1ca0716f5SRobert Watson.\"- 2ca0716f5SRobert Watson.\" Copyright (c) 2005 Robert N. M. Watson 3ca0716f5SRobert Watson.\" All rights reserved. 4ca0716f5SRobert Watson.\" 5ca0716f5SRobert Watson.\" Redistribution and use in source and binary forms, with or without 6ca0716f5SRobert Watson.\" modification, are permitted provided that the following conditions 7ca0716f5SRobert Watson.\" are met: 8ca0716f5SRobert Watson.\" 1. Redistributions of source code must retain the above copyright 9ca0716f5SRobert Watson.\" notice, this list of conditions and the following disclaimer. 10ca0716f5SRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright 11ca0716f5SRobert Watson.\" notice, this list of conditions and the following disclaimer in the 12ca0716f5SRobert Watson.\" documentation and/or other materials provided with the distribution. 13ca0716f5SRobert Watson.\" 14ca0716f5SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15ca0716f5SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16ca0716f5SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17ca0716f5SRobert Watson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18ca0716f5SRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19ca0716f5SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20ca0716f5SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21ca0716f5SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22ca0716f5SRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23ca0716f5SRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24ca0716f5SRobert Watson.\" SUCH DAMAGE. 25ca0716f5SRobert Watson.\" 26742561f0SRobert Watson.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#7 $ 27ca0716f5SRobert Watson.\" 28ca0716f5SRobert Watson.Dd May 1, 2005 29ca0716f5SRobert Watson.Dt AUDIT.LOG 5 30ca0716f5SRobert Watson.Os 31ca0716f5SRobert Watson.Sh NAME 32ca0716f5SRobert Watson.Nm audit 33ca0716f5SRobert Watson.Nd "Basic Security Module (BSM) File Format" 34ca0716f5SRobert Watson.Sh DESCRIPTION 35ca0716f5SRobert WatsonThe 36ca0716f5SRobert Watson.Nm 37ca0716f5SRobert Watsonfile format is based on Sun's Basic Security Module (BSM) file format, a 38ca0716f5SRobert Watsontoken-based record stream to represent system audit data. 39ca0716f5SRobert WatsonThis file format is both flexible and extensible, able to describe a broad 40ca0716f5SRobert Watsonrange of data types, and easily extended to describe new data types in a 41ca0716f5SRobert Watsonmoderately backward and forward compatible way. 42ca0716f5SRobert Watson.Pp 43ca0716f5SRobert WatsonBSM token streams typically begin and end with a 44ca0716f5SRobert Watson.Dv file 45ca0716f5SRobert Watsontoken, which provides time stamp and file name information for the stream; 46ca0716f5SRobert Watsonwhen processing a BSM token stream from a stream as opposed to a single file 47ca0716f5SRobert Watsonsource, file tokens may be seen at any point between ordinary records 48ca0716f5SRobert Watsonidentifying when particular parts of the stream begin and end. 49ca0716f5SRobert WatsonAll other tokens will appear in the context of a complete BSM audit record, 50ca0716f5SRobert Watsonwhich begins with a 51ca0716f5SRobert Watson.Dv header 52ca0716f5SRobert Watsontoken, and ends with a 53ca0716f5SRobert Watson.Dv trailer 54ca0716f5SRobert Watsontoken, which describe the audit record. 55ca0716f5SRobert WatsonBetween these two tokens will appear a variety of data tokens, such as 56ca0716f5SRobert Watsonprocess information, file path names, IPC object information, MAC labels, 57ca0716f5SRobert Watsonsocket information, and so on. 58ca0716f5SRobert Watson.Pp 59ca0716f5SRobert WatsonThe BSM file format defines specific token orders for each record event type; 60ca0716f5SRobert Watsonhowever, some variation may occur depending on the operating system in use, 61ca0716f5SRobert Watsonwhat system options, such as mandatory access control, are present. 62ca0716f5SRobert Watson.Pp 63ca0716f5SRobert WatsonThis manual page documents the common token types and their binary format, and 64ca0716f5SRobert Watsonis intended for reference purposes only. 65ca0716f5SRobert WatsonIt is recommended that application programmers use the 66ca0716f5SRobert Watson.Xr libbsm 3 67ca0716f5SRobert Watsoninterface to read and write tokens, rather than parsing or constructing 68ca0716f5SRobert Watsonrecords by hand. 69ca0716f5SRobert Watson.Ss File Token 70ca0716f5SRobert WatsonThe 71ca0716f5SRobert Watson.Dv file 72ca0716f5SRobert Watsontoken is used at the beginning and end of an audit log file to indicate 73ca0716f5SRobert Watsonwhen the audit log begins and ends. 74ca0716f5SRobert WatsonIt includes a pathname so that, if concatenated together, original file 75ca0716f5SRobert Watsonboundaries are still observable, and gaps in the audit log can be identified. 76ca0716f5SRobert WatsonA 77ca0716f5SRobert Watson.Dv file 78ca0716f5SRobert Watsontoken can be created using 79ca0716f5SRobert Watson.Xr au_to_file 3 . 80ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 81ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 82ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 83ca0716f5SRobert Watson.It Li "Seconds" Ta "4 bytes" Ta "File time stamp" 84ca0716f5SRobert Watson.It Li "Microseconds" Ta "4 bytes" Ta "File time stamp" 85ca0716f5SRobert Watson.It Li "File name lengh" Ta "2 bytes" Ta "File name of audit trail" 86ca0716f5SRobert Watson.It Li "File pathname" Ta "N bytes + 1 nul" Ta "File name of audit trail" 87ca0716f5SRobert Watson.El 88ca0716f5SRobert Watson.Ss Header Token 89ca0716f5SRobert WatsonThe 90ca0716f5SRobert Watson.Dv header 91ca0716f5SRobert Watsontoken is used to mark the beginning of a complete audit record, and includes 92ca0716f5SRobert Watsonthe length of the total record in bytes, a version number for the record 93ca0716f5SRobert Watsonlayout, the event type and subtype, and the time at which the event occurred. 94ca0716f5SRobert WatsonA 95ca0716f5SRobert Watson.Dv header 96ca0716f5SRobert Watsontoken can be created using 97ca0716f5SRobert Watson.Xr au_to_header32 3 . 98ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 99ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 100ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 101ca0716f5SRobert Watson.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record" 102ca0716f5SRobert Watson.It Li "Version Number" Ta "2 bytes" Ta "Record version number" 103ca0716f5SRobert Watson.It Li "Event Type" Ta "2 bytes" Ta "Event type" 104ca0716f5SRobert Watson.It Li "Event Modifier" Ta "2 bytes" Ta "Event sub-type" 105ca0716f5SRobert Watson.It Li "Seconds" Ta "4/8 bytes" Ta "Record time stamp (32/64-bits)" 106ca0716f5SRobert Watson.It Li "Nanoseconds" Ta "4/8 byets" Ta "Record time stamp (32/64-bits)" 107ca0716f5SRobert Watson.El 108ca0716f5SRobert Watson.Ss Expanded Header Token 109ca0716f5SRobert WatsonThe 110ca0716f5SRobert Watson.Dv expanded header 111ca0716f5SRobert Watsontoken is an expanded version of the 112ca0716f5SRobert Watson.Dv header 113ca0716f5SRobert Watsontoken, with the addition of a machine IPv4 or IPv6 address. 114ca0716f5SRobert WatsonThe 115ca0716f5SRobert Watson.Xr libbsm 3 116ca0716f5SRobert WatsonAPI cannot currently create an 117ca0716f5SRobert Watson.Dv expanded header 118ca0716f5SRobert Watsontoken. 119ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 120ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 121ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 122ca0716f5SRobert Watson.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record" 123ca0716f5SRobert Watson.It Li "Version Number" Ta "2 bytes" Ta "Record version number" 124ca0716f5SRobert Watson.It Li "Event Type" Ta "2 bytes" Ta "Event type" 125ca0716f5SRobert Watson.It Li "Event Modifier" Ta "2 bytes" Ta "Event sub-type" 126ca0716f5SRobert Watson.It Li "Address Type/Length" Ta "1 byte" Ta "Host address type and length" 127ca0716f5SRobert Watson.It Li "Machine Address" Ta "4/16 bytes" Ta "IPv4 or IPv6 address" 128ca0716f5SRobert Watson.It Li "Seconds" Ta "4/8 bytes" Ta "Record time stamp (32/64-bits)" 129ca0716f5SRobert Watson.It Li "Nanoseconds" Ta "4/8 byets" Ta "Record time stamp (32/64-bits)" 130ca0716f5SRobert Watson.El 131ca0716f5SRobert Watson.Ss Trailer Token 132ca0716f5SRobert WatsonThe 133ca0716f5SRobert Watson.Dv trailer 134ca0716f5SRobert Watsonterminates a BSM audit record, and contains a magic number, 135ca0716f5SRobert Watson.Dv TRAILER_PAD_MAGIC 136ca0716f5SRobert Watsonand length that can be used to validate that the record was read properly. 137ca0716f5SRobert WatsonA 138ca0716f5SRobert Watson.Dv trailer 139ca0716f5SRobert Watsontoken can be created using 140ca0716f5SRobert Watson.Xr au_to_trailer 3 . 141ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 142ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 143ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 144ca0716f5SRobert Watson.It Li "Trailer Magic" Ta "2 bytes" Ta "Trailer magic number" 145ca0716f5SRobert Watson.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record" 146ca0716f5SRobert Watson.El 147ca0716f5SRobert Watson.Ss Arbitrary Data Token 148ca0716f5SRobert WatsonThe 149ca0716f5SRobert Watson.Dv arbitrary data 150ca0716f5SRobert Watsontoken contains a byte stream of opaque (untyped) data. 151ca0716f5SRobert WatsonThe size of the data is calculated as the size of each unit of data 152ca0716f5SRobert Watsonmultipled by the number of units of data. 153ca0716f5SRobert WatsonA 154ca0716f5SRobert Watson.Dv How to print 155ca0716f5SRobert Watsonfield is present to specify how to print the data, but interpretation of 156ca0716f5SRobert Watsonthat field is not currently defined. 157ca0716f5SRobert WatsonThe 158ca0716f5SRobert Watson.Xr libbsm 3 159ca0716f5SRobert WatsonAPI cannot currently create an 160ca0716f5SRobert Watson.Dv arbitrary data 161ca0716f5SRobert Watsontoken. 162ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 163ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 164ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 165ca0716f5SRobert Watson.It Li "How to Print" Ta "1 byte" Ta "User-defined printing information" 166ca0716f5SRobert Watson.It Li "Basic Unit" Ta "1 byte" Ta "Size of a unit in bytes" 167ca0716f5SRobert Watson.It Li "Unit Count" Ta "1 byte" Ta "Number of units of data present" 168ca0716f5SRobert Watson.It Li "Data Items" Ta "Variable" Ta "User data" 169ca0716f5SRobert Watson.El 170ca0716f5SRobert Watson.Ss in_addr Token 171ca0716f5SRobert WatsonThe 172ca0716f5SRobert Watson.Dv in_addr 173ca0716f5SRobert Watsontoken holds a network byte order IPv4 or IPv6 address. 174ca0716f5SRobert WatsonAn 175ca0716f5SRobert Watson.Dv in_addr 176ca0716f5SRobert Watsontoken can be created using 177ca0716f5SRobert Watson.Xr au_to_in_addr 3 178ca0716f5SRobert Watsonfor an IPv4 address, or 179ca0716f5SRobert Watson.Xr au_to_in_addr_ex 3 180ca0716f5SRobert Watsonfor an IPv6 address. 181ca0716f5SRobert Watson.Pp 182ca0716f5SRobert WatsonSee the BUGS section for information on the storage of this token. 183ca0716f5SRobert Watson.Pp 184ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 185ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 186ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 187ca0716f5SRobert Watson.It Li "IP Address Type" Ta "1 byte" Ta "Type of address" 188ca0716f5SRobert Watson.It Li "IP Address" Ta "4/16 bytes" Ta "IPv4 or IPv6 address" 189ca0716f5SRobert Watson.El 190ca0716f5SRobert Watson.Ss Expanded in_addr Token 191ca0716f5SRobert WatsonThe 192ca0716f5SRobert Watson.Dv expanded in_addr 193ca0716f5SRobert Watsontoken ... 194ca0716f5SRobert Watson.Pp 195ca0716f5SRobert WatsonSee the BUGS section for information on the storage of this token. 196ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 197ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 198ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 199ca0716f5SRobert Watson.It XXXX 200ca0716f5SRobert Watson.El 201ca0716f5SRobert Watson.Ss ip Token 202ca0716f5SRobert WatsonThe 203ca0716f5SRobert Watson.Dv ip 204ca0716f5SRobert Watsontoken contains an IP packet header in network byte order. 205ca0716f5SRobert WatsonAn 206ca0716f5SRobert Watson.Dv ip 207ca0716f5SRobert Watsontoken can be cread using 208ca0716f5SRobert Watson.Xr au_to_ip 3 . 209ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 210ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 211ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 212ca0716f5SRobert Watson.It Li "Version and IHL" Ta "1 byte" Ta "Version and IP header length" 213ca0716f5SRobert Watson.It Li "Type of Service" Ta "1 byte" Ta "IP TOS field" 214ca0716f5SRobert Watson.It Li "Length" Ta "2 bytes" Ta "IP packet length in network byte order" 215ca0716f5SRobert Watson.It Li "ID" Ta "2 bytes" Ta "IP header ID for reassembly" 216ca0716f5SRobert Watson.It Li "Offset" Ta "2 bytes" Ta "IP fragment offset and flags, network byte order" 217ca0716f5SRobert Watson.It Li "TTL" Ta "1 byte" Ta "IP Time-to-Live" 218ca0716f5SRobert Watson.It Li "Protocol" Ta "1 byte" Ta "IP protocol number" 219ca0716f5SRobert Watson.It Li "Checksum" Ta "2 bytes" Ta "IP header checksum, network byte order" 220ca0716f5SRobert Watson.It Li "Source Address" Ta "4 bytes" Ta "IPv4 source address" 221ca0716f5SRobert Watson.It Li "Desintation Address" Ta "4 bytes" Ta "IPv4 destination address" 222ca0716f5SRobert Watson.El 223ca0716f5SRobert Watson.Ss Expanded ip Token 224ca0716f5SRobert WatsonThe 225ca0716f5SRobert Watson.Dv expanded ip 226ca0716f5SRobert Watsontoken ... 227ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 228ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 229ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 230ca0716f5SRobert Watson.It XXXX 231ca0716f5SRobert Watson.El 232ca0716f5SRobert Watson.Ss iport Token 233ca0716f5SRobert WatsonThe 234ca0716f5SRobert Watson.Dv iport 235ca0716f5SRobert Watsontoken stores an IP port number in network byte order. 236ca0716f5SRobert WatsonAn 237ca0716f5SRobert Watson.Dv iport 238ca0716f5SRobert Watsontoken can be created using 239ca0716f5SRobert Watson.Xr au_to_iport 3 . 240ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 241ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 242ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 243ca0716f5SRobert Watson.It Li "Port Number" Ta "2 bytes" Ta "Port number in network byte order" 244ca0716f5SRobert Watson.El 245ca0716f5SRobert Watson.Ss Path Token 246ca0716f5SRobert WatsonThe 247ca0716f5SRobert Watson.Dv path 248ca0716f5SRobert Watsontoken contains a pathname. 249ca0716f5SRobert WatsonA 250ca0716f5SRobert Watson.Dv path 251ca0716f5SRobert Watsontoken can be created using 252ca0716f5SRobert Watson.Xr auto_path 3 . 253ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 254ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 255ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 256ca0716f5SRobert Watson.It Li "Path Length" Ta "2 bytes" Ta "Length of path in bytes" 257ca0716f5SRobert Watson.It Li "Path" Ta "N bytes + 1 nul" Ta "Path name" 258ca0716f5SRobert Watson.El 259ca0716f5SRobert Watson.Ss path_attr Token 260ca0716f5SRobert WatsonThe 261ca0716f5SRobert Watson.Dv path_attr 262ca0716f5SRobert Watsontoken contains a set of nul-terminated path names. 263ca0716f5SRobert WatsonThe 264ca0716f5SRobert Watson.Xr libbsm 3 265ca0716f5SRobert WatsonAPI cannot currently create an 266ca0716f5SRobert Watson.Dv path_attr 267ca0716f5SRobert Watsontoken. 268ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 269ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 270ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 271ca0716f5SRobert Watson.It Li "Count" Ta "2 bytes" Ta "Number of nul-terminated string(s) in token" 272ca0716f5SRobert Watson.It Li "Path" Ta "Variable" Ta "count nul-terminated string(s)" 273ca0716f5SRobert Watson.El 274ca0716f5SRobert Watson.Ss Process Token 275ca0716f5SRobert WatsonThe 276ca0716f5SRobert Watson.Dv process 277ca0716f5SRobert Watsontoken contains a description of the security properties of a process 278ca0716f5SRobert Watsoninvolved as the target of an auditable event, such as the destination for 279ca0716f5SRobert Watsonsignal delivery. 280ca0716f5SRobert WatsonIt should not be confused with the 281ca0716f5SRobert Watson.Dv subject 282ca0716f5SRobert Watsontoken, which describes the subject performing an auditable event. 283ca0716f5SRobert WatsonThis includes both the traditional 284ca0716f5SRobert Watson.Ux 285ca0716f5SRobert Watsonsecurity properties, such as user IDs and group IDs, but also audit 286ca0716f5SRobert Watsoninformation such as the audit user ID and sesion. 287ca0716f5SRobert WatsonA 288ca0716f5SRobert Watson.Dv process 289ca0716f5SRobert Watsontoken can be created using 290ca0716f5SRobert Watson.Xr au_to_process32 3 291ca0716f5SRobert Watsonor 292ca0716f5SRobert Watson.Xr au_to_process64 3 . 293ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 294ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 295ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 296ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" 297ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" 298ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" 299ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" 300ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" 301ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID" 302ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" 303ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" 304ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine" 305ca0716f5SRobert Watson.El 306ca0716f5SRobert Watson.Ss Expanded Process Token 307742561f0SRobert WatsonThe 308742561f0SRobert Watson.Dv expanded process 309ca0716f5SRobert Watsontoken contains the contents of the 310ca0716f5SRobert Watson.Dv process 311ca0716f5SRobert Watsontoken, with the addition of a machine address type and variable length 312ca0716f5SRobert Watsonaddress storage capable of containing IPv6 addresses. 313ca0716f5SRobert WatsonA 314ca0716f5SRobert Watson.Dv expanded process 315ca0716f5SRobert Watsontoken can be created using 316ca0716f5SRobert Watson.Xr au_to_process32_ex 3 317ca0716f5SRobert Watsonor 318ca0716f5SRobert Watson.Xr au_to_process64 3 . 319ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 320ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 321ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 322ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" 323ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" 324ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" 325ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" 326ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" 327ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID" 328ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" 329ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" 330ca0716f5SRobert Watson.It Li "Terminal Address Type/Length" Ta "1 byte" "Length of machine address" 331ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IPv4 or IPv6 address of machine" 332ca0716f5SRobert Watson.El 333ca0716f5SRobert Watson.Ss Return Token 334ca0716f5SRobert WatsonThe 335ca0716f5SRobert Watson.Dv return 336ca0716f5SRobert Watsontoken contains a system call or library function return condition, including 337ca0716f5SRobert Watsonreturn value and error number associated with the global variable 338ca0716f5SRobert Watson.Er errno . 339ca0716f5SRobert WatsonA 340ca0716f5SRobert Watson.Dv return 341ca0716f5SRobert Watsontoken can be created using 342ca0716f5SRobert Watson.Xr au_to_return32 3 343ca0716f5SRobert Watsonor 344ca0716f5SRobert Watson.Xr au_to_return64 3 . 345ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 346ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 347ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 348ca0716f5SRobert Watson.It Li "Error Number" Ta "1 byte" Ta "Errno value, or 0 if undefined" 349ca0716f5SRobert Watson.It Li "Return Value" Ta "4/8 bytes" Ta "Return value (32/64-bits)" 350ca0716f5SRobert Watson.El 351ca0716f5SRobert Watson.Ss Subject Token 352ca0716f5SRobert WatsonThe 353ca0716f5SRobert Watson.Dv subject 354ca0716f5SRobert Watsontoken contains information on the subject performing the operation described 355ca0716f5SRobert Watsonby an audit record, and includes similar information to that found in the 356ca0716f5SRobert Watson.Dv process 357ca0716f5SRobert Watsonand 358ca0716f5SRobert Watson.Dv expanded process 359ca0716f5SRobert Watsontokens. 360ca0716f5SRobert WatsonHowever, those tokens are used where the process being described is the 361ca0716f5SRobert Watsontarget of the operation, not the authorizing party. 362ca0716f5SRobert WatsonA 363ca0716f5SRobert Watson.Dv subject 364ca0716f5SRobert Watsontoken can be created using 365ca0716f5SRobert Watson.Xr au_to_subject32 3 366ca0716f5SRobert Watsonand 367ca0716f5SRobert Watson.Xr au_to_subject64 3 . 368ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 369ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 370ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 371ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" 372ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" 373ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" 374ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" 375ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" 376ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID" 377ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" 378ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" 379ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine" 380ca0716f5SRobert Watson.El 381ca0716f5SRobert Watson.Ss Expanded Subject Token 382ca0716f5SRobert WatsonThe 383ca0716f5SRobert Watson.Dv expanded subject 384ca0716f5SRobert Watsontoken consists of the same elements as the 385ca0716f5SRobert Watson.Dv subject 386ca0716f5SRobert Watsontoken, with the addition of type/length and variable size machine address 387ca0716f5SRobert Watsoninformation in the terminal ID. 388ca0716f5SRobert WatsonA 389ca0716f5SRobert Watson.Dv expanded subject 390ca0716f5SRobert Watsontoken can be created using 391ca0716f5SRobert Watson.Xr au_to_subject32_ex 3 392ca0716f5SRobert Watsonor 393ca0716f5SRobert Watson.Xr au_to_subject64_ex 3 . 394ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 395ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 396ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 397ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID" 398ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID" 399ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID" 400ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID" 401ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID" 402ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID" 403ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID" 404ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)" 405ca0716f5SRobert Watson.It Li "Terminal Address Type/Length" Ta "1 byte" "Length of machine address" 406ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IPv4 or IPv6 address of machine" 407ca0716f5SRobert Watson.El 408ca0716f5SRobert Watson.Ss System V IPC Token 409ca0716f5SRobert WatsonThe 410ca0716f5SRobert Watson.Dv System V IPC 411ca0716f5SRobert Watsontoken ... 412ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 413ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 414ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 415742561f0SRobert Watson.It Li "object ID type" Ta "1 byte" Ta "Object ID" 416742561f0SRobert Watson.It Li "Object ID" Ta "4 bytes" Ta "Object ID" 417ca0716f5SRobert Watson.El 418ca0716f5SRobert Watson.Ss Text Token 419ca0716f5SRobert WatsonThe 420ca0716f5SRobert Watson.Dv text 421ca0716f5SRobert Watsontoken contains a single nul-terminated text string. 422ca0716f5SRobert WatsonA 423ca0716f5SRobert Watson.Dv text 424ca0716f5SRobert Watsontoken may be created using 425ca0716f5SRobert Watson.Xr au_to_text 3 . 426ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 427ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 428ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 429ca0716f5SRobert Watson.It Li "Text Length" Ta "2 bytes" Ta "Length of text string including nul" 430ca0716f5SRobert Watson.It Li "Text" Ta "N bytes + 1 nul" Ta "Text string including nul" 431ca0716f5SRobert Watson.El 432ca0716f5SRobert Watson.Ss Attribute Token 433ca0716f5SRobert WatsonThe 434ca0716f5SRobert Watson.Dv attribute 435ca0716f5SRobert Watsontoken describes the attributes of a file associated with the audit event. 436ca0716f5SRobert WatsonAs files may be identified by 0, 1, or many path names, a path name is not 437ca0716f5SRobert Watsonincluded with the attribute block for a file; optional 438ca0716f5SRobert Watson.Dv path 439ca0716f5SRobert Watsontokens may also be present in an audit record indicating which path, if any, 440ca0716f5SRobert Watsonwas used to reach the object. 441ca0716f5SRobert WatsonA 442ca0716f5SRobert Watson.Dv attribute 443ca0716f5SRobert Watsontoken can be created using 444ca0716f5SRobert Watson.Xr au_to_attr32 3 445ca0716f5SRobert Watsonor 446ca0716f5SRobert Watson.Xr au_to_attr64 3 . 447ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 448ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 449ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 450ca0716f5SRobert Watson.It Li "File Access Mode" Ta "1 byte" Ta "mode_t associated with file" 451ca0716f5SRobert Watson.It Li "Owner User ID" Ta "4 bytes" Ta "uid_t associated with file" 452ca0716f5SRobert Watson.It Li "Owner Group ID" Ta "4 bytes" Ta "gid_t associated with file" 453ca0716f5SRobert Watson.It Li "File System ID" Ta "4 bytes" Ta "fsid_t associated with file" 454ca0716f5SRobert Watson.It Li "File System Node ID" Ta "8 bytes" Ta "ino_t associated with file" 455ca0716f5SRobert Watson.It Li "Device" Ta "4/8 bytes" Ta "Device major/minor number (32/64-bit)" 456ca0716f5SRobert Watson.El 457ca0716f5SRobert Watson.Ss Groups Token 458ca0716f5SRobert WatsonThe 459ca0716f5SRobert Watson.Dv groups 460ca0716f5SRobert Watsontoken contains a list of group IDs associated with the audit event. 461ca0716f5SRobert WatsonA 462ca0716f5SRobert Watson.Dv groups 463ca0716f5SRobert Watsontoken can be created using 464ca0716f5SRobert Watson.Xr au_to_groups 3 . 465ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 466ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 467ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 468ca0716f5SRobert Watson.It Li "Number of Groups" Ta "2 bytes" Ta "Number of groups in token" 469ca0716f5SRobert Watson.It Li "Group List" Ta "N * 4 bytes" Ta "List of N group IDs" 470ca0716f5SRobert Watson.El 471ca0716f5SRobert Watson.Ss System V IPC Permission Token 472ca0716f5SRobert WatsonThe 473ca0716f5SRobert Watson.Dv System V IPC permission 474ca0716f5SRobert Watsontoken ... 475ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 476ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 477ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 478ca0716f5SRobert Watson.It Li XXXXX 479ca0716f5SRobert Watson.El 480ca0716f5SRobert Watson.Ss Arg Token 481ca0716f5SRobert WatsonThe 482ca0716f5SRobert Watson.Dv arg 483ca0716f5SRobert Watsontoken ... 484ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 485ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 486ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 487ca0716f5SRobert Watson.It Li XXXXX 488ca0716f5SRobert Watson.El 489ca0716f5SRobert Watson.Ss exec_args Token 490ca0716f5SRobert WatsonThe 491ca0716f5SRobert Watson.Dv exec_args 492ca0716f5SRobert Watsontoken ... 493ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 494ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 495ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 496ca0716f5SRobert Watson.It Li XXXXX 497ca0716f5SRobert Watson.El 498ca0716f5SRobert Watson.Ss exec_env Token 499ca0716f5SRobert WatsonThe 500ca0716f5SRobert Watson.Dv exec_env 501ca0716f5SRobert Watsontoken ... 502ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 503ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 504ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 505ca0716f5SRobert Watson.It Li XXXXX 506ca0716f5SRobert Watson.El 507ca0716f5SRobert Watson.Ss Exit Token 508ca0716f5SRobert WatsonThe 509ca0716f5SRobert Watson.Dv exit 510ca0716f5SRobert Watsontoken contains process exit/return code information. 511ca0716f5SRobert WatsonAn 512ca0716f5SRobert Watson.Dv exit 513ca0716f5SRobert Watsontoken can be created using 514ca0716f5SRobert Watson.Xr au_to_exit 3 . 515ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 516ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 517ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 518ca0716f5SRobert Watson.It Li "Status" Ta "4 bytes" Ta "Process status on exit" 519ca0716f5SRobert Watson.It Li "Return Value" ta "4 bytes" Ta "Process return value on exit" 520ca0716f5SRobert Watson.El 521ca0716f5SRobert Watson.Ss Socket Token 522ca0716f5SRobert WatsonThe 523ca0716f5SRobert Watson.Dv socket 524ca0716f5SRobert Watsontoken ... 525ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 526ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 527ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 528ca0716f5SRobert Watson.It Li XXXXX 529ca0716f5SRobert Watson.El 530ca0716f5SRobert Watson.Ss Expanded Socket Token 531ca0716f5SRobert WatsonThe 532ca0716f5SRobert Watson.Dv expanded socket 533ca0716f5SRobert Watsontoken ... 534ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 535ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 536ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 537ca0716f5SRobert Watson.It Li XXXXX 538ca0716f5SRobert Watson.El 539ca0716f5SRobert Watson.Ss Seq Token 540ca0716f5SRobert WatsonThe 541ca0716f5SRobert Watson.Dv seq 542ca0716f5SRobert Watsontoken contains a unique and monotonically increasing audit event sequence ID. 543ca0716f5SRobert WatsonDue to the limited range of 32 bits, serial number arithmetic and caution 544ca0716f5SRobert Watsonshould be used when comparing sequence numbers. 545ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 546ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 547ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 548ca0716f5SRobert Watson.It Li "Sequence Number" Ta "4 bytes" Ta "Audit event sequence number" 549ca0716f5SRobert Watson.El 550ca0716f5SRobert Watson.Ss privilege Token 551ca0716f5SRobert WatsonThe 552ca0716f5SRobert Watson.Dv privilege 553ca0716f5SRobert Watsontoken ... 554ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 555ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 556ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 557ca0716f5SRobert Watson.It Li XXXXX 558ca0716f5SRobert Watson.El 559ca0716f5SRobert Watson.Ss Use-of-auth Token 560ca0716f5SRobert WatsonThe 561ca0716f5SRobert Watson.Dv use-of-auth 562ca0716f5SRobert Watsontoken ... 563ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 564ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 565ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 566ca0716f5SRobert Watson.It Li XXXXX 567ca0716f5SRobert Watson.El 568ca0716f5SRobert Watson.Ss Command Token 569ca0716f5SRobert WatsonThe 570ca0716f5SRobert Watson.Dv command 571ca0716f5SRobert Watsontoken ... 572ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 573ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 574ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 575ca0716f5SRobert Watson.It Li XXXXX 576ca0716f5SRobert Watson.El 577ca0716f5SRobert Watson.Ss ACL Token 578ca0716f5SRobert WatsonThe 579ca0716f5SRobert Watson.Dv ACL 580ca0716f5SRobert Watsontoken ... 581ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 582ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 583ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 584ca0716f5SRobert Watson.It Li XXXXX 585ca0716f5SRobert Watson.El 586ca0716f5SRobert Watson.Ss Zonename Token 587ca0716f5SRobert WatsonThe 588ca0716f5SRobert Watson.Dv zonename 589ca0716f5SRobert Watsontoken ... 590ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description" 591ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description 592ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID" 593ca0716f5SRobert Watson.It Li XXXXX 594ca0716f5SRobert Watson.El 595ca0716f5SRobert Watson.Sh SEE ALSO 596742561f0SRobert Watson.Xr audit 8, 597ca0716f5SRobert Watson.Xr libbsm 3 598ca0716f5SRobert Watson.Sh AUTHORS 599ca0716f5SRobert WatsonThe Basic Security Module (BSM) interface to audit records and audit event 600ca0716f5SRobert Watsonstream format were defined by Sun Microsystems. 601ca0716f5SRobert Watson.Pp 602ca0716f5SRobert WatsonThis manual page was written by 603ca0716f5SRobert Watson.An Robert Watson Aq rwatson@FreeBSD.org . 604ca0716f5SRobert Watson.Sh HISTORY 605ca0716f5SRobert WatsonThe OpenBSM implementation was created by McAfee Research, the security 606ca0716f5SRobert Watsondivision of McAfee Inc., under contract to Apple Computer Inc. in 2004. 607ca0716f5SRobert WatsonIt was subsequently adopted by the TrustedBSD Project as the foundation for 608ca0716f5SRobert Watsonthe OpenBSM distribution. 609ca0716f5SRobert Watson.Sh BUGS 610ca0716f5SRobert WatsonThe 611ca0716f5SRobert Watson.Dv How to print 612ca0716f5SRobert Watsonfield in the 613ca0716f5SRobert Watson.Dv arbitrary data 614ca0716f5SRobert Watsontoken has undefined values. 615ca0716f5SRobert Watson.Pp 616ca0716f5SRobert WatsonThe 617ca0716f5SRobert Watson.Dv in_addr 618ca0716f5SRobert Watsonand 619ca0716f5SRobert Watson.Dv in_addr_ex 620ca0716f5SRobert Watsontoken layout documented here appears to be in conflict with the 621ca0716f5SRobert Watson.Xr libbsm 3 622ca0716f5SRobert Watsonimplementations of 623ca0716f5SRobert Watson.Xr au_to_in_addr 3 624ca0716f5SRobert Watsonand 625ca0716f5SRobert Watson.Xr au_to_in_addr_ex 3 . 626