netfilter: ebtables: create audit records for replaces

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This is already done for x_tables (family AF_INET and AF_INET6), let's
do it for AF_BRIDGE also.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Nicolas Dichtel and committed by

Pablo Neira Ayuso 11 years ago c55fbbb4 e42eff8a

+15

1 changed file

expand all

net

bridge

netfilter

ebtables.c

+15

net/bridge/netfilter/ebtables.c

··· 26 26 #include <asm/uaccess.h> 27 27 #include <linux/smp.h> 28 28 #include <linux/cpumask.h> 29 + #include <linux/audit.h> 29 30 #include <net/sock.h> 30 31 /* needed for logical [in,out]-dev filtering */ 31 32 #include "../br_private.h" ··· 1059 1058 vfree(table); 1060 1059 1061 1060 vfree(counterstmp); 1061 + 1062 + #ifdef CONFIG_AUDIT 1063 + if (audit_enabled) { 1064 + struct audit_buffer *ab; 1065 + 1066 + ab = audit_log_start(current->audit_context, GFP_KERNEL, 1067 + AUDIT_NETFILTER_CFG); 1068 + if (ab) { 1069 + audit_log_format(ab, "table=%s family=%u entries=%u", 1070 + repl->name, AF_BRIDGE, repl->nentries); 1071 + audit_log_end(ab); 1072 + } 1073 + } 1074 + #endif 1062 1075 return ret; 1063 1076 1064 1077 free_unlock: