From 0c7c123fd92cafcc1b25c73d6a9b849d1f9766dd Mon Sep 17 00:00:00 2001
From: yo <johan@nosd.in>
Date: Tue, 4 Jan 2022 10:22:57 +0100
Subject: [PATCH] Ipv4/v6 distinction fix

---
 libbsm.go | 122 +++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 102 insertions(+), 20 deletions(-)

diff --git a/libbsm.go b/libbsm.go
index 2010bb3..1064b51 100644
--- a/libbsm.go
+++ b/libbsm.go
@@ -225,8 +225,9 @@ type Tid32 struct {
 type Tid32Ex struct {
 	Port	uint32
 	Ttype	uint32
-	IpVers	uint32			// 0x10 = IPv6
-	Addr	[4]uint32		// 4 bytes long if IpVers == 0x10, 1 byte long if IpVers == 4
+	IpVers	uint32			// 0x10 = IPv6, 0x04 = IPv4
+	Addr4	uint32			// 4 bytes long if IpVers == 0x04
+	Addr6	[4]uint32		// 4x4 bytes long if IpVers == 0x10
 }
 
 type Subject64 struct {
@@ -264,8 +265,9 @@ type Tid64 struct {
 type Tid64Ex struct {
 	Port	uint64
 	Ttype	uint32
-	IpVers	uint32			// 0x10 = IPv6
-	Addr	[4]uint32
+	IpVers	uint32			// 0x10 = IPv6, 0x04 = IPv4
+	Addr4	uint32
+	Addr6	[4]uint32
 }
 
 type Exit struct {
@@ -696,16 +698,36 @@ func (s *Subject32Ex) LoadFromBinary(file *os.File) error {
 	err = binary.Read(file, binary.BigEndian, &s.Sid)
 	if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Sid from file: %v", err) }
 
-	err = binary.Read(file, binary.BigEndian, &s.Tid)
-	if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid from file: %v", err) }
+	err = binary.Read(file, binary.BigEndian, &s.Tid.Port)
+	if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Port from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &s.Tid.Ttype)
+	if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Ttype from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &s.Tid.IpVers)
+	if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.IpVers from file: %v", err) }
+
+	if s.Tid.IpVers == 0x10 {
+		err = binary.Read(file, binary.BigEndian, &s.Tid.Addr6)
+		if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr6 from file: %v", err) }
+	} else if s.Tid.IpVers == 0x04 {
+		err = binary.Read(file, binary.BigEndian, &s.Tid.Addr4)
+		if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr4 from file: %v", err) }
+	}
 
 	return nil
 }
 
 func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
-	fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
+	if s.Tid.IpVers == 0x04 {
+		fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
 				delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
-				s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr))
+				s.Tid.Ttype, delimiter, PrintIpv4FromInt(s.Tid.Addr4))
+	} else {
+		fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
+				delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
+				s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr6))
+	}
 	if 0 == (flags & PRT_ONELINE) {
 		fmt.Fprintf(file, "\n")
 	}
@@ -748,16 +770,36 @@ func (p *Process32Ex) LoadFromBinary(file *os.File) error {
 	err = binary.Read(file, binary.BigEndian, &p.Sid)
 	if err != nil { return fmt.Errorf("Unable to read Process32Ex.Sid from file: %v", err) }
 
-	err = binary.Read(file, binary.BigEndian, &p.Tid)
-	if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid from file: %v", err) }
+	err = binary.Read(file, binary.BigEndian, &p.Tid.Port)
+	if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Port from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &p.Tid.Ttype)
+	if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Ttype from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &p.Tid.IpVers)
+	if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.IpVers from file: %v", err) }
+
+	if p.Tid.IpVers == 0x10 {
+		err = binary.Read(file, binary.BigEndian, &p.Tid.Addr6)
+		if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr6 from file: %v", err) }
+	} else if p.Tid.IpVers == 0x04 {
+		err = binary.Read(file, binary.BigEndian, &p.Tid.Addr4)
+		if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr4 from file: %v", err) }
+	}
 
 	return nil
 }
 
 func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
-	fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
+	if p.Tid.IpVers == 0x04 {
+		fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
 				delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
-				p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr))
+				p.Tid.Ttype, delimiter, PrintIpv4FromInt(p.Tid.Addr4))
+	} else {
+		fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
+				delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
+				p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr6))
+	}
 	if 0 == (flags & PRT_ONELINE) {
 		fmt.Fprintf(file, "\n")
 	}
@@ -901,16 +943,36 @@ func (s *Subject64Ex) LoadFromBinary(file *os.File) error {
 	err = binary.Read(file, binary.BigEndian, &s.Sid)
 	if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Sid from file: %v", err) }
 
-	err = binary.Read(file, binary.BigEndian, &s.Tid)
-	if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid from file: %v", err) }
+	err = binary.Read(file, binary.BigEndian, &s.Tid.Port)
+	if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Port from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &s.Tid.Ttype)
+	if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Ttype from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &s.Tid.IpVers)
+	if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.IpVers from file: %v", err) }
+
+	if s.Tid.IpVers == 0x10 {
+		err = binary.Read(file, binary.BigEndian, &s.Tid.Addr6)
+		if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr6 from file: %v", err) }
+	} else if s.Tid.IpVers == 0x04 {
+		err = binary.Read(file, binary.BigEndian, &s.Tid.Addr4)
+		if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr4 from file: %v", err) }
+	}
 
 	return nil
 }
 
 func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
-	fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
+	if s.Tid.IpVers == 0x04 {
+		fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
 				delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
-				s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr))
+				s.Tid.Ttype, delimiter, PrintIpv4FromInt(s.Tid.Addr4))
+	} else {
+		fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
+				delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
+				s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr6))
+	}
 	if 0 == (flags & PRT_ONELINE) {
 		fmt.Fprintf(file, "\n")
 	}
@@ -952,16 +1014,36 @@ func (p *Process64Ex) LoadFromBinary(file *os.File) error {
 	err = binary.Read(file, binary.BigEndian, &p.Sid)
 	if err != nil { return fmt.Errorf("Unable to read Process64Ex.Sid from file: %v", err) }
 
-	err = binary.Read(file, binary.BigEndian, &p.Tid)
-	if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid from file: %v", err) }
+	err = binary.Read(file, binary.BigEndian, &p.Tid.Port)
+	if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Port from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &p.Tid.Ttype)
+	if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Ttype from file: %v", err) }
+
+	err = binary.Read(file, binary.BigEndian, &p.Tid.IpVers)
+	if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.IpVers from file: %v", err) }
+
+	if p.Tid.IpVers == 0x10 {
+		err = binary.Read(file, binary.BigEndian, &p.Tid.Addr6)
+		if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr6 from file: %v", err) }
+	} else if p.Tid.IpVers == 0x04 {
+		err = binary.Read(file, binary.BigEndian, &p.Tid.Addr4)
+		if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr4 from file: %v", err) }
+	}
 
 	return nil
 }
 
 func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
-	fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
+	if p.Tid.IpVers == 0x04 {
+		fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
 				delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
-				p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr))
+				p.Tid.Ttype, delimiter, PrintIpv4FromInt(p.Tid.Addr4))
+	} else {
+		fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
+				delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
+				p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr6))
+	}
 	if 0 == (flags & PRT_ONELINE) {
 		fmt.Fprintf(file, "\n")
 	}