From: Eric W. Biederman Date: Tue, 11 Oct 2016 20:19:51 +0000 (+0200) Subject: netfilter: x_tables: Pass struct net in xt_action_param X-Git-Tag: v6.30~10 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c71fc214fe8e134d6e8ffeed4043bcb4320e48d4;p=ipset netfilter: x_tables: Pass struct net in xt_action_param As xt_action_param lives on the stack this does not bloat any persistent data structures. This is a first step in making netfilter code that needs to know which network namespace it is executing in simpler. Signed-off-by: "Eric W. Biederman" Signed-off-by: Pablo Neira Ayuso --- diff --git a/configure.ac b/configure.ac index f046e8b..e1b1483 100644 --- a/configure.ac +++ b/configure.ac @@ -497,6 +497,17 @@ else AC_SUBST(HAVE_TC_SKB_PROTOCOL, undef) fi +AC_MSG_CHECKING([kernel source for struct net in struct xt_action_param]) +if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \ + $AWK '/^struct xt_action_param / {for(i=1; i<=8; i++) {getline; print}}' $ksourcedir/include/linux/netfilter/x_tables.h | \ + $GREP -q 'struct net '; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, undef) +fi + AC_MSG_CHECKING([kernel source for struct net_generic]) if test -f $ksourcedir/include/net/netns/generic.h && \ $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index 062becb..dff100a 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -34,6 +34,7 @@ #@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN #@HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H@ HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #@HAVE_TC_SKB_PROTOCOL@ HAVE_TC_SKB_PROTOCOL +#@HAVE_NET_IN_XT_ACTION_PARAM@ HAVE_NET_IN_XT_ACTION_PARAM #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #include diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c index 87b8419..a4ab08d 100644 --- a/kernel/net/sched/em_ipset.c +++ b/kernel/net/sched/em_ipset.c @@ -119,6 +119,9 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em, indev = dev_get_by_index_rcu(dev_net(dev), skb->skb_iif); #endif +#ifdef HAVE_NET_IN_XT_ACTION_PARAM + acpar.net = em->net; +#endif acpar.in = indev ? indev : dev; acpar.out = dev;