robot
2025-11-01 13:14 ` kernel test robot
2025-11-03 11:03 ` Ricardo Robaina
2025-10-31 13:59 ` [PATCH v4 2/2] audit: include source and destination ports to NETFILTER_PKT Ricardo Robaina
2025-11-01 4:03 ` kernel test robot
2025-11-03 11:05 ` Ricardo Robaina
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).