summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-10-02 17:31:15 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-10-02 17:31:15 +0200
commit8a82b39ef90b95cd4533fb5a6f5afa2b74ebd61d (patch)
tree0dc92ad0e77247ae87823a3c3f18cb34f36abc78
parenta61d7ebe47c4c0d7a60dd8d4345ef4e41f14426a (diff)
Compatibility code is modified not to rely on kernel version numbers
Instead the kernel source code is checked to verify the different compatibility issues for the supported kernel releases. This way hopefully backported features will be handled properly.
-rw-r--r--.gitignore1
-rw-r--r--configure.ac149
-rw-r--r--kernel/include/linux/netfilter/ipset/ip_set_compat.h.in (renamed from kernel/include/linux/netfilter/ipset/ip_set_compat.h)38
-rw-r--r--kernel/net/netfilter/ipset/ip_set_core.c41
-rw-r--r--kernel/net/netfilter/ipset/ip_set_getport.c5
-rw-r--r--kernel/net/netfilter/ipset/pfxlen.c2
-rw-r--r--kernel/net/netfilter/xt_set.c46
7 files changed, 241 insertions, 41 deletions
diff --git a/.gitignore b/.gitignore
index da371b4..a2aeac6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,7 @@ Makefile.in
.tmp_versions
Module.symvers
modules.order
+kernel/include/linux/netfilter/ipset/ip_set_compat.h
/aclocal.m4
/autom4te.cache/
diff --git a/configure.ac b/configure.ac
index 6d06ef5..df40dcd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -67,6 +67,7 @@ then
fi
AC_PROG_GREP
+AC_PROG_AWK
if ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/linux/netfilter/nfnetlink.h" && \
! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/uapi/linux/netfilter/nfnetlink.h";
@@ -166,7 +167,150 @@ AC_CHECK_TYPES([union nf_inet_addr],,,[#include <linux/types.h>
dnl Checks for functions
AC_CHECK_FUNCS(gethostbyname2)
-dnl Checks for compiler characteristics.
+dnl Check kernel incompatibilities... Ugly like hell
+AC_MSG_CHECKING([kernel source for struct xt_action_param])
+if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \
+ $GREP -q 'struct xt_action_param' $ksourcedir/include/linux/netfilter/x_tables.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_STRUCT_XT_ACTION_PARAM, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_STRUCT_XT_ACTION_PARAM, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for vzalloc])
+if test -f $ksourcedir/include/linux/vmalloc.h && \
+ $GREP -q 'vzalloc' $ksourcedir/include/linux/vmalloc.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_VZALLOC, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_VZALLOC, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for ether_addr_equal])
+if test -f $ksourcedir/include/linux/etherdevice.h && \
+ $GREP -q 'ether_addr_equal' $ksourcedir/include/linux/etherdevice.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_ETHER_ADDR_EQUAL, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_ETHER_ADDR_EQUAL, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for nla_put_be64])
+if test -f $ksourcedir/include/net/netlink.h && \
+ $GREP -q 'nla_put_be64' $ksourcedir/include/net/netlink.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NLA_PUT_BE64, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NLA_PUT_BE64, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for portid in nl_info])
+if test -f $ksourcedir/include/linux/netlink.h && \
+ $AWK '/^struct netlink_skb_parms/ {for(i=1; i<=5; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'portid;'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NL_INFO_PORTID, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NL_INFO_PORTID, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for netlink_dump_start args])
+if test -f $ksourcedir/include/linux/netlink.h && \
+ $AWK '/netlink_dump_start/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'done.*;'; then
+ AC_MSG_RESULT(5 args)
+ AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 5)
+elif test -f $ksourcedir/include/linux/netlink.h && \
+ $AWK '/netlink_dump_start/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'min_dump_alloc.*;'; then
+ AC_MSG_RESULT(6 args)
+ AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 6)
+else
+ AC_MSG_RESULT(4 args)
+ AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 4)
+fi
+
+AC_MSG_CHECKING([kernel source for ns_capable])
+if test -f $ksourcedir/include/linux/capability.h && \
+ $GREP -q 'ns_capable' $ksourcedir/include/linux/capability.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NS_CAPABLE, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NS_CAPABLE, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for nfnl_lock per subsys])
+if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
+ $GREP -q 'nfnl_lock.* subsys_id' $ksourcedir/include/linux/netfilter/nfnetlink.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NFNL_LOCK_SUBSYS, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NFNL_LOCK_SUBSYS, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for export.h])
+if test -f $ksourcedir/include/linux/export.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_EXPORT_H, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_EXPORT_H, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for ipv6_skip_exthdr args])
+if test -f $ksourcedir/include/net/ipv6.h && \
+ $AWK '/ipv6_skip_exthdr/ {getline; print}' $ksourcedir/include/net/ipv6.h | $GREP -q 'frag_offp'; then
+ AC_MSG_RESULT(4 args)
+ AC_SUBST(HAVE_IPV6_SKIP_EXTHDR_ARGS, 4)
+else
+ AC_MSG_RESULT(3 args)
+ AC_SUBST(HAVE_IPV6_SKIP_EXTHDR_ARGS, 3)
+fi
+
+AC_MSG_CHECKING([kernel source for bool checkentry function prototype])
+if test -f $ksourcedir/net/netfilter/xt_state.c && \
+ $GREP -q 'bool state_mt_check' $ksourcedir/net/netfilter/xt_state.c; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_CHECKENTRY_BOOL, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_CHECKENTRY_BOOL, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for old struct xt_target_param])
+if test -f $ksourcedir/net/netfilter/xt_TCPMSS.c && \
+ $GREP -q 'const struct xt_target_param' $ksourcedir/net/netfilter/xt_TCPMSS.c; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_XT_TARGET_PARAM, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_XT_TARGET_PARAM, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for id in struct pernet_operations])
+if test -f $ksourcedir/include/net/net_namespace.h && \
+ $AWK '/struct pernet_operations/ {for(i=1; i<=6; i++) {getline; print}}' $ksourcedir/include/net/net_namespace.h | $GREP -q 'int \*id;'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NET_OPS_ID, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NET_OPS_ID, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for struct net_generic])
+if test -f $ksourcedir/include/net/netns/generic.h && \
+ $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([Netns support is required in the Linux kernel tree])
+fi
+
+dnl Checks for compiler characteristics.
dnl Check extra warning flags except
dnl -Wconversion -> we need it
dnl -Wunreachable-code -> fails with ntoh*
@@ -210,7 +354,8 @@ dnl Checks for library functions.
dnl Generate output
AC_CONFIG_FILES([Makefile include/libipset/Makefile
- lib/Makefile lib/libipset.pc src/Makefile])
+ lib/Makefile lib/libipset.pc src/Makefile
+ kernel/include/linux/netfilter/ipset/ip_set_compat.h])
AC_OUTPUT
dnl Summary
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index cdc8f53..b93c5d9 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -1,6 +1,20 @@
#ifndef __IP_SET_COMPAT_H
#define __IP_SET_COMPAT_H
+#@HAVE_STRUCT_XT_ACTION_PARAM@ HAVE_STRUCT_XT_ACTION_PARAM
+#@HAVE_VZALLOC@ HAVE_VZALLOC
+#@HAVE_ETHER_ADDR_EQUAL@ HAVE_ETHER_ADDR_EQUAL
+#@HAVE_NLA_PUT_BE64@ HAVE_NLA_PUT_BE64
+#@HAVE_NL_INFO_PORTID@ HAVE_NL_INFO_PORTID
+#define HAVE_NETLINK_DUMP_START_ARGS @HAVE_NETLINK_DUMP_START_ARGS@
+#@HAVE_NS_CAPABLE@ HAVE_NS_CAPABLE
+#@HAVE_NFNL_LOCK_SUBSYS@ HAVE_NFNL_LOCK_SUBSYS
+#@HAVE_EXPORT_H@ HAVE_EXPORT_H
+#define HAVE_IPV6_SKIP_EXTHDR_ARGS @HAVE_IPV6_SKIP_EXTHDR_ARGS@
+#@HAVE_CHECKENTRY_BOOL@ HAVE_CHECKENTRY_BOOL
+#@HAVE_XT_TARGET_PARAM@ HAVE_XT_TARGET_PARAM
+#@HAVE_NET_OPS_ID@ HAVE_NET_OPS_ID
+
/* Not everything could be moved here. Compatibility stuffs can be found in
* xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too.
*/
@@ -31,24 +45,26 @@
#error "NETFILTER_NETLINK must be enabled: select NFACCT/NFQUEUE/LOG over NFNETLINK"
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifndef HAVE_STRUCT_XT_ACTION_PARAM
#define xt_action_param xt_match_param
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 37)
+#ifndef HAVE_VZALLOC
#define vzalloc(size) __vmalloc(size,\
GFP_KERNEL|__GFP_ZERO|__GFP_HIGHMEM,\
PAGE_KERNEL)
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 5, 0)
+#ifndef HAVE_ETHER_ADDR_EQUAL
#include <linux/etherdevice.h>
static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2)
{
return !compare_ether_addr(addr1, addr2);
}
+#endif
+#ifndef HAVE_NLA_PUT_BE64
static inline int nla_put_be64(struct sk_buff *skb, int attrtype, __be64 value)
{
return nla_put(skb, attrtype, sizeof(__be64), &value);
@@ -60,22 +76,22 @@ static inline int nla_put_net64(struct sk_buff *skb, int attrtype, __be64 value)
}
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0)
-#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid
-#else
+#ifdef HAVE_NL_INFO_PORTID
#define NETLINK_PORTID(skb) NETLINK_CB(skb).portid
+#else
+#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 8, 0)
+#ifndef HAVE_NS_CAPABLE
#define ns_capable(ns, cap) capable(cap)
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0)
-#define lock_nfnl() nfnl_lock()
-#define unlock_nfnl() nfnl_unlock()
-#else
+#ifdef HAVE_NFNL_LOCK_SUBSYS
#define lock_nfnl() nfnl_lock(NFNL_SUBSYS_IPSET)
#define unlock_nfnl() nfnl_unlock(NFNL_SUBSYS_IPSET)
+#else
+#define lock_nfnl() nfnl_lock()
+#define unlock_nfnl() nfnl_unlock()
#endif
#ifdef NLA_PUT_NET16
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 9506973..c1989d9 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1388,11 +1388,11 @@ ip_set_dump(struct sock *ctnl, struct sk_buff *skb,
if (unlikely(protocol_failed(attr)))
return -IPSET_ERR_PROTOCOL;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0)
+#if HAVE_NETLINK_DUMP_START_ARGS == 5
return netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
ip_set_dump_done);
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(3, 4, 0)
+#elif HAVE_NETLINK_DUMP_START_ARGS == 6
return netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
ip_set_dump_done, 0);
@@ -1977,20 +1977,42 @@ static struct nf_sockopt_ops so_set __read_mostly = {
static int __net_init
ip_set_net_init(struct net *net)
{
- struct ip_set_net *inst = ip_set_pernet(net);
+ struct ip_set_net *inst;
struct ip_set **list;
+#ifdef HAVE_NET_OPS_ID
+ inst = ip_set_pernet(net);
+#else
+ int err;
+
+ inst = kzalloc(sizeof(struct ip_set_net), GFP_KERNEL);
+ if (!inst)
+ return -ENOMEM;
+ err = net_assign_generic(net, ip_set_net_id, inst);
+ if (err < 0)
+ goto err_alloc;
+#endif
inst->ip_set_max = max_sets ? max_sets : CONFIG_IP_SET_MAX;
if (inst->ip_set_max >= IPSET_INVALID_ID)
inst->ip_set_max = IPSET_INVALID_ID - 1;
list = kzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL);
if (!list)
+#ifdef HAVE_NET_OPS_ID
return -ENOMEM;
+#else
+ goto err_alloc;
+#endif
inst->is_deleted = 0;
rcu_assign_pointer(inst->ip_set_list, list);
pr_notice("ip_set: protocol %u\n", IPSET_PROTOCOL);
return 0;
+
+#ifndef HAVE_NET_OPS_ID
+err_alloc:
+ kfree(inst);
+ return err;
+#endif
}
static void __net_exit
@@ -2009,13 +2031,18 @@ ip_set_net_exit(struct net *net)
ip_set_destroy_set(inst, i);
}
kfree(rcu_dereference_protected(inst->ip_set_list, 1));
+#ifndef HAVE_NET_OPS_ID
+ kfree(inst);
+#endif
}
static struct pernet_operations ip_set_net_ops = {
.init = ip_set_net_init,
.exit = ip_set_net_exit,
+#ifdef HAVE_NET_OPS_ID
.id = &ip_set_net_id,
.size = sizeof(struct ip_set_net)
+#endif
};
@@ -2033,7 +2060,11 @@ ip_set_init(void)
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
return ret;
}
+#ifdef HAVE_NET_OPS_ID
ret = register_pernet_subsys(&ip_set_net_ops);
+#else
+ ret = register_pernet_gen_device(&ip_set_net_id, &ip_set_net_ops);
+#endif
if (ret) {
pr_err("ip_set: cannot register pernet_subsys.\n");
nf_unregister_sockopt(&so_set);
@@ -2046,7 +2077,11 @@ ip_set_init(void)
static void __exit
ip_set_fini(void)
{
+#ifdef HAVE_NET_OPS_ID
unregister_pernet_subsys(&ip_set_net_ops);
+#else
+ unregister_pernet_gen_device(ip_set_net_id, &ip_set_net_ops);
+#endif
nf_unregister_sockopt(&so_set);
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
pr_debug("these are the famous last words\n");
diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c
index a0d96eb..5d5ff82 100644
--- a/kernel/net/netfilter/ipset/ip_set_getport.c
+++ b/kernel/net/netfilter/ipset/ip_set_getport.c
@@ -8,7 +8,7 @@
/* Get Layer-4 data from the packets */
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0)
+#ifdef HAVE_EXPORT_H
#include <linux/export.h>
#endif
#include <linux/ip.h>
@@ -21,6 +21,7 @@
#include <net/ipv6.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
+#include <linux/netfilter/ipset/ip_set_compat.h>
/* We must handle non-linear skbs */
static bool
@@ -138,7 +139,7 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
__be16 frag_off = 0;
nexthdr = ipv6_hdr(skb)->nexthdr;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0)
+#if HAVE_IPV6_SKIP_EXTHDR_ARGS == 4
protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
&frag_off);
#else
diff --git a/kernel/net/netfilter/ipset/pfxlen.c b/kernel/net/netfilter/ipset/pfxlen.c
index 1fe890f..e69f5ef 100644
--- a/kernel/net/netfilter/ipset/pfxlen.c
+++ b/kernel/net/netfilter/ipset/pfxlen.c
@@ -1,5 +1,5 @@
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0)
+#ifdef HAVE_EXPORT_H
#include <linux/export.h>
#endif
#include <linux/netfilter/ipset/pfxlen.h>
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index 4a4cee9..46fdbe0 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -28,16 +28,18 @@ MODULE_ALIAS("ip6t_set");
MODULE_ALIAS("ipt_SET");
MODULE_ALIAS("ip6t_SET");
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifdef HAVE_CHECKENTRY_BOOL
#define CHECK_OK 1
#define CHECK_FAIL(err) 0
#define CONST const
#define FTYPE bool
+#define XT_PAR_NET(par) NULL
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
#define CHECK_OK 0
#define CHECK_FAIL(err) (err)
#define CONST
#define FTYPE int
+#define XT_PAR_NET(par) (par)->net
#endif
static inline int
@@ -94,7 +96,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
struct xt_set_info_match_v0 *info = par->matchinfo;
ip_set_id_t index;
- index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
@@ -104,7 +106,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -119,7 +121,7 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par)
{
struct xt_set_info_match_v0 *info = par->matchinfo;
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
}
/* Revision 1 */
@@ -144,7 +146,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par)
struct xt_set_info_match_v1 *info = par->matchinfo;
ip_set_id_t index;
- index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
@@ -154,7 +156,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par)
if (info->match_set.dim > IPSET_DIM_MAX) {
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -166,7 +168,7 @@ set_match_v1_destroy(const struct xt_mtdtor_param *par)
{
struct xt_set_info_match_v1 *info = par->matchinfo;
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
}
/* Revision 3 match */
@@ -217,7 +219,7 @@ set_match_v3(const struct sk_buff *skb, CONST struct xt_action_param *par)
/* Revision 0 interface: backward compatible with netfilter/iptables */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifdef HAVE_XT_TARGET_PARAM
#undef xt_action_param
#define xt_action_param xt_target_param
#define CAST_TO_MATCH (const struct xt_match_param *)
@@ -249,7 +251,7 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
@@ -258,12 +260,12 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
}
if (info->del_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
return CHECK_FAIL(-ENOENT);
}
}
@@ -272,9 +274,9 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -291,9 +293,9 @@ set_target_v0_destroy(const struct xt_tgdtor_param *par)
const struct xt_set_info_target_v0 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
}
/* Revision 1 target */
@@ -322,7 +324,7 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
@@ -331,12 +333,12 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
}
if (info->del_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
return CHECK_FAIL(-ENOENT);
}
}
@@ -345,9 +347,9 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -360,9 +362,9 @@ set_target_v1_destroy(const struct xt_tgdtor_param *par)
const struct xt_set_info_target_v1 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
}
/* Revision 2 target */