include/linux/audit.h | 8 ++ kernel/audit.c | 159 +++++++++++++++++++++++++++++++++++++++ net/netfilter/nft_log.c | 58 +------------- net/netfilter/xt_AUDIT.c | 58 +------------- 4 files changed, 169 insertions(+), 114 deletions(-)
Currently, NETFILTER_PKT records lack source and destination port information, which is often valuable for troubleshooting. This patch series adds ports numbers, to NETFILTER_PKT records. The first patch refactors netfilter-related code, by moving duplicated code to audit.c, by creating audit_log_nf_skb() helper function. The second one, improves the NETFILTER_PKT records, by including source and destination ports for protocols of interest. Ricardo Robaina (2): audit: add audit_log_nf_skb helper function audit: include source and destination ports to NETFILTER_PKT include/linux/audit.h | 8 ++ kernel/audit.c | 159 +++++++++++++++++++++++++++++++++++++++ net/netfilter/nft_log.c | 58 +------------- net/netfilter/xt_AUDIT.c | 58 +------------- 4 files changed, 169 insertions(+), 114 deletions(-) -- 2.51.1
On Fri, Nov 14, 2025 at 7:36 AM Ricardo Robaina <rrobaina@redhat.com> wrote: > > Currently, NETFILTER_PKT records lack source and destination > port information, which is often valuable for troubleshooting. > This patch series adds ports numbers, to NETFILTER_PKT records. > > The first patch refactors netfilter-related code, by moving > duplicated code to audit.c, by creating audit_log_nf_skb() > helper function. > The second one, improves the NETFILTER_PKT records, by > including source and destination ports for protocols of > interest. > > Ricardo Robaina (2): > audit: add audit_log_nf_skb helper function > audit: include source and destination ports to NETFILTER_PKT > > include/linux/audit.h | 8 ++ > kernel/audit.c | 159 +++++++++++++++++++++++++++++++++++++++ > net/netfilter/nft_log.c | 58 +------------- > net/netfilter/xt_AUDIT.c | 58 +------------- > 4 files changed, 169 insertions(+), 114 deletions(-) Thanks Ricardo, both patches look good to me, I'm going to merge them into audit/dev-staging just to get some very basic testing, but if I can get an ACK from Florian on the patchset I'll go ahead and move the patches over to audit/dev (feeds into linux-next and the next merge window). -- paul-moore.com
On Mon, Dec 15, 2025 at 9:07 PM Paul Moore <paul@paul-moore.com> wrote: > On Fri, Nov 14, 2025 at 7:36 AM Ricardo Robaina <rrobaina@redhat.com> wrote: > > > > Currently, NETFILTER_PKT records lack source and destination > > port information, which is often valuable for troubleshooting. > > This patch series adds ports numbers, to NETFILTER_PKT records. > > > > The first patch refactors netfilter-related code, by moving > > duplicated code to audit.c, by creating audit_log_nf_skb() > > helper function. > > The second one, improves the NETFILTER_PKT records, by > > including source and destination ports for protocols of > > interest. > > > > Ricardo Robaina (2): > > audit: add audit_log_nf_skb helper function > > audit: include source and destination ports to NETFILTER_PKT > > > > include/linux/audit.h | 8 ++ > > kernel/audit.c | 159 +++++++++++++++++++++++++++++++++++++++ > > net/netfilter/nft_log.c | 58 +------------- > > net/netfilter/xt_AUDIT.c | 58 +------------- > > 4 files changed, 169 insertions(+), 114 deletions(-) > > Thanks Ricardo, both patches look good to me, I'm going to merge them > into audit/dev-staging just to get some very basic testing, but if I > can get an ACK from Florian on the patchset I'll go ahead and move the > patches over to audit/dev (feeds into linux-next and the next merge > window). I just moved these patches in audit/dev with Florian's ACK. Thanks everyone! -- paul-moore.com
On Tue, Dec 16, 2025 at 1:10 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Dec 15, 2025 at 9:07 PM Paul Moore <paul@paul-moore.com> wrote: > > On Fri, Nov 14, 2025 at 7:36 AM Ricardo Robaina <rrobaina@redhat.com> wrote: > > > > > > Currently, NETFILTER_PKT records lack source and destination > > > port information, which is often valuable for troubleshooting. > > > This patch series adds ports numbers, to NETFILTER_PKT records. > > > > > > The first patch refactors netfilter-related code, by moving > > > duplicated code to audit.c, by creating audit_log_nf_skb() > > > helper function. > > > The second one, improves the NETFILTER_PKT records, by > > > including source and destination ports for protocols of > > > interest. > > > > > > Ricardo Robaina (2): > > > audit: add audit_log_nf_skb helper function > > > audit: include source and destination ports to NETFILTER_PKT > > > > > > include/linux/audit.h | 8 ++ > > > kernel/audit.c | 159 +++++++++++++++++++++++++++++++++++++++ > > > net/netfilter/nft_log.c | 58 +------------- > > > net/netfilter/xt_AUDIT.c | 58 +------------- > > > 4 files changed, 169 insertions(+), 114 deletions(-) > > > > Thanks Ricardo, both patches look good to me, I'm going to merge them > > into audit/dev-staging just to get some very basic testing, but if I > > can get an ACK from Florian on the patchset I'll go ahead and move the > > patches over to audit/dev (feeds into linux-next and the next merge > > window). > > I just moved these patches in audit/dev with Florian's ACK. Thanks everyone! > > -- > paul-moore.com > I'm happy to hear it. Thanks, Paul and Florian!
© 2016 - 2025 Red Hat, Inc.