From 1d90b77974a41becda46a16a78f90ecd43e2c222 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Thu, 23 Mar 2017 16:13:16 +0100
Subject: Compatibility: handle changes in 4.10 kernel tree

Handle changes in struct xt_action_param and the new xt_family(),
xt_net() interfaces (reported by Jan Engelhardt).
---
 kernel/net/netfilter/ipset/ip_set_hash_netiface.c |  2 +-
 kernel/net/netfilter/xt_set.c                     | 26 +++++++++++------------
 kernel/net/sched/em_ipset.c                       | 24 +++++++++++++++++++--
 3 files changed, 36 insertions(+), 16 deletions(-)

(limited to 'kernel/net')

diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
index 5de22cb..079bbe1 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -170,7 +170,7 @@ hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb,
 	ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
 	e.ip &= ip_set_netmask(e.cidr);
 
-#define IFACE(dir)	(par->dir ? par->dir->name : "")
+#define IFACE(dir)	(XAP_STATE(par)->dir ? XAP_STATE(par)->dir->name : "")
 #define SRCDIR		(opt->flags & IPSET_DIM_TWO_SRC)
 
 	if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index a0780b3..01868aa 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -72,7 +72,7 @@ set_match_v0(const struct sk_buff *skb, CONST struct xt_action_param *par)
 {
 	const struct xt_set_info_match_v0 *info = par->matchinfo;
 
-	ADT_OPT(opt, par->family, info->match_set.u.compat.dim,
+	ADT_OPT(opt, XT_FAMILY(par), info->match_set.u.compat.dim,
 		info->match_set.u.compat.flags, 0, UINT_MAX);
 
 	return match_set(info->match_set.index, skb, par, &opt,
@@ -135,7 +135,7 @@ set_match_v1(const struct sk_buff *skb, CONST struct xt_action_param *par)
 {
 	const struct xt_set_info_match_v1 *info = par->matchinfo;
 
-	ADT_OPT(opt, par->family, info->match_set.dim,
+	ADT_OPT(opt, XT_FAMILY(par), info->match_set.dim,
 		info->match_set.flags, 0, UINT_MAX);
 
 	if (opt.flags & IPSET_RETURN_NOMATCH)
@@ -201,7 +201,7 @@ set_match_v3(const struct sk_buff *skb, CONST struct xt_action_param *par)
 	const struct xt_set_info_match_v3 *info = par->matchinfo;
 	int ret;
 
-	ADT_OPT(opt, par->family, info->match_set.dim,
+	ADT_OPT(opt, XT_FAMILY(par), info->match_set.dim,
 		info->match_set.flags, info->flags, UINT_MAX);
 
 	if (info->packets.op != IPSET_COUNTER_NONE ||
@@ -248,7 +248,7 @@ set_match_v4(const struct sk_buff *skb, CONST struct xt_action_param *par)
 	const struct xt_set_info_match_v4 *info = par->matchinfo;
 	int ret;
 
-	ADT_OPT(opt, par->family, info->match_set.dim,
+	ADT_OPT(opt, XT_FAMILY(par), info->match_set.dim,
 		info->match_set.flags, info->flags, UINT_MAX);
 
 	if (info->packets.op != IPSET_COUNTER_NONE ||
@@ -284,9 +284,9 @@ set_target_v0(struct sk_buff *skb, const struct xt_action_param *par)
 {
 	const struct xt_set_info_target_v0 *info = par->targinfo;
 
-	ADT_OPT(add_opt, par->family, info->add_set.u.compat.dim,
+	ADT_OPT(add_opt, XT_FAMILY(par), info->add_set.u.compat.dim,
 		info->add_set.u.compat.flags, 0, UINT_MAX);
-	ADT_OPT(del_opt, par->family, info->del_set.u.compat.dim,
+	ADT_OPT(del_opt, XT_FAMILY(par), info->del_set.u.compat.dim,
 		info->del_set.u.compat.flags, 0, UINT_MAX);
 
 	if (info->add_set.index != IPSET_INVALID_ID)
@@ -362,9 +362,9 @@ set_target_v1(struct sk_buff *skb, const struct xt_action_param *par)
 {
 	const struct xt_set_info_target_v1 *info = par->targinfo;
 
-	ADT_OPT(add_opt, par->family, info->add_set.dim,
+	ADT_OPT(add_opt, XT_FAMILY(par), info->add_set.dim,
 		info->add_set.flags, 0, UINT_MAX);
-	ADT_OPT(del_opt, par->family, info->del_set.dim,
+	ADT_OPT(del_opt, XT_FAMILY(par), info->del_set.dim,
 		info->del_set.flags, 0, UINT_MAX);
 
 	if (info->add_set.index != IPSET_INVALID_ID)
@@ -436,9 +436,9 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
 {
 	const struct xt_set_info_target_v2 *info = par->targinfo;
 
-	ADT_OPT(add_opt, par->family, info->add_set.dim,
+	ADT_OPT(add_opt, XT_FAMILY(par), info->add_set.dim,
 		info->add_set.flags, info->flags, info->timeout);
-	ADT_OPT(del_opt, par->family, info->del_set.dim,
+	ADT_OPT(del_opt, XT_FAMILY(par), info->del_set.dim,
 		info->del_set.flags, 0, UINT_MAX);
 
 	/* Normalize to fit into jiffies */
@@ -468,11 +468,11 @@ set_target_v3(struct sk_buff *skb, const struct xt_action_param *par)
 	const struct xt_set_info_target_v3 *info = par->targinfo;
 	int ret;
 
-	ADT_OPT(add_opt, par->family, info->add_set.dim,
+	ADT_OPT(add_opt, XT_FAMILY(par), info->add_set.dim,
 		info->add_set.flags, info->flags, info->timeout);
-	ADT_OPT(del_opt, par->family, info->del_set.dim,
+	ADT_OPT(del_opt, XT_FAMILY(par), info->del_set.dim,
 		info->del_set.flags, 0, UINT_MAX);
-	ADT_OPT(map_opt, par->family, info->map_set.dim,
+	ADT_OPT(map_opt, XT_FAMILY(par), info->map_set.dim,
 		info->map_set.flags, 0, UINT_MAX);
 
 	/* Normalize to fit into jiffies */
diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c
index a4ab08d..bd9566f 100644
--- a/kernel/net/sched/em_ipset.c
+++ b/kernel/net/sched/em_ipset.c
@@ -75,17 +75,27 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em,
 	struct xt_action_param acpar;
 	const struct xt_set_info *set = (const void *) em->data;
 	struct net_device *dev, *indev = NULL;
+#ifdef HAVE_STATE_IN_XT_ACTION_PARAM
+	struct nf_hook_state state = {
+		.net	= em->net,
+	};
+#endif
 	int ret, network_offset;
 
+#ifdef HAVE_STATE_IN_XT_ACTION_PARAM
+#define ACPAR_FAMILY(f)		state.pf = f
+#else
+#define ACPAR_FAMILY(f)		acpar.family = f
+#endif
 	switch (tc_skb_protocol(skb)) {
 	case htons(ETH_P_IP):
-		acpar.family = NFPROTO_IPV4;
+		ACPAR_FAMILY(NFPROTO_IPV4);
 		if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))
 			return 0;
 		acpar.thoff = ip_hdrlen(skb);
 		break;
 	case htons(ETH_P_IPV6):
-		acpar.family = NFPROTO_IPV6;
+		ACPAR_FAMILY(NFPROTO_IPV6);
 		if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr)))
 			return 0;
 		/* doesn't call ipv6_find_hdr() because ipset doesn't use
@@ -97,9 +107,13 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em,
 		return 0;
 	}
 
+#ifdef HAVE_STATE_IN_XT_ACTION_PARAM
+	opt.family = state.pf;
+#else
 	acpar.hooknum = 0;
 
 	opt.family = acpar.family;
+#endif
 	opt.dim = set->dim;
 	opt.flags = set->flags;
 	opt.cmdflags = 0;
@@ -119,11 +133,17 @@ static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em,
 		indev = dev_get_by_index_rcu(dev_net(dev), skb->skb_iif);
 #endif
 
+#ifdef HAVE_STATE_IN_XT_ACTION_PARAM
+	state.in      = indev ? indev : dev;
+	state.out     = dev;
+	acpar.state   = &state;
+#else
 #ifdef HAVE_NET_IN_XT_ACTION_PARAM
 	acpar.net     = em->net;
 #endif
 	acpar.in      = indev ? indev : dev;
 	acpar.out     = dev;
+#endif /* HAVE_STATE_IN_XT_ACTION_PARAM */
 
 	ret = ip_set_test(set->index, skb, &acpar, &opt);
 
-- 
cgit v1.2.3