Re: Missing audit information in xfrm_audit_common_policyinfo()?

Monday, 26 November 2007

On Monday 26 November 2007 11:47:09 am Joy Latten wrote:
...
 Paul Moore <paul.moore(a)hp.com&gt; wrote on 11/21/2007 03:34:31
PM:
 > I just noticed that the IPsec auditing code does not appear to audit the
 >
 > netmask for the selector source and destination addresses in
 > xfrm_audit_common_policyinfo().  Before I threw a patch together I

 thought I

 > would check to see if there was a reason for this that I am missing ...

 I don't think we ever discussed including netmask when we added the
 ipsec audit info... 
Hmmm ... okay.  I'm almost certain it should be included when auditing changes 
to the SPD as the netmask/prefixlen is very important when considering which 
traffic will be matched by a particular SPD entry.

I'm working on a patch now.

-- 
paul moore
linux security @ hp

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004