From: Serhey Popovych <serhe.popovych@gmail.com>
Date: Fri, 29 Nov 2019 09:21:34 +0000 (+0200)
Subject: ip_set: Pass init_net when @net is missing in match check params data structure
X-Git-Tag: v7.5~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5743b3b545fc3b48c53fe3d763fa7ec738af27bf;p=thirdparty%2Fipset.git

ip_set: Pass init_net when @net is missing in match check params data structure

It is better to restrict ipsets to default network namespace on old
kernels that does not contain @net parameter in @struct xt_mtchk_param
(i.e. ones prior to commit a83d8e8d099f ("netfilter: xtables:
add struct xt_mtchk_param::net"), tag v2.6.34) instead of panicing
on them.

Found and tested on RHEL 6 with 2.6.32 kernels.

Fixes: 90e279db0cf5 ("Add more compatibility checkings to support older kernel releases")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---

diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index c2735c4d..95efb3a2 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -39,7 +39,7 @@ MODULE_ALIAS("ip6t_SET");
 #ifdef HAVE_XT_MTCHK_PARAM_STRUCT_NET
 #define XT_PAR_NET(par)	((par)->net)
 #else
-#define	XT_PAR_NET(par)	NULL
+#define	XT_PAR_NET(par)	(&(init_net))
 #endif
 
 static inline int