[PATCH]: 2nd revision of make xfrm_audit_log more generic
David Miller
davem at davemloft.net
Thu Jul 26 00:17:23 UTC 2007
From: Joy Latten <latten at austin.ibm.com>
Date: Wed, 25 Jul 2007 14:21:43 -0500
> This is 2nd revision of patch to modify xfrm_audit_log() such
> that it can accomodate auditing other ipsec events
> besides add/delete of an SA or SPD entry.
>
> 2nd revision includes new define for all IPsec
> events in audit.h and introduces "op=" entry
> in logfile as well as add a hyphen in description
> for report parsing.
>
> This is a small change to accomodate updating
> ipsec protocol to RFCs 4301, 4302 and 4303 which
> require auditing some ipsec events if auditing
> is available. Please let me know if ok.
>
> Signed-off-by: Joy Latten <latten at austin.ibm.com>
I like very much how the implementation of xfrm_audit_log() got
simplified.
But _TEN_ function call arguments, good grief!
That's at least twice as many as most cpus can pass in registers.
Let's try an alternative where you have specialized
xfrm_audit_log_foo() routines that take a user policy pointer, or
whatever the main object is.
If internally this just unpacks the needed bits and calls some
do_xfrm_audit_log() thing inside of the auditing code that takes lots
of arguments, that's fine, but let's not expand all of that argument
setup code in the main IPSEC code paths.
More information about the Linux-audit
mailing list