1 --- ipset-6.32/kernel/net/netfilter/ipset/ip_set_core.c.orig 2017-08-01 15:16:35.420874095 +0200
2 +++ ipset-6.32/kernel/net/netfilter/ipset/ip_set_core.c 2017-08-01 15:20:22.597111757 +0200
5 if (unlikely(!flag_nested(nla)))
6 return -IPSET_ERR_PROTOCOL;
7 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
8 + if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy, NULL))
10 if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy))
12 return -IPSET_ERR_PROTOCOL;
13 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV4)))
14 return -IPSET_ERR_PROTOCOL;
16 if (unlikely(!flag_nested(nla)))
17 return -IPSET_ERR_PROTOCOL;
19 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
20 + if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy, NULL))
22 if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy))
24 return -IPSET_ERR_PROTOCOL;
25 if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV6)))
26 return -IPSET_ERR_PROTOCOL;
28 /* Without holding any locks, create private part. */
29 if (attr[IPSET_ATTR_DATA] &&
30 nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA],
31 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
32 + set->type->create_policy, NULL)) {
34 set->type->create_policy)) {
36 ret = -IPSET_ERR_PROTOCOL;
39 @@ -1270,7 +1282,11 @@
41 /* Second pass, so parser can't fail */
42 nla_parse(cda, IPSET_ATTR_CMD_MAX,
43 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
44 + attr, nlh->nlmsg_len - min_len, ip_set_setname_policy, NULL);
46 attr, nlh->nlmsg_len - min_len, ip_set_setname_policy);
49 if (cda[IPSET_ATTR_SETNAME]) {
51 @@ -1333,7 +1333,11 @@
54 if (nlh->nlmsg_flags & NLM_F_ACK)
55 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
56 + netlink_ack(cb->skb, nlh, ret, NULL);
58 netlink_ack(cb->skb, nlh, ret);
63 @@ -1526,7 +1542,11 @@
65 nla_parse(cda, IPSET_ATTR_CMD_MAX,
66 cmdattr, nlh->nlmsg_len - min_len,
67 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
68 + ip_set_adt_policy, NULL);
73 errline = nla_data(cda[IPSET_ATTR_LINENO]);
75 @@ -1573,7 +1593,11 @@
76 if (attr[IPSET_ATTR_DATA]) {
77 if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX,
78 attr[IPSET_ATTR_DATA],
79 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
80 + set->type->adt_policy, NULL))
82 set->type->adt_policy))
84 return -IPSET_ERR_PROTOCOL;
85 ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags,
87 @@ -1585,7 +1609,11 @@
88 if (nla_type(nla) != IPSET_ATTR_DATA ||
90 nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
91 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
92 + set->type->adt_policy, NULL))
94 set->type->adt_policy))
96 return -IPSET_ERR_PROTOCOL;
97 ret = call_ad(ctnl, skb, set, tb, IPSET_ADD,
99 @@ -1628,7 +1656,11 @@
100 if (attr[IPSET_ATTR_DATA]) {
101 if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX,
102 attr[IPSET_ATTR_DATA],
103 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
104 + set->type->adt_policy, NULL))
106 set->type->adt_policy))
108 return -IPSET_ERR_PROTOCOL;
109 ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags,
111 @@ -1640,7 +1672,11 @@
112 if (nla_type(nla) != IPSET_ATTR_DATA ||
114 nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
115 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
116 + set->type->adt_policy, NULL))
118 set->type->adt_policy))
120 return -IPSET_ERR_PROTOCOL;
121 ret = call_ad(ctnl, skb, set, tb, IPSET_DEL,
123 @@ -1673,7 +1709,11 @@
126 if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA],
127 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
128 + set->type->adt_policy, NULL))
130 set->type->adt_policy))
132 return -IPSET_ERR_PROTOCOL;