diff options
author | Serhey Popovych <serhe.popovych@gmail.com> | 2019-11-29 11:21:34 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@netfilter.org> | 2019-12-09 11:17:41 +0100 |
commit | 5743b3b545fc3b48c53fe3d763fa7ec738af27bf (patch) | |
tree | 12503fde3b1d34f8e6a0411cdfefb90561b60ae1 /kernel/net/netfilter | |
parent | 55b1b5093c6bb1c0330699cdfdd1f6a8254eead7 (diff) |
ip_set: Pass init_net when @net is missing in match check params data structure
It is better to restrict ipsets to default network namespace on old
kernels that does not contain @net parameter in @struct xt_mtchk_param
(i.e. ones prior to commit a83d8e8d099f ("netfilter: xtables:
add struct xt_mtchk_param::net"), tag v2.6.34) instead of panicing
on them.
Found and tested on RHEL 6 with 2.6.32 kernels.
Fixes: 90e279db0cf5 ("Add more compatibility checkings to support older kernel releases")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Diffstat (limited to 'kernel/net/netfilter')
-rw-r--r-- | kernel/net/netfilter/xt_set.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c index c2735c4..95efb3a 100644 --- a/kernel/net/netfilter/xt_set.c +++ b/kernel/net/netfilter/xt_set.c @@ -39,7 +39,7 @@ MODULE_ALIAS("ip6t_SET"); #ifdef HAVE_XT_MTCHK_PARAM_STRUCT_NET #define XT_PAR_NET(par) ((par)->net) #else -#define XT_PAR_NET(par) NULL +#define XT_PAR_NET(par) (&(init_net)) #endif static inline int |