From owner-freebsd-hackers@FreeBSD.ORG  Thu Jul 28 19:26:16 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D64BC106564A
	for <freebsd-hackers@freebsd.org>; Thu, 28 Jul 2011 19:26:16 +0000 (UTC)
	(envelope-from s@samu.pl)
Received: from samu.pl (samu.pl [IPv6:2001:41d0:1:f0cf::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 7501F8FC1A
	for <freebsd-hackers@freebsd.org>; Thu, 28 Jul 2011 19:26:16 +0000 (UTC)
Received: by samu.pl (Postfix, from userid 1001)
	id 02B7ECD665; Thu, 28 Jul 2011 21:26:15 +0200 (CEST)
To: <freebsd-hackers@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Thu, 28 Jul 2011 21:26:14 +0200
From: s <s@samu.pl>
Message-ID: <86304693fe3634eeb038db14bdee8779@samu.pl>
X-Sender: s@samu.pl
User-Agent: RoundCube Webmail/0.5.1
Subject: MAC Framework, Socket information
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 19:26:16 -0000

 Hi,

 I need to get some info about the socket being created by the user. 
 What I want to do is log all TCP/UDP outgoing connections that are being 
 made. I *need* to get the local and remote address, as well as the local 
 and remote port. I managed to get all of the remote data, but this is 
 useless to me, if I haven't got the local port. Here is what I have 
 already written:

 static int slog_socket_check_connect(struct ucred *cred,
     struct socket *socket, struct label *socketlabel,
     struct sockaddr *sockaddr)
 {
     if(sockaddr->sa_family == AF_INET) {
         struct sockaddr_in sa;
             log(LOG_SECURITY | LOG_DEBUG, "Somebody made a socket: 
 %d:%d (%d)\n",
                 cred->cr_ruid,
                 ntohs(((struct sockaddr_in*)sockaddr)->sin_port),
                 ntohs(((struct in_endpoints*)sockaddr)->ie_lport)
                 );
     }
     return 0;
 }

-- 
 Pozdrawiam,
 Jakub 'samu' Szafrański