Commit 1785e8f4 authored by Vitaly Lavrov's avatar Vitaly Lavrov Committed by Jozsef Kadlecsik

netfiler: ipset: Add net namespace for ipset

This patch adds netns support for ipset.

Major changes were made in ip_set_core.c and ip_set.h.
Global variables are moved to per net namespace.
Added initialization code and the destruction of the network namespace ipset subsystem.
In the prototypes of public functions ip_set_* added parameter "struct net*".

The remaining corrections related to the change prototypes of public functions ip_set_*.

The patch for git://git.netfilter.org/ipset.git commit 6a4ec96c0b8caac5c35474e40e319704d92ca347
Signed-off-by: default avatarVitaly Lavrov <lve@guap.ru>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent 3fd986b3
...@@ -184,7 +184,8 @@ struct ip_set_type { ...@@ -184,7 +184,8 @@ struct ip_set_type {
u8 revision_min, revision_max; u8 revision_min, revision_max;
/* Create set */ /* Create set */
int (*create)(struct ip_set *set, struct nlattr *tb[], u32 flags); int (*create)(struct net *net, struct ip_set *set,
struct nlattr *tb[], u32 flags);
/* Attribute policies */ /* Attribute policies */
const struct nla_policy create_policy[IPSET_ATTR_CREATE_MAX + 1]; const struct nla_policy create_policy[IPSET_ATTR_CREATE_MAX + 1];
...@@ -316,12 +317,13 @@ ip_set_init_counter(struct ip_set_counter *counter, ...@@ -316,12 +317,13 @@ ip_set_init_counter(struct ip_set_counter *counter,
} }
/* register and unregister set references */ /* register and unregister set references */
extern ip_set_id_t ip_set_get_byname(const char *name, struct ip_set **set); extern ip_set_id_t ip_set_get_byname(struct net *net,
extern void ip_set_put_byindex(ip_set_id_t index); const char *name, struct ip_set **set);
extern const char *ip_set_name_byindex(ip_set_id_t index); extern void ip_set_put_byindex(struct net *net, ip_set_id_t index);
extern ip_set_id_t ip_set_nfnl_get(const char *name); extern const char *ip_set_name_byindex(struct net *net, ip_set_id_t index);
extern ip_set_id_t ip_set_nfnl_get_byindex(ip_set_id_t index); extern ip_set_id_t ip_set_nfnl_get(struct net *net, const char *name);
extern void ip_set_nfnl_put(ip_set_id_t index); extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index);
extern void ip_set_nfnl_put(struct net *net, ip_set_id_t index);
/* API for iptables set match, and SET target */ /* API for iptables set match, and SET target */
......
...@@ -242,7 +242,8 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, ...@@ -242,7 +242,8 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map,
} }
static int static int
bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
u32 flags)
{ {
struct bitmap_ip *map; struct bitmap_ip *map;
u32 first_ip = 0, last_ip = 0, hosts; u32 first_ip = 0, last_ip = 0, hosts;
......
...@@ -309,7 +309,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, ...@@ -309,7 +309,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
} }
static int static int
bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
u32 flags) u32 flags)
{ {
u32 first_ip = 0, last_ip = 0; u32 first_ip = 0, last_ip = 0;
......
...@@ -228,7 +228,8 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, ...@@ -228,7 +228,8 @@ init_map_port(struct ip_set *set, struct bitmap_port *map,
} }
static int static int
bitmap_port_create(struct ip_set *set, struct nlattr *tb[], u32 flags) bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
u32 flags)
{ {
struct bitmap_port *map; struct bitmap_port *map;
u16 first_port, last_port; u16 first_port, last_port;
......
This diff is collapsed.
...@@ -1011,7 +1011,8 @@ static const struct ip_set_type_variant mtype_variant = { ...@@ -1011,7 +1011,8 @@ static const struct ip_set_type_variant mtype_variant = {
#ifdef IP_SET_EMIT_CREATE #ifdef IP_SET_EMIT_CREATE
static int static int
IPSET_TOKEN(HTYPE, _create)(struct ip_set *set, struct nlattr *tb[], u32 flags) IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
struct nlattr *tb[], u32 flags)
{ {
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 hbits; u8 hbits;
......
...@@ -39,6 +39,7 @@ struct set_adt_elem { ...@@ -39,6 +39,7 @@ struct set_adt_elem {
struct list_set { struct list_set {
u32 size; /* size of set list array */ u32 size; /* size of set list array */
struct timer_list gc; /* garbage collection */ struct timer_list gc; /* garbage collection */
struct net *net; /* namespace */
struct set_elem members[0]; /* the set members */ struct set_elem members[0]; /* the set members */
}; };
...@@ -171,7 +172,7 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d, ...@@ -171,7 +172,7 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d,
if (e->id != IPSET_INVALID_ID) { if (e->id != IPSET_INVALID_ID) {
if (i == map->size - 1) { if (i == map->size - 1) {
/* Last element replaced: e.g. add new,before,last */ /* Last element replaced: e.g. add new,before,last */
ip_set_put_byindex(e->id); ip_set_put_byindex(map->net, e->id);
ip_set_ext_destroy(set, e); ip_set_ext_destroy(set, e);
} else { } else {
struct set_elem *x = list_set_elem(set, map, struct set_elem *x = list_set_elem(set, map,
...@@ -179,7 +180,7 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d, ...@@ -179,7 +180,7 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d,
/* Last element pushed off */ /* Last element pushed off */
if (x->id != IPSET_INVALID_ID) { if (x->id != IPSET_INVALID_ID) {
ip_set_put_byindex(x->id); ip_set_put_byindex(map->net, x->id);
ip_set_ext_destroy(set, x); ip_set_ext_destroy(set, x);
} }
memmove(list_set_elem(set, map, i + 1), e, memmove(list_set_elem(set, map, i + 1), e,
...@@ -205,7 +206,7 @@ list_set_del(struct ip_set *set, u32 i) ...@@ -205,7 +206,7 @@ list_set_del(struct ip_set *set, u32 i)
struct list_set *map = set->data; struct list_set *map = set->data;
struct set_elem *e = list_set_elem(set, map, i); struct set_elem *e = list_set_elem(set, map, i);
ip_set_put_byindex(e->id); ip_set_put_byindex(map->net, e->id);
ip_set_ext_destroy(set, e); ip_set_ext_destroy(set, e);
if (i < map->size - 1) if (i < map->size - 1)
...@@ -307,7 +308,7 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext, ...@@ -307,7 +308,7 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext,
if (SET_WITH_COMMENT(set)) if (SET_WITH_COMMENT(set))
ip_set_init_comment(ext_comment(e, set), ext); ip_set_init_comment(ext_comment(e, set), ext);
/* Set is already added to the list */ /* Set is already added to the list */
ip_set_put_byindex(d->id); ip_set_put_byindex(map->net, d->id);
return 0; return 0;
} }
insert: insert:
...@@ -366,6 +367,7 @@ static int ...@@ -366,6 +367,7 @@ static int
list_set_uadt(struct ip_set *set, struct nlattr *tb[], list_set_uadt(struct ip_set *set, struct nlattr *tb[],
enum ipset_adt adt, u32 *lineno, u32 flags, bool retried) enum ipset_adt adt, u32 *lineno, u32 flags, bool retried)
{ {
struct list_set *map = set->data;
ipset_adtfn adtfn = set->variant->adt[adt]; ipset_adtfn adtfn = set->variant->adt[adt];
struct set_adt_elem e = { .refid = IPSET_INVALID_ID }; struct set_adt_elem e = { .refid = IPSET_INVALID_ID };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set); struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
...@@ -385,7 +387,7 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -385,7 +387,7 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[],
ret = ip_set_get_extensions(set, tb, &ext); ret = ip_set_get_extensions(set, tb, &ext);
if (ret) if (ret)
return ret; return ret;
e.id = ip_set_get_byname(nla_data(tb[IPSET_ATTR_NAME]), &s); e.id = ip_set_get_byname(map->net, nla_data(tb[IPSET_ATTR_NAME]), &s);
if (e.id == IPSET_INVALID_ID) if (e.id == IPSET_INVALID_ID)
return -IPSET_ERR_NAME; return -IPSET_ERR_NAME;
/* "Loop detection" */ /* "Loop detection" */
...@@ -405,7 +407,8 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -405,7 +407,8 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[],
} }
if (tb[IPSET_ATTR_NAMEREF]) { if (tb[IPSET_ATTR_NAMEREF]) {
e.refid = ip_set_get_byname(nla_data(tb[IPSET_ATTR_NAMEREF]), e.refid = ip_set_get_byname(map->net,
nla_data(tb[IPSET_ATTR_NAMEREF]),
&s); &s);
if (e.refid == IPSET_INVALID_ID) { if (e.refid == IPSET_INVALID_ID) {
ret = -IPSET_ERR_NAMEREF; ret = -IPSET_ERR_NAMEREF;
...@@ -421,9 +424,9 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[], ...@@ -421,9 +424,9 @@ list_set_uadt(struct ip_set *set, struct nlattr *tb[],
finish: finish:
if (e.refid != IPSET_INVALID_ID) if (e.refid != IPSET_INVALID_ID)
ip_set_put_byindex(e.refid); ip_set_put_byindex(map->net, e.refid);
if (adt != IPSET_ADD || ret) if (adt != IPSET_ADD || ret)
ip_set_put_byindex(e.id); ip_set_put_byindex(map->net, e.id);
return ip_set_eexist(ret, flags) ? 0 : ret; return ip_set_eexist(ret, flags) ? 0 : ret;
} }
...@@ -438,7 +441,7 @@ list_set_flush(struct ip_set *set) ...@@ -438,7 +441,7 @@ list_set_flush(struct ip_set *set)
for (i = 0; i < map->size; i++) { for (i = 0; i < map->size; i++) {
e = list_set_elem(set, map, i); e = list_set_elem(set, map, i);
if (e->id != IPSET_INVALID_ID) { if (e->id != IPSET_INVALID_ID) {
ip_set_put_byindex(e->id); ip_set_put_byindex(map->net, e->id);
ip_set_ext_destroy(set, e); ip_set_ext_destroy(set, e);
e->id = IPSET_INVALID_ID; e->id = IPSET_INVALID_ID;
} }
...@@ -510,7 +513,7 @@ list_set_list(const struct ip_set *set, ...@@ -510,7 +513,7 @@ list_set_list(const struct ip_set *set,
goto nla_put_failure; goto nla_put_failure;
} }
if (nla_put_string(skb, IPSET_ATTR_NAME, if (nla_put_string(skb, IPSET_ATTR_NAME,
ip_set_name_byindex(e->id))) ip_set_name_byindex(map->net, e->id)))
goto nla_put_failure; goto nla_put_failure;
if (ip_set_put_extensions(skb, set, e, true)) if (ip_set_put_extensions(skb, set, e, true))
goto nla_put_failure; goto nla_put_failure;
...@@ -587,7 +590,7 @@ list_set_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set)) ...@@ -587,7 +590,7 @@ list_set_gc_init(struct ip_set *set, void (*gc)(unsigned long ul_set))
/* Create list:set type of sets */ /* Create list:set type of sets */
static bool static bool
init_list_set(struct ip_set *set, u32 size) init_list_set(struct net *net, struct ip_set *set, u32 size)
{ {
struct list_set *map; struct list_set *map;
struct set_elem *e; struct set_elem *e;
...@@ -598,6 +601,7 @@ init_list_set(struct ip_set *set, u32 size) ...@@ -598,6 +601,7 @@ init_list_set(struct ip_set *set, u32 size)
return false; return false;
map->size = size; map->size = size;
map->net = net;
set->data = map; set->data = map;
for (i = 0; i < size; i++) { for (i = 0; i < size; i++) {
...@@ -609,7 +613,8 @@ init_list_set(struct ip_set *set, u32 size) ...@@ -609,7 +613,8 @@ init_list_set(struct ip_set *set, u32 size)
} }
static int static int
list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) list_set_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
u32 flags)
{ {
u32 size = IP_SET_LIST_DEFAULT_SIZE; u32 size = IP_SET_LIST_DEFAULT_SIZE;
...@@ -625,7 +630,7 @@ list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags) ...@@ -625,7 +630,7 @@ list_set_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
set->variant = &set_variant; set->variant = &set_variant;
set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem)); set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem));
if (!init_list_set(set, size)) if (!init_list_set(net, set, size))
return -ENOMEM; return -ENOMEM;
if (tb[IPSET_ATTR_TIMEOUT]) { if (tb[IPSET_ATTR_TIMEOUT]) {
set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]); set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
......
...@@ -81,7 +81,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) ...@@ -81,7 +81,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
struct xt_set_info_match_v0 *info = par->matchinfo; struct xt_set_info_match_v0 *info = par->matchinfo;
ip_set_id_t index; ip_set_id_t index;
index = ip_set_nfnl_get_byindex(info->match_set.index); index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n", pr_warning("Cannot find set indentified by id %u to match\n",
...@@ -91,7 +91,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) ...@@ -91,7 +91,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) { if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
pr_warning("Protocol error: set match dimension " pr_warning("Protocol error: set match dimension "
"is over the limit!\n"); "is over the limit!\n");
ip_set_nfnl_put(info->match_set.index); ip_set_nfnl_put(par->net, info->match_set.index);
return -ERANGE; return -ERANGE;
} }
...@@ -106,7 +106,7 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par) ...@@ -106,7 +106,7 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par)
{ {
struct xt_set_info_match_v0 *info = par->matchinfo; struct xt_set_info_match_v0 *info = par->matchinfo;
ip_set_nfnl_put(info->match_set.index); ip_set_nfnl_put(par->net, info->match_set.index);
} }
/* Revision 1 match */ /* Revision 1 match */
...@@ -131,7 +131,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par) ...@@ -131,7 +131,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par)
struct xt_set_info_match_v1 *info = par->matchinfo; struct xt_set_info_match_v1 *info = par->matchinfo;
ip_set_id_t index; ip_set_id_t index;
index = ip_set_nfnl_get_byindex(info->match_set.index); index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n", pr_warning("Cannot find set indentified by id %u to match\n",
...@@ -141,7 +141,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par) ...@@ -141,7 +141,7 @@ set_match_v1_checkentry(const struct xt_mtchk_param *par)
if (info->match_set.dim > IPSET_DIM_MAX) { if (info->match_set.dim > IPSET_DIM_MAX) {
pr_warning("Protocol error: set match dimension " pr_warning("Protocol error: set match dimension "
"is over the limit!\n"); "is over the limit!\n");
ip_set_nfnl_put(info->match_set.index); ip_set_nfnl_put(par->net, info->match_set.index);
return -ERANGE; return -ERANGE;
} }
...@@ -153,7 +153,7 @@ set_match_v1_destroy(const struct xt_mtdtor_param *par) ...@@ -153,7 +153,7 @@ set_match_v1_destroy(const struct xt_mtdtor_param *par)
{ {
struct xt_set_info_match_v1 *info = par->matchinfo; struct xt_set_info_match_v1 *info = par->matchinfo;
ip_set_nfnl_put(info->match_set.index); ip_set_nfnl_put(par->net, info->match_set.index);
} }
/* Revision 3 match */ /* Revision 3 match */
...@@ -228,7 +228,7 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) ...@@ -228,7 +228,7 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
ip_set_id_t index; ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) { if (info->add_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->add_set.index); index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n", pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index); info->add_set.index);
...@@ -237,12 +237,12 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) ...@@ -237,12 +237,12 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
} }
if (info->del_set.index != IPSET_INVALID_ID) { if (info->del_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->del_set.index); index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n", pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index); info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID) if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->add_set.index); ip_set_nfnl_put(par->net, info->add_set.index);
return -ENOENT; return -ENOENT;
} }
} }
...@@ -251,9 +251,9 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par) ...@@ -251,9 +251,9 @@ set_target_v0_checkentry(const struct xt_tgchk_param *par)
pr_warning("Protocol error: SET target dimension " pr_warning("Protocol error: SET target dimension "
"is over the limit!\n"); "is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID) if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->add_set.index); ip_set_nfnl_put(par->net, info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID) if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->del_set.index); ip_set_nfnl_put(par->net, info->del_set.index);
return -ERANGE; return -ERANGE;
} }
...@@ -270,9 +270,9 @@ set_target_v0_destroy(const struct xt_tgdtor_param *par) ...@@ -270,9 +270,9 @@ set_target_v0_destroy(const struct xt_tgdtor_param *par)
const struct xt_set_info_target_v0 *info = par->targinfo; const struct xt_set_info_target_v0 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID) if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->add_set.index); ip_set_nfnl_put(par->net, info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID) if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->del_set.index); ip_set_nfnl_put(par->net, info->del_set.index);
} }
/* Revision 1 target */ /* Revision 1 target */
...@@ -301,7 +301,7 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par) ...@@ -301,7 +301,7 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
ip_set_id_t index; ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) { if (info->add_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->add_set.index); index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n", pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index); info->add_set.index);
...@@ -310,12 +310,12 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par) ...@@ -310,12 +310,12 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
} }
if (info->del_set.index != IPSET_INVALID_ID) { if (info->del_set.index != IPSET_INVALID_ID) {
index = ip_set_nfnl_get_byindex(info->del_set.index); index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
if (index == IPSET_INVALID_ID) { if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n", pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index); info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID) if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->add_set.index); ip_set_nfnl_put(par->net, info->add_set.index);
return -ENOENT; return -ENOENT;
} }
} }
...@@ -324,9 +324,9 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par) ...@@ -324,9 +324,9 @@ set_target_v1_checkentry(const struct xt_tgchk_param *par)
pr_warning("Protocol error: SET target dimension " pr_warning("Protocol error: SET target dimension "
"is over the limit!\n"); "is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID) if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->add_set.index); ip_set_nfnl_put(par->net, info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID) if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->del_set.index); ip_set_nfnl_put(par->net, info->del_set.index);
return -ERANGE; return -ERANGE;
} }
...@@ -339,9 +339,9 @@ set_target_v1_destroy(const struct xt_tgdtor_param *par) ...@@ -339,9 +339,9 @@ set_target_v1_destroy(const struct xt_tgdtor_param *par)
const struct xt_set_info_target_v1 *info = par->targinfo; const struct xt_set_info_target_v1 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID) if (info->add_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->add_set.index); ip_set_nfnl_put(par->net, info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID) if (info->del_set.index != IPSET_INVALID_ID)
ip_set_nfnl_put(info->del_set.index); ip_set_nfnl_put(par->net, info->del_set.index);
} }
/* Revision 2 target */ /* Revision 2 target */
......
...@@ -24,11 +24,12 @@ static int em_ipset_change(struct tcf_proto *tp, void *data, int data_len, ...@@ -24,11 +24,12 @@ static int em_ipset_change(struct tcf_proto *tp, void *data, int data_len,
{ {
struct xt_set_info *set = data; struct xt_set_info *set = data;
ip_set_id_t index; ip_set_id_t index;
struct net *net = qdisc_dev(tp->q)->nd_net;
if (data_len != sizeof(*set)) if (data_len != sizeof(*set))
return -EINVAL; return -EINVAL;
index = ip_set_nfnl_get_byindex(set->index); index = ip_set_nfnl_get_byindex(net, set->index);
if (index == IPSET_INVALID_ID) if (index == IPSET_INVALID_ID)
return -ENOENT; return -ENOENT;
...@@ -37,7 +38,7 @@ static int em_ipset_change(struct tcf_proto *tp, void *data, int data_len, ...@@ -37,7 +38,7 @@ static int em_ipset_change(struct tcf_proto *tp, void *data, int data_len,
if (em->data) if (em->data)
return 0; return 0;
ip_set_nfnl_put(index); ip_set_nfnl_put(net, index);
return -ENOMEM; return -ENOMEM;
} }
...@@ -45,7 +46,7 @@ static void em_ipset_destroy(struct tcf_proto *p, struct tcf_ematch *em) ...@@ -45,7 +46,7 @@ static void em_ipset_destroy(struct tcf_proto *p, struct tcf_ematch *em)
{ {
const struct xt_set_info *set = (const void *) em->data; const struct xt_set_info *set = (const void *) em->data;
if (set) { if (set) {
ip_set_nfnl_put(set->index); ip_set_nfnl_put(qdisc_dev(p->q)->nd_net, set->index);
kfree((void *) em->data); kfree((void *) em->data);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment