Description of problem: Currently the netmask/prefix-length of an IPsec SPD entry is not included in any of the SPD related audit messages. This can cause problems when the audit log is examined as the netmask/prefix-length is vital in determining what network traffic is affected by a particular SPD entry. A patch has already been submitted and accepted upstream for the 2.6.25 kernel which addresses this issue: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.25.git;a=commit;h=72d1492e7433ae296d0dff549a70e8677b5f0cd3 Version-Release number of selected component (if applicable): kernel-2.6.18-58.el5 How reproducible: Everytime Steps to Reproduce: 1. Create a new IPsec SPD entry using a network address, not a host address 2. Examine the audit log for the IPsec SPD entry Actual results: Missing netmask/prefix-length information Expected results: The SPD's netmask/prefix-length information is included in the audit record
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
in 2.6.18-62.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0314.html