linux/net/bridge/netfilter
Richard Guy Briggs c4dad0aab3 audit: tidy and extend netfilter_cfg x_tables
NETFILTER_CFG record generation was inconsistent for x_tables and
ebtables configuration changes.  The call was needlessly messy and there
were supporting records missing at times while they were produced when
not requested.  Simplify the logging call into a new audit_log_nfcfg
call.  Honour the audit_enabled setting while more consistently
recording information including supporting records by tidying up dummy
checks.

Add an op= field that indicates the operation being performed (register
or replace).

Here is the enhanced sample record:
  type=NETFILTER_CFG msg=audit(1580905834.919:82970): table=filter family=2 entries=83 op=replace

Generate audit NETFILTER_CFG records on ebtables table registration.
Previously this was being done for x_tables registration and replacement
operations and ebtables table replacement only.

See: https://github.com/linux-audit/audit-kernel/issues/25
See: https://github.com/linux-audit/audit-kernel/issues/35
See: https://github.com/linux-audit/audit-kernel/issues/43

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2020-04-28 17:52:42 -04:00
..
ebt_802_3.c netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers 2019-09-13 12:32:48 +02:00
ebt_among.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_arp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_arpreply.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_dnat.c bridge: ebtables: don't crash when using dnat target in output chains 2019-11-04 20:58:34 +01:00
ebt_ip6.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_ip.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_limit.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_log.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_mark_m.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_mark.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_nflog.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_pkttype.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_redirect.c netfilter: bridge: convert skb_make_writable to skb_ensure_writable 2019-05-31 18:02:43 +02:00
ebt_snat.c netfilter: bridge: convert skb_make_writable to skb_ensure_writable 2019-05-31 18:02:43 +02:00
ebt_stp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebt_vlan.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
ebtable_broute.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebtable_filter.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebtable_nat.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ebtables.c audit: tidy and extend netfilter_cfg x_tables 2020-04-28 17:52:42 -04:00
Kconfig netfilter: bridge: make NF_TABLES_BRIDGE tristate 2019-07-19 18:08:14 +02:00
Makefile netfilter: nft_meta: move bridge meta keys into nft_meta_bridge 2019-07-05 21:34:47 +02:00
nf_conntrack_bridge.c ipv4: fix IPSKB_FRAG_PMTU handling with fragmentation 2019-10-21 10:46:42 -07:00
nf_log_bridge.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nft_meta_bridge.c netfilter: nft_meta_bridge: Fix get NFT_META_BRI_IIFVPROTO in network byteorder 2019-08-30 02:49:04 +02:00
nft_reject_bridge.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00