netfilter: x_tables: Use par->net instead of computing from the passed net devices

author Eric W. Biederman <ebiederm@xmission.com>

Thu, 13 Oct 2016 18:40:39 +0000 (20:40 +0200)

committer Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Thu, 13 Oct 2016 18:40:39 +0000 (20:40 +0200)
author Eric W. Biederman <ebiederm@xmission.com>
Thu, 13 Oct 2016 18:40:39 +0000 (20:40 +0200)
committer Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Thu, 13 Oct 2016 18:40:39 +0000 (20:40 +0200)
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in

index dff100a66b865ec86b85ac1fc38b8952f764173f..a4a54fd3e87c21c2503a21ceaddef4e60e096f48 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -285,6 +285,12 @@ static inline __be16 tc_skb_protocol(const struct sk_buff *skb)
  }
  #endif
  
+#ifdef HAVE_NET_IN_XT_ACTION_PARAM
+#define IPSET_DEV_NET(par)     (par)->net
+#else
+#define IPSET_DEV_NET(par)     dev_net((par)->in ? (par)->in : (par)->out)
+#endif
+
  #ifndef smp_mb__before_atomic
  #define smp_mb__before_atomic()        smp_mb()
  #define smp_mb__after_atomic() smp_mb()
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c

index 0be88467d60a5d81c6653a2f536daba4c2d4f3a2..bee479f79ebe055a3d8e4bf65342278777e450d0 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -546,8 +546,7 @@ int
  ip_set_test(ip_set_id_t index, const struct sk_buff *skb,
             const struct xt_action_param *par, struct ip_set_adt_opt *opt)
  {
-       struct ip_set *set = ip_set_rcu_get(
-                       dev_net(par->in ? par->in : par->out), index);
+       struct ip_set *set = ip_set_rcu_get(IPSET_DEV_NET(par), index);
         int ret = 0;
  
         BUG_ON(!set);
@@ -585,8 +584,7 @@ int
  ip_set_add(ip_set_id_t index, const struct sk_buff *skb,
            const struct xt_action_param *par, struct ip_set_adt_opt *opt)
  {
-       struct ip_set *set = ip_set_rcu_get(
-                       dev_net(par->in ? par->in : par->out), index);
+       struct ip_set *set = ip_set_rcu_get(IPSET_DEV_NET(par), index);
         int ret;
  
         BUG_ON(!set);
@@ -608,8 +606,7 @@ int
  ip_set_del(ip_set_id_t index, const struct sk_buff *skb,
            const struct xt_action_param *par, struct ip_set_adt_opt *opt)
  {
-       struct ip_set *set = ip_set_rcu_get(
-                       dev_net(par->in ? par->in : par->out), index);
+       struct ip_set *set = ip_set_rcu_get(IPSET_DEV_NET(par), index);
         int ret = 0;
  
         BUG_ON(!set);
author	Eric W. Biederman <ebiederm@xmission.com>
	Thu, 13 Oct 2016 18:40:39 +0000 (20:40 +0200)
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Thu, 13 Oct 2016 18:40:39 +0000 (20:40 +0200)
kernel/include/linux/netfilter/ipset/ip_set_compat.h.in		patch \| blob \| history
kernel/net/netfilter/ipset/ip_set_core.c		patch \| blob \| history