From c71fc214fe8e134d6e8ffeed4043bcb4320e48d4 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Tue, 11 Oct 2016 22:19:51 +0200
Subject: [PATCH] netfilter: x_tables: Pass struct net in xt_action_param

As xt_action_param lives on the stack this does not bloat any
persistent data structures.

This is a first step in making netfilter code that needs to know
which network namespace it is executing in simpler.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 configure.ac                                          | 11 +++++++++++
 .../include/linux/netfilter/ipset/ip_set_compat.h.in  |  1 +
 kernel/net/sched/em_ipset.c                           |  3 +++
 3 files changed, 15 insertions(+)

diff --git a/configure.ac b/configure.ac
index f046e8b..e1b1483 100644
--- a/configure.ac
+++ b/configure.ac
@@ -497,6 +497,17 @@ else
 	AC_SUBST(HAVE_TC_SKB_PROTOCOL, undef)
 fi
 
+AC_MSG_CHECKING([kernel source for struct net in struct xt_action_param])
+if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \
+   $AWK '/^struct xt_action_param / {for(i=1; i<=8; i++) {getline; print}}' $ksourcedir/include/linux/netfilter/x_tables.h | \
+   $GREP -q 'struct net '; then
+	AC_MSG_RESULT(yes)
+	AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, define)
+else
+	AC_MSG_RESULT(no)
+	AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, undef)
+fi
+
 AC_MSG_CHECKING([kernel source for struct net_generic])
 if test -f $ksourcedir/include/net/netns/generic.h && \
    $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 062becb..dff100a 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -34,6 +34,7 @@
 #@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN
 #@HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H@ HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
 #@HAVE_TC_SKB_PROTOCOL@ HAVE_TC_SKB_PROTOCOL
+#@HAVE_NET_IN_XT_ACTION_PARAM@ HAVE_NET_IN_XT_ACTION_PARAM
 
 #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
 #include <linux/module.h>
diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c
index 87b8419..a4ab08d 100644
--- a/kernel/net/sched/em_ipset.c
+++ b/kernel/net/sched/em_ipset.c
@@ -119,6 +119,9 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em,
 		indev = dev_get_by_index_rcu(dev_net(dev), skb->skb_iif);
 #endif
 
+#ifdef HAVE_NET_IN_XT_ACTION_PARAM
+	acpar.net     = em->net;
+#endif
 	acpar.in      = indev ? indev : dev;
 	acpar.out     = dev;
 
-- 
2.40.0