diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-10-02 17:31:15 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-10-02 17:31:15 +0200 |
commit | 8a82b39ef90b95cd4533fb5a6f5afa2b74ebd61d (patch) | |
tree | 0dc92ad0e77247ae87823a3c3f18cb34f36abc78 | |
parent | a61d7ebe47c4c0d7a60dd8d4345ef4e41f14426a (diff) |
Compatibility code is modified not to rely on kernel version numbers
Instead the kernel source code is checked to verify the different
compatibility issues for the supported kernel releases.
This way hopefully backported features will be handled properly.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | configure.ac | 149 | ||||
-rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set_compat.h.in (renamed from kernel/include/linux/netfilter/ipset/ip_set_compat.h) | 38 | ||||
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_core.c | 41 | ||||
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_getport.c | 5 | ||||
-rw-r--r-- | kernel/net/netfilter/ipset/pfxlen.c | 2 | ||||
-rw-r--r-- | kernel/net/netfilter/xt_set.c | 46 |
7 files changed, 241 insertions, 41 deletions
@@ -16,6 +16,7 @@ Makefile.in .tmp_versions Module.symvers modules.order +kernel/include/linux/netfilter/ipset/ip_set_compat.h /aclocal.m4 /autom4te.cache/ diff --git a/configure.ac b/configure.ac index 6d06ef5..df40dcd 100644 --- a/configure.ac +++ b/configure.ac @@ -67,6 +67,7 @@ then fi AC_PROG_GREP +AC_PROG_AWK if ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/linux/netfilter/nfnetlink.h" && \ ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/uapi/linux/netfilter/nfnetlink.h"; @@ -166,7 +167,150 @@ AC_CHECK_TYPES([union nf_inet_addr],,,[#include <linux/types.h> dnl Checks for functions AC_CHECK_FUNCS(gethostbyname2) -dnl Checks for compiler characteristics. +dnl Check kernel incompatibilities... Ugly like hell +AC_MSG_CHECKING([kernel source for struct xt_action_param]) +if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \ + $GREP -q 'struct xt_action_param' $ksourcedir/include/linux/netfilter/x_tables.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_STRUCT_XT_ACTION_PARAM, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_STRUCT_XT_ACTION_PARAM, undef) +fi + +AC_MSG_CHECKING([kernel source for vzalloc]) +if test -f $ksourcedir/include/linux/vmalloc.h && \ + $GREP -q 'vzalloc' $ksourcedir/include/linux/vmalloc.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_VZALLOC, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_VZALLOC, undef) +fi + +AC_MSG_CHECKING([kernel source for ether_addr_equal]) +if test -f $ksourcedir/include/linux/etherdevice.h && \ + $GREP -q 'ether_addr_equal' $ksourcedir/include/linux/etherdevice.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_ETHER_ADDR_EQUAL, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_ETHER_ADDR_EQUAL, undef) +fi + +AC_MSG_CHECKING([kernel source for nla_put_be64]) +if test -f $ksourcedir/include/net/netlink.h && \ + $GREP -q 'nla_put_be64' $ksourcedir/include/net/netlink.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NLA_PUT_BE64, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NLA_PUT_BE64, undef) +fi + +AC_MSG_CHECKING([kernel source for portid in nl_info]) +if test -f $ksourcedir/include/linux/netlink.h && \ + $AWK '/^struct netlink_skb_parms/ {for(i=1; i<=5; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'portid;'; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NL_INFO_PORTID, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NL_INFO_PORTID, undef) +fi + +AC_MSG_CHECKING([kernel source for netlink_dump_start args]) +if test -f $ksourcedir/include/linux/netlink.h && \ + $AWK '/netlink_dump_start/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'done.*;'; then + AC_MSG_RESULT(5 args) + AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 5) +elif test -f $ksourcedir/include/linux/netlink.h && \ + $AWK '/netlink_dump_start/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'min_dump_alloc.*;'; then + AC_MSG_RESULT(6 args) + AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 6) +else + AC_MSG_RESULT(4 args) + AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 4) +fi + +AC_MSG_CHECKING([kernel source for ns_capable]) +if test -f $ksourcedir/include/linux/capability.h && \ + $GREP -q 'ns_capable' $ksourcedir/include/linux/capability.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NS_CAPABLE, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NS_CAPABLE, undef) +fi + +AC_MSG_CHECKING([kernel source for nfnl_lock per subsys]) +if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \ + $GREP -q 'nfnl_lock.* subsys_id' $ksourcedir/include/linux/netfilter/nfnetlink.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NFNL_LOCK_SUBSYS, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NFNL_LOCK_SUBSYS, undef) +fi + +AC_MSG_CHECKING([kernel source for export.h]) +if test -f $ksourcedir/include/linux/export.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_EXPORT_H, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_EXPORT_H, undef) +fi + +AC_MSG_CHECKING([kernel source for ipv6_skip_exthdr args]) +if test -f $ksourcedir/include/net/ipv6.h && \ + $AWK '/ipv6_skip_exthdr/ {getline; print}' $ksourcedir/include/net/ipv6.h | $GREP -q 'frag_offp'; then + AC_MSG_RESULT(4 args) + AC_SUBST(HAVE_IPV6_SKIP_EXTHDR_ARGS, 4) +else + AC_MSG_RESULT(3 args) + AC_SUBST(HAVE_IPV6_SKIP_EXTHDR_ARGS, 3) +fi + +AC_MSG_CHECKING([kernel source for bool checkentry function prototype]) +if test -f $ksourcedir/net/netfilter/xt_state.c && \ + $GREP -q 'bool state_mt_check' $ksourcedir/net/netfilter/xt_state.c; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_CHECKENTRY_BOOL, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_CHECKENTRY_BOOL, undef) +fi + +AC_MSG_CHECKING([kernel source for old struct xt_target_param]) +if test -f $ksourcedir/net/netfilter/xt_TCPMSS.c && \ + $GREP -q 'const struct xt_target_param' $ksourcedir/net/netfilter/xt_TCPMSS.c; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_XT_TARGET_PARAM, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_XT_TARGET_PARAM, undef) +fi + +AC_MSG_CHECKING([kernel source for id in struct pernet_operations]) +if test -f $ksourcedir/include/net/net_namespace.h && \ + $AWK '/struct pernet_operations/ {for(i=1; i<=6; i++) {getline; print}}' $ksourcedir/include/net/net_namespace.h | $GREP -q 'int \*id;'; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NET_OPS_ID, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NET_OPS_ID, undef) +fi + +AC_MSG_CHECKING([kernel source for struct net_generic]) +if test -f $ksourcedir/include/net/netns/generic.h && \ + $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) + AC_MSG_ERROR([Netns support is required in the Linux kernel tree]) +fi + +dnl Checks for compiler characteristics. dnl Check extra warning flags except dnl -Wconversion -> we need it dnl -Wunreachable-code -> fails with ntoh* @@ -210,7 +354,8 @@ dnl Checks for library functions. dnl Generate output AC_CONFIG_FILES([Makefile include/libipset/Makefile - lib/Makefile lib/libipset.pc src/Makefile]) + lib/Makefile lib/libipset.pc src/Makefile + kernel/include/linux/netfilter/ipset/ip_set_compat.h]) AC_OUTPUT dnl Summary diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index cdc8f53..b93c5d9 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -1,6 +1,20 @@ #ifndef __IP_SET_COMPAT_H #define __IP_SET_COMPAT_H +#@HAVE_STRUCT_XT_ACTION_PARAM@ HAVE_STRUCT_XT_ACTION_PARAM +#@HAVE_VZALLOC@ HAVE_VZALLOC +#@HAVE_ETHER_ADDR_EQUAL@ HAVE_ETHER_ADDR_EQUAL +#@HAVE_NLA_PUT_BE64@ HAVE_NLA_PUT_BE64 +#@HAVE_NL_INFO_PORTID@ HAVE_NL_INFO_PORTID +#define HAVE_NETLINK_DUMP_START_ARGS @HAVE_NETLINK_DUMP_START_ARGS@ +#@HAVE_NS_CAPABLE@ HAVE_NS_CAPABLE +#@HAVE_NFNL_LOCK_SUBSYS@ HAVE_NFNL_LOCK_SUBSYS +#@HAVE_EXPORT_H@ HAVE_EXPORT_H +#define HAVE_IPV6_SKIP_EXTHDR_ARGS @HAVE_IPV6_SKIP_EXTHDR_ARGS@ +#@HAVE_CHECKENTRY_BOOL@ HAVE_CHECKENTRY_BOOL +#@HAVE_XT_TARGET_PARAM@ HAVE_XT_TARGET_PARAM +#@HAVE_NET_OPS_ID@ HAVE_NET_OPS_ID + /* Not everything could be moved here. Compatibility stuffs can be found in * xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too. */ @@ -31,24 +45,26 @@ #error "NETFILTER_NETLINK must be enabled: select NFACCT/NFQUEUE/LOG over NFNETLINK" #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) +#ifndef HAVE_STRUCT_XT_ACTION_PARAM #define xt_action_param xt_match_param #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 37) +#ifndef HAVE_VZALLOC #define vzalloc(size) __vmalloc(size,\ GFP_KERNEL|__GFP_ZERO|__GFP_HIGHMEM,\ PAGE_KERNEL) #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 5, 0) +#ifndef HAVE_ETHER_ADDR_EQUAL #include <linux/etherdevice.h> static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2) { return !compare_ether_addr(addr1, addr2); } +#endif +#ifndef HAVE_NLA_PUT_BE64 static inline int nla_put_be64(struct sk_buff *skb, int attrtype, __be64 value) { return nla_put(skb, attrtype, sizeof(__be64), &value); @@ -60,22 +76,22 @@ static inline int nla_put_net64(struct sk_buff *skb, int attrtype, __be64 value) } #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0) -#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid -#else +#ifdef HAVE_NL_INFO_PORTID #define NETLINK_PORTID(skb) NETLINK_CB(skb).portid +#else +#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 8, 0) +#ifndef HAVE_NS_CAPABLE #define ns_capable(ns, cap) capable(cap) #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0) -#define lock_nfnl() nfnl_lock() -#define unlock_nfnl() nfnl_unlock() -#else +#ifdef HAVE_NFNL_LOCK_SUBSYS #define lock_nfnl() nfnl_lock(NFNL_SUBSYS_IPSET) #define unlock_nfnl() nfnl_unlock(NFNL_SUBSYS_IPSET) +#else +#define lock_nfnl() nfnl_lock() +#define unlock_nfnl() nfnl_unlock() #endif #ifdef NLA_PUT_NET16 diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 9506973..c1989d9 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -1388,11 +1388,11 @@ ip_set_dump(struct sock *ctnl, struct sk_buff *skb, if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) +#if HAVE_NETLINK_DUMP_START_ARGS == 5 return netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done); -#elif LINUX_VERSION_CODE < KERNEL_VERSION(3, 4, 0) +#elif HAVE_NETLINK_DUMP_START_ARGS == 6 return netlink_dump_start(ctnl, skb, nlh, ip_set_dump_start, ip_set_dump_done, 0); @@ -1977,20 +1977,42 @@ static struct nf_sockopt_ops so_set __read_mostly = { static int __net_init ip_set_net_init(struct net *net) { - struct ip_set_net *inst = ip_set_pernet(net); + struct ip_set_net *inst; struct ip_set **list; +#ifdef HAVE_NET_OPS_ID + inst = ip_set_pernet(net); +#else + int err; + + inst = kzalloc(sizeof(struct ip_set_net), GFP_KERNEL); + if (!inst) + return -ENOMEM; + err = net_assign_generic(net, ip_set_net_id, inst); + if (err < 0) + goto err_alloc; +#endif inst->ip_set_max = max_sets ? max_sets : CONFIG_IP_SET_MAX; if (inst->ip_set_max >= IPSET_INVALID_ID) inst->ip_set_max = IPSET_INVALID_ID - 1; list = kzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL); if (!list) +#ifdef HAVE_NET_OPS_ID return -ENOMEM; +#else + goto err_alloc; +#endif inst->is_deleted = 0; rcu_assign_pointer(inst->ip_set_list, list); pr_notice("ip_set: protocol %u\n", IPSET_PROTOCOL); return 0; + +#ifndef HAVE_NET_OPS_ID +err_alloc: + kfree(inst); + return err; +#endif } static void __net_exit @@ -2009,13 +2031,18 @@ ip_set_net_exit(struct net *net) ip_set_destroy_set(inst, i); } kfree(rcu_dereference_protected(inst->ip_set_list, 1)); +#ifndef HAVE_NET_OPS_ID + kfree(inst); +#endif } static struct pernet_operations ip_set_net_ops = { .init = ip_set_net_init, .exit = ip_set_net_exit, +#ifdef HAVE_NET_OPS_ID .id = &ip_set_net_id, .size = sizeof(struct ip_set_net) +#endif }; @@ -2033,7 +2060,11 @@ ip_set_init(void) nfnetlink_subsys_unregister(&ip_set_netlink_subsys); return ret; } +#ifdef HAVE_NET_OPS_ID ret = register_pernet_subsys(&ip_set_net_ops); +#else + ret = register_pernet_gen_device(&ip_set_net_id, &ip_set_net_ops); +#endif if (ret) { pr_err("ip_set: cannot register pernet_subsys.\n"); nf_unregister_sockopt(&so_set); @@ -2046,7 +2077,11 @@ ip_set_init(void) static void __exit ip_set_fini(void) { +#ifdef HAVE_NET_OPS_ID unregister_pernet_subsys(&ip_set_net_ops); +#else + unregister_pernet_gen_device(ip_set_net_id, &ip_set_net_ops); +#endif nf_unregister_sockopt(&so_set); nfnetlink_subsys_unregister(&ip_set_netlink_subsys); pr_debug("these are the famous last words\n"); diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c index a0d96eb..5d5ff82 100644 --- a/kernel/net/netfilter/ipset/ip_set_getport.c +++ b/kernel/net/netfilter/ipset/ip_set_getport.c @@ -8,7 +8,7 @@ /* Get Layer-4 data from the packets */ #include <linux/version.h> -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0) +#ifdef HAVE_EXPORT_H #include <linux/export.h> #endif #include <linux/ip.h> @@ -21,6 +21,7 @@ #include <net/ipv6.h> #include <linux/netfilter/ipset/ip_set_getport.h> +#include <linux/netfilter/ipset/ip_set_compat.h> /* We must handle non-linear skbs */ static bool @@ -138,7 +139,7 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, __be16 frag_off = 0; nexthdr = ipv6_hdr(skb)->nexthdr; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0) +#if HAVE_IPV6_SKIP_EXTHDR_ARGS == 4 protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, &frag_off); #else diff --git a/kernel/net/netfilter/ipset/pfxlen.c b/kernel/net/netfilter/ipset/pfxlen.c index 1fe890f..e69f5ef 100644 --- a/kernel/net/netfilter/ipset/pfxlen.c +++ b/kernel/net/netfilter/ipset/pfxlen.c @@ -1,5 +1,5 @@ #include <linux/version.h> -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0) +#ifdef HAVE_EXPORT_H #include <linux/export.h> #endif #include <linux/netfilter/ipset/pfxlen.h> diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c index 4a4cee9..46fdbe0 100644 --- a/kernel/net/netfilter/xt_set.c +++ b/kernel/net/netfilter/xt_set.c @@ -28,16 +28,18 @@ MODULE_ALIAS("ip6t_set"); MODULE_ALIAS("ipt_SET"); MODULE_ALIAS("ip6t_SET"); -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) +#ifdef HAVE_CHECKENTRY_BOOL #define CHECK_OK 1 #define CHECK_FAIL(err) 0 #define CONST const #define FTYPE bool +#define XT_PAR_NET(par) NULL #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */ #define CHECK_OK 0 #define CHECK_FAIL(err) (err) #define CONST #define FTYPE int +#define XT_PAR_NET(par) (par)->net #endif static inline int @@ -94,7 +96,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) struct xt_set_info_match_v0 *info = par->matchinfo; ip_set_id_t index; - index = ip_set_nfnl_get_byindex(par->net, info->match_set.index); + index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index); if (index == IPSET_INVALID_ID) { pr_warning("Cannot find set indentified by id %u to match\n", @@ -104,7 +106,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { pr_warning("Protocol error: set match dimension " "is over the limit!\n"); - ip_set_nfnl_put(par->net, info->match_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index); return CHECK_FAIL(-ERANGE); } @@ -119,7 +121,7 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par) { struct xt_set_info_match_v0 *info = par->matchinfo; - ip_set_nfnl_put(par->net, info->match_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index); } /* Revision 1 */ @@ -144,7 +146,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par) struct xt_set_info_match_v1 *info = par->matchinfo; ip_set_id_t index; - index = ip_set_nfnl_get_byindex(par->net, info->match_set.index); + index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index); if (index == IPSET_INVALID_ID) { pr_warning("Cannot find set indentified by id %u to match\n", @@ -154,7 +156,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par) if (info->match_set.dim > IPSET_DIM_MAX) { pr_warning("Protocol error: set match dimension " "is over the limit!\n"); - ip_set_nfnl_put(par->net, info->match_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index); return CHECK_FAIL(-ERANGE); } @@ -166,7 +168,7 @@ set_match_v1_destroy(const struct xt_mtdtor_param *par) { struct xt_set_info_match_v1 *info = par->matchinfo; - ip_set_nfnl_put(par->net, info->match_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index); } /* Revision 3 match */ @@ -217,7 +219,7 @@ set_match_v3(const struct sk_buff *skb, CONST struct xt_action_param *par) /* Revision 0 interface: backward compatible with netfilter/iptables */ -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) +#ifdef HAVE_XT_TARGET_PARAM #undef xt_action_param #define xt_action_param xt_target_param #define CAST_TO_MATCH (const struct xt_match_param *) @@ -249,7 +251,7 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) ip_set_id_t index; if (info->add_set.index != IPSET_INVALID_ID) { - index = ip_set_nfnl_get_byindex(par->net, info->add_set.index); + index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index); if (index == IPSET_INVALID_ID) { pr_warning("Cannot find add_set index %u as target\n", info->add_set.index); @@ -258,12 +260,12 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) } if (info->del_set.index != IPSET_INVALID_ID) { - index = ip_set_nfnl_get_byindex(par->net, info->del_set.index); + index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index); if (index == IPSET_INVALID_ID) { pr_warning("Cannot find del_set index %u as target\n", info->del_set.index); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->add_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index); return CHECK_FAIL(-ENOENT); } } @@ -272,9 +274,9 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) pr_warning("Protocol error: SET target dimension " "is over the limit!\n"); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->add_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->del_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index); return CHECK_FAIL(-ERANGE); } @@ -291,9 +293,9 @@ set_target_v0_destroy(const struct xt_tgdtor_param *par) const struct xt_set_info_target_v0 *info = par->targinfo; if (info->add_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->add_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->del_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index); } /* Revision 1 target */ @@ -322,7 +324,7 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par) ip_set_id_t index; if (info->add_set.index != IPSET_INVALID_ID) { - index = ip_set_nfnl_get_byindex(par->net, info->add_set.index); + index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index); if (index == IPSET_INVALID_ID) { pr_warning("Cannot find add_set index %u as target\n", info->add_set.index); @@ -331,12 +333,12 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par) } if (info->del_set.index != IPSET_INVALID_ID) { - index = ip_set_nfnl_get_byindex(par->net, info->del_set.index); + index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index); if (index == IPSET_INVALID_ID) { pr_warning("Cannot find del_set index %u as target\n", info->del_set.index); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->add_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index); return CHECK_FAIL(-ENOENT); } } @@ -345,9 +347,9 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par) pr_warning("Protocol error: SET target dimension " "is over the limit!\n"); if (info->add_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->add_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->del_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index); return CHECK_FAIL(-ERANGE); } @@ -360,9 +362,9 @@ set_target_v1_destroy(const struct xt_tgdtor_param *par) const struct xt_set_info_target_v1 *info = par->targinfo; if (info->add_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->add_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index); if (info->del_set.index != IPSET_INVALID_ID) - ip_set_nfnl_put(par->net, info->del_set.index); + ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index); } /* Revision 2 target */ |