ip_set: Pass init_net when @net is missing in match check params data structure

It is better to restrict ipsets to default network namespace on old
kernels that does not contain @net parameter in @struct xt_mtchk_param
(i.e. ones prior to commit a83d8e8d099f ("netfilter: xtables:
add struct xt_mtchk_param::net"), tag v2.6.34) instead of panicing
on them.

Found and tested on RHEL 6 with 2.6.32 kernels.

Fixes: 90e279db0cf5 ("Add more compatibility checkings to support older kernel releases")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>

diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index c2735c4d03b6ea99be8b8e6346b48491854cbe57..95efb3a25661c388bda40bb946611ced864c1a34 100644 (file)
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -39,7 +39,7 @@ MODULE_ALIAS("ip6t_SET");
 #ifdef HAVE_XT_MTCHK_PARAM_STRUCT_NET
 #define XT_PAR_NET(par)        ((par)->net)
 #else
-#define        XT_PAR_NET(par) NULL
+#define        XT_PAR_NET(par) (&(init_net))
 #endif
 
 static inline int