diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h
index 6550b09d21a..9442a1da2e3 100644
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@@ -157,6 +157,7 @@ void	 audit_arg_socket(int sodomain, int sotype, int soprotocol);
 void	 audit_arg_sockaddr(struct thread *td, struct sockaddr *sa);
 void	 audit_arg_auid(uid_t auid);
 void	 audit_arg_auditinfo(struct auditinfo *au_info);
+void	 audit_arg_auditinfo_addr(struct auditinfo_addr *au_info);
 void	 audit_arg_upath(struct thread *td, char *upath, u_int64_t flags);
 void	 audit_arg_vnode(struct vnode *vp, u_int64_t flags);
 void	 audit_arg_text(char *text);
diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c
index 6cf0d5c9095..678076de5e0 100644
--- a/sys/security/audit/audit_arg.c
+++ b/sys/security/audit/audit_arg.c
@@ -466,6 +466,28 @@ audit_arg_auditinfo(struct auditinfo *au_info)
 	ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID);
 }
 
+void
+audit_arg_auditinfo_addr(struct auditinfo_addr *au_info)
+{
+	struct kaudit_record *ar;
+
+	ar = currecord();
+	if (ar == NULL)
+		return;
+
+	ar->k_ar.ar_arg_auid = au_info->ai_auid;
+	ar->k_ar.ar_arg_asid = au_info->ai_asid;
+	ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success;
+	ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure;
+	ar->k_ar.ar_arg_termid_addr.at_type = au_info->ai_termid.at_type;
+	ar->k_ar.ar_arg_termid_addr.at_port = au_info->ai_termid.at_port;
+	ar->k_ar.ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0];
+	ar->k_ar.ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1];
+	ar->k_ar.ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2];
+	ar->k_ar.ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3];
+	ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID_ADDR);
+}
+
 void
 audit_arg_text(char *text)
 {
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index 4de9c31a3b6..522b1b80d16 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -499,7 +499,10 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_SETAUDIT:
-		if (ARG_IS_VALID(kar, ARG_AUID)) {
+		if (ARG_IS_VALID(kar, ARG_AUID) &&
+		    ARG_IS_VALID(kar, ARG_ASID) &&
+		    ARG_IS_VALID(kar, ARG_AMASK) &&
+		    ARG_IS_VALID(kar, ARG_TERMID)) {
 			tok = au_to_arg32(1, "setaudit:auid",
 			    ar->ar_arg_auid);
 			kau_write(rec, tok);
@@ -522,7 +525,37 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_SETAUDIT_ADDR:
-		break;		/* XXX need to add arguments */
+		if (ARG_IS_VALID(kar, ARG_AUID) &&
+		    ARG_IS_VALID(kar, ARG_ASID) &&
+		    ARG_IS_VALID(kar, ARG_AMASK) &&
+		    ARG_IS_VALID(kar, ARG_TERMID_ADDR)) {
+			tok = au_to_arg32(1, "setaudit_addr:auid",
+			    ar->ar_arg_auid);
+			kau_write(rec, tok);
+			tok = au_to_arg32(1, "setaudit_addr:as_success",
+			    ar->ar_arg_amask.am_success);
+			kau_write(rec, tok);
+			tok = au_to_arg32(1, "setaudit_addr:as_failure",
+			    ar->ar_arg_amask.am_failure);
+			kau_write(rec, tok);
+			tok = au_to_arg32(1, "setaudit_addr:asid",
+			    ar->ar_arg_asid);
+			kau_write(rec, tok);
+			tok = au_to_arg32(1, "setaudit_addr:type",
+			    ar->ar_arg_termid_addr.at_type);
+			kau_write(rec, tok);
+			tok = au_to_arg32(1, "setaudit_addr:port",
+			    ar->ar_arg_termid_addr.at_port);
+			kau_write(rec, tok);
+			if (ar->ar_arg_termid_addr.at_type == AU_IPv6)
+				tok = au_to_in_addr_ex((struct in6_addr *)
+				    &ar->ar_arg_termid_addr.at_addr[0]);
+			if (ar->ar_arg_termid_addr.at_type == AU_IPv4)
+				tok = au_to_in_addr((struct in_addr *)
+				    &ar->ar_arg_termid_addr.at_addr[0]);
+			kau_write(rec, tok);
+		}
+		break;
 
 	case AUE_AUDITON:
 		/*
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index 8b2956ab134..b36e4565582 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -358,13 +358,13 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
 {
 	token_t *t;
 	u_char *dptr = NULL;
-	u_int32_t type = AF_INET6;
+	u_int32_t type = AU_IPv6;
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));
 
 	ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
 	ADD_U_INT32(dptr, type);
-	ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t));
+	ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t));
 
 	return (t);
 }
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index 660c2ee648b..fa037abee52 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -503,13 +503,15 @@ getaudit(struct thread *td, struct getaudit_args *uap)
 	error = priv_check(td, PRIV_AUDIT_GETAUDIT);
 	if (error)
 		return (error);
+	if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6)
+		return (E2BIG);
 	bzero(&ai, sizeof(ai));
 	ai.ai_auid = td->td_ucred->cr_audit.ai_auid;
 	ai.ai_mask = td->td_ucred->cr_audit.ai_mask;
 	ai.ai_asid = td->td_ucred->cr_audit.ai_asid;
 	ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0];
 	ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port;
-	return (copyout(&ai, uap->auditinfo, sizeof(&ai)));
+	return (copyout(&ai, uap->auditinfo, sizeof(ai)));
 }
 
 /* ARGSUSED */
@@ -585,7 +587,10 @@ setaudit_addr(struct thread *td, struct setaudit_addr_args *uap)
 	error = copyin(uap->auditinfo_addr, &aia, sizeof(aia));
 	if (error)
 		return (error);
-	/* XXXRW: Audit argument. */
+	audit_arg_auditinfo_addr(&aia);
+	if (aia.ai_termid.at_type != AU_IPv6 &&
+	    aia.ai_termid.at_type != AU_IPv4)
+		return (EINVAL);
 	newcred = crget();
 	PROC_LOCK(td->td_proc);	
 	oldcred = td->td_proc->p_ucred;