audit: normalize NETFILTER_PKT
authorRichard Guy Briggs <rgb@redhat.com>
Tue, 2 May 2017 14:16:04 +0000 (10:16 -0400)
committerPaul Moore <paul@paul-moore.com>
Tue, 2 May 2017 14:16:04 +0000 (10:16 -0400)
commit2173c519d5e912a6e2934bb04255fcd36c1591c8
tree86334f8277c25e1d29516f23363c1b3cd2ad97e0
parent0cb88b6ff054ccfa30e0fd7f7b42ee9f088db432
audit: normalize NETFILTER_PKT

Eliminate flipping in and out of message fields, dropping fields in the
process.

Sample raw message format IPv4 UDP:
type=NETFILTER_PKT msg=audit(1487874761.386:228):  mark=0xae8a2732 saddr=127.0.0.1 daddr=127.0.0.1 proto=17^]
Sample raw message format IPv6 ICMP6:
type=NETFILTER_PKT msg=audit(1487874761.381:227):  mark=0x223894b7 saddr=::1 daddr=::1 proto=58^]

Issue: https://github.com/linux-audit/audit-kernel/issues/11
Test case: https://github.com/linux-audit/audit-testsuite/issues/43

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
net/netfilter/xt_AUDIT.c