From d068b48f78e84282166c28710c21665c7aa7cbd2 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Thu, 13 Oct 2016 20:40:39 +0200
Subject: netfilter: x_tables: Use par->net instead of computing from the
 passed net devices

Backported from kernel tree.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 kernel/include/linux/netfilter/ipset/ip_set_compat.h.in | 6 ++++++
 kernel/net/netfilter/ipset/ip_set_core.c                | 9 +++------
 2 files changed, 9 insertions(+), 6 deletions(-)

(limited to 'kernel')

diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index dff100a..a4a54fd 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -285,6 +285,12 @@ static inline __be16 tc_skb_protocol(const struct sk_buff *skb)
 }
 #endif
 
+#ifdef HAVE_NET_IN_XT_ACTION_PARAM
+#define IPSET_DEV_NET(par)	(par)->net
+#else
+#define IPSET_DEV_NET(par)	dev_net((par)->in ? (par)->in : (par)->out)
+#endif
+
 #ifndef smp_mb__before_atomic
 #define smp_mb__before_atomic()	smp_mb()
 #define smp_mb__after_atomic()	smp_mb()
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 0be8846..bee479f 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -546,8 +546,7 @@ int
 ip_set_test(ip_set_id_t index, const struct sk_buff *skb,
 	    const struct xt_action_param *par, struct ip_set_adt_opt *opt)
 {
-	struct ip_set *set = ip_set_rcu_get(
-			dev_net(par->in ? par->in : par->out), index);
+	struct ip_set *set = ip_set_rcu_get(IPSET_DEV_NET(par), index);
 	int ret = 0;
 
 	BUG_ON(!set);
@@ -585,8 +584,7 @@ int
 ip_set_add(ip_set_id_t index, const struct sk_buff *skb,
 	   const struct xt_action_param *par, struct ip_set_adt_opt *opt)
 {
-	struct ip_set *set = ip_set_rcu_get(
-			dev_net(par->in ? par->in : par->out), index);
+	struct ip_set *set = ip_set_rcu_get(IPSET_DEV_NET(par), index);
 	int ret;
 
 	BUG_ON(!set);
@@ -608,8 +606,7 @@ int
 ip_set_del(ip_set_id_t index, const struct sk_buff *skb,
 	   const struct xt_action_param *par, struct ip_set_adt_opt *opt)
 {
-	struct ip_set *set = ip_set_rcu_get(
-			dev_net(par->in ? par->in : par->out), index);
+	struct ip_set *set = ip_set_rcu_get(IPSET_DEV_NET(par), index);
 	int ret = 0;
 
 	BUG_ON(!set);
-- 
cgit v1.2.3