authorSerhey Popovych <>2019-11-29 11:21:34 +0200
committerJozsef Kadlecsik <>2019-12-09 11:17:41 +0100
commit5743b3b545fc3b48c53fe3d763fa7ec738af27bf (patch)
ip_set: Pass init_net when @net is missing in match check params data structure
It is better to restrict ipsets to default network namespace on old kernels that does not contain @net parameter in @struct xt_mtchk_param (i.e. ones prior to commit a83d8e8d099f ("netfilter: xtables: add struct xt_mtchk_param::net"), tag v2.6.34) instead of panicing on them. Found and tested on RHEL 6 with 2.6.32 kernels. Fixes: 90e279db0cf5 ("Add more compatibility checkings to support older kernel releases") Signed-off-by: Serhey Popovych <> Signed-off-by: Jozsef Kadlecsik <>
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index c2735c4..95efb3a 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -39,7 +39,7 @@ MODULE_ALIAS("ip6t_SET");
#define XT_PAR_NET(par) ((par)->net)
-#define XT_PAR_NET(par) NULL
+#define XT_PAR_NET(par) (&(init_net))
static inline int