diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2016-10-11 22:19:51 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-10-11 22:19:51 +0200 |
| commit | c71fc214fe8e134d6e8ffeed4043bcb4320e48d4 (patch) | |
| tree | ea5febf175811f7af57fbc5bf40474d7d2d5540e | |
| parent | f0c110ecc4b8b04e1bbf6766284d3bf52cd73a30 (diff) | |
netfilter: x_tables: Pass struct net in xt_action_param
As xt_action_param lives on the stack this does not bloat any
persistent data structures.
This is a first step in making netfilter code that needs to know
which network namespace it is executing in simpler.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | configure.ac | 11 | ||||
| -rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set_compat.h.in | 1 | ||||
| -rw-r--r-- | kernel/net/sched/em_ipset.c | 3 |
3 files changed, 15 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index f046e8b..e1b1483 100644 --- a/configure.ac +++ b/configure.ac @@ -497,6 +497,17 @@ else AC_SUBST(HAVE_TC_SKB_PROTOCOL, undef) fi +AC_MSG_CHECKING([kernel source for struct net in struct xt_action_param]) +if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \ + $AWK '/^struct xt_action_param / {for(i=1; i<=8; i++) {getline; print}}' $ksourcedir/include/linux/netfilter/x_tables.h | \ + $GREP -q 'struct net '; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NET_IN_XT_ACTION_PARAM, undef) +fi + AC_MSG_CHECKING([kernel source for struct net_generic]) if test -f $ksourcedir/include/net/netns/generic.h && \ $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index 062becb..dff100a 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -34,6 +34,7 @@ #@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN #@HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H@ HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #@HAVE_TC_SKB_PROTOCOL@ HAVE_TC_SKB_PROTOCOL +#@HAVE_NET_IN_XT_ACTION_PARAM@ HAVE_NET_IN_XT_ACTION_PARAM #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #include <linux/module.h> diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c index 87b8419..a4ab08d 100644 --- a/kernel/net/sched/em_ipset.c +++ b/kernel/net/sched/em_ipset.c @@ -119,6 +119,9 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em, indev = dev_get_by_index_rcu(dev_net(dev), skb->skb_iif); #endif +#ifdef HAVE_NET_IN_XT_ACTION_PARAM + acpar.net = em->net; +#endif acpar.in = indev ? indev : dev; acpar.out = dev; |