From 5743b3b545fc3b48c53fe3d763fa7ec738af27bf Mon Sep 17 00:00:00 2001
From: Serhey Popovych <serhe.popovych@gmail.com>
Date: Fri, 29 Nov 2019 11:21:34 +0200
Subject: ip_set: Pass init_net when @net is missing in match check params data
 structure

It is better to restrict ipsets to default network namespace on old
kernels that does not contain @net parameter in @struct xt_mtchk_param
(i.e. ones prior to commit a83d8e8d099f ("netfilter: xtables:
add struct xt_mtchk_param::net"), tag v2.6.34) instead of panicing
on them.

Found and tested on RHEL 6 with 2.6.32 kernels.

Fixes: 90e279db0cf5 ("Add more compatibility checkings to support older kernel releases")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---
 kernel/net/netfilter/xt_set.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index c2735c4..95efb3a 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -39,7 +39,7 @@ MODULE_ALIAS("ip6t_SET");
 #ifdef HAVE_XT_MTCHK_PARAM_STRUCT_NET
 #define XT_PAR_NET(par)	((par)->net)
 #else
-#define	XT_PAR_NET(par)	NULL
+#define	XT_PAR_NET(par)	(&(init_net))
 #endif
 
 static inline int
-- 
cgit v1.2.3