summaryrefslogtreecommitdiffstats
path: root/kernel/net/netfilter/xt_set.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/net/netfilter/xt_set.c')
-rw-r--r--kernel/net/netfilter/xt_set.c46
1 files changed, 24 insertions, 22 deletions
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index 4a4cee9..46fdbe0 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -28,16 +28,18 @@ MODULE_ALIAS("ip6t_set");
MODULE_ALIAS("ipt_SET");
MODULE_ALIAS("ip6t_SET");
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifdef HAVE_CHECKENTRY_BOOL
#define CHECK_OK 1
#define CHECK_FAIL(err) 0
#define CONST const
#define FTYPE bool
+#define XT_PAR_NET(par) NULL
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
#define CHECK_OK 0
#define CHECK_FAIL(err) (err)
#define CONST
#define FTYPE int
+#define XT_PAR_NET(par) (par)->net
#endif
static inline int
@@ -94,7 +96,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
struct xt_set_info_match_v0 *info = par->matchinfo;
ip_set_id_t index;
- index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
@@ -104,7 +106,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -119,7 +121,7 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par)
{
struct xt_set_info_match_v0 *info = par->matchinfo;
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
}
/* Revision 1 */
@@ -144,7 +146,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par)
struct xt_set_info_match_v1 *info = par->matchinfo;
ip_set_id_t index;
- index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
@@ -154,7 +156,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par)
if (info->match_set.dim > IPSET_DIM_MAX) {
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -166,7 +168,7 @@ set_match_v1_destroy(const struct xt_mtdtor_param *par)
{
struct xt_set_info_match_v1 *info = par->matchinfo;
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
}
/* Revision 3 match */
@@ -217,7 +219,7 @@ set_match_v3(const struct sk_buff *skb, CONST struct xt_action_param *par)
/* Revision 0 interface: backward compatible with netfilter/iptables */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifdef HAVE_XT_TARGET_PARAM
#undef xt_action_param
#define xt_action_param xt_target_param
#define CAST_TO_MATCH (const struct xt_match_param *)
@@ -249,7 +251,7 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
@@ -258,12 +260,12 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
}
if (info->del_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
return CHECK_FAIL(-ENOENT);
}
}
@@ -272,9 +274,9 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -291,9 +293,9 @@ set_target_v0_destroy(const struct xt_tgdtor_param *par)
const struct xt_set_info_target_v0 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
}
/* Revision 1 target */
@@ -322,7 +324,7 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
@@ -331,12 +333,12 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
}
if (info->del_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
return CHECK_FAIL(-ENOENT);
}
}
@@ -345,9 +347,9 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
return CHECK_FAIL(-ERANGE);
}
@@ -360,9 +362,9 @@ set_target_v1_destroy(const struct xt_tgdtor_param *par)
const struct xt_set_info_target_v1 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
}
/* Revision 2 target */