netfilter: x_tables: Pass struct net in xt_action_param

As xt_action_param lives on the stack this does not bloat any
persistent data structures.

This is a first step in making netfilter code that needs to know
which network namespace it is executing in simpler.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/configure.ac b/configure.ac
index f046e8bb76f7ceecb02c4efe77ff799b13e5cfc8..e1b1483a23eeeae9b870936a7361d84b57c6f5dd 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -497,6 +497,17 @@ else
        AC_SUBST(HAVE_TC_SKB_PROTOCOL, undef)
 fi
 
+AC_MSG_CHECKING([kernel source for struct net in struct xt_action_param])
+if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \
+   $AWK '/^struct xt_action_param / {for(i=1; i<=8; i++) {getline; print}}' $ksourcedir/include/linux/netfilter/x_tables.h | \
+   $GREP -q 'struct net '; then
+       AC_MSG_RESULT(yes)
+       AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, define)
+else
+       AC_MSG_RESULT(no)
+       AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, undef)
+fi
+
 AC_MSG_CHECKING([kernel source for struct net_generic])
 if test -f $ksourcedir/include/net/netns/generic.h && \
    $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then

diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 062becbc4d2be4e7a32134a1a9846a830903ee91..dff100a66b865ec86b85ac1fc38b8952f764173f 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -34,6 +34,7 @@
 #@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN
 #@HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H@ HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
 #@HAVE_TC_SKB_PROTOCOL@ HAVE_TC_SKB_PROTOCOL
+#@HAVE_NET_IN_XT_ACTION_PARAM@ HAVE_NET_IN_XT_ACTION_PARAM
 
 #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
 #include <linux/module.h>

diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c
index 87b84191e5542b2362c3fccf76b175e54dc4f613..a4ab08d1be3b9920acb31ca053c4c825773c6e54 100644 (file)
--- a/kernel/net/sched/em_ipset.c
+++ b/kernel/net/sched/em_ipset.c
@@ -119,6 +119,9 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em,
                indev = dev_get_by_index_rcu(dev_net(dev), skb->skb_iif);
 #endif
 
+#ifdef HAVE_NET_IN_XT_ACTION_PARAM
+       acpar.net     = em->net;
+#endif
        acpar.in      = indev ? indev : dev;
        acpar.out     = dev;