+++ /dev/null
---- ipset-6.32/kernel/net/netfilter/xt_set.c.orig 2017-03-12 18:41:03.000000000 +0100
-+++ ipset-6.32/kernel/net/netfilter/xt_set.c 2017-03-25 20:09:19.407499549 +0100
-@@ -72,7 +72,7 @@
- {
- const struct xt_set_info_match_v0 *info = par->matchinfo;
-
-- ADT_OPT(opt, par->family, info->match_set.u.compat.dim,
-+ ADT_OPT(opt, xt_family(par), info->match_set.u.compat.dim,
- info->match_set.u.compat.flags, 0, UINT_MAX);
-
- return match_set(info->match_set.index, skb, par, &opt,
-@@ -135,7 +135,7 @@
- {
- const struct xt_set_info_match_v1 *info = par->matchinfo;
-
-- ADT_OPT(opt, par->family, info->match_set.dim,
-+ ADT_OPT(opt, xt_family(par), info->match_set.dim,
- info->match_set.flags, 0, UINT_MAX);
-
- if (opt.flags & IPSET_RETURN_NOMATCH)
-@@ -201,7 +201,7 @@
- const struct xt_set_info_match_v3 *info = par->matchinfo;
- int ret;
-
-- ADT_OPT(opt, par->family, info->match_set.dim,
-+ ADT_OPT(opt, xt_family(par), info->match_set.dim,
- info->match_set.flags, info->flags, UINT_MAX);
-
- if (info->packets.op != IPSET_COUNTER_NONE ||
-@@ -248,7 +248,7 @@
- const struct xt_set_info_match_v4 *info = par->matchinfo;
- int ret;
-
-- ADT_OPT(opt, par->family, info->match_set.dim,
-+ ADT_OPT(opt, xt_family(par), info->match_set.dim,
- info->match_set.flags, info->flags, UINT_MAX);
-
- if (info->packets.op != IPSET_COUNTER_NONE ||
-@@ -284,9 +284,9 @@
- {
- const struct xt_set_info_target_v0 *info = par->targinfo;
-
-- ADT_OPT(add_opt, par->family, info->add_set.u.compat.dim,
-+ ADT_OPT(add_opt, xt_family(par), info->add_set.u.compat.dim,
- info->add_set.u.compat.flags, 0, UINT_MAX);
-- ADT_OPT(del_opt, par->family, info->del_set.u.compat.dim,
-+ ADT_OPT(del_opt, xt_family(par), info->del_set.u.compat.dim,
- info->del_set.u.compat.flags, 0, UINT_MAX);
-
- if (info->add_set.index != IPSET_INVALID_ID)
-@@ -362,9 +362,9 @@
- {
- const struct xt_set_info_target_v1 *info = par->targinfo;
-
-- ADT_OPT(add_opt, par->family, info->add_set.dim,
-+ ADT_OPT(add_opt, xt_family(par), info->add_set.dim,
- info->add_set.flags, 0, UINT_MAX);
-- ADT_OPT(del_opt, par->family, info->del_set.dim,
-+ ADT_OPT(del_opt, xt_family(par), info->del_set.dim,
- info->del_set.flags, 0, UINT_MAX);
-
- if (info->add_set.index != IPSET_INVALID_ID)
-@@ -436,9 +436,9 @@
- {
- const struct xt_set_info_target_v2 *info = par->targinfo;
-
-- ADT_OPT(add_opt, par->family, info->add_set.dim,
-+ ADT_OPT(add_opt, xt_family(par), info->add_set.dim,
- info->add_set.flags, info->flags, info->timeout);
-- ADT_OPT(del_opt, par->family, info->del_set.dim,
-+ ADT_OPT(del_opt, xt_family(par), info->del_set.dim,
- info->del_set.flags, 0, UINT_MAX);
-
- /* Normalize to fit into jiffies */
-@@ -468,11 +468,11 @@
- const struct xt_set_info_target_v3 *info = par->targinfo;
- int ret;
-
-- ADT_OPT(add_opt, par->family, info->add_set.dim,
-+ ADT_OPT(add_opt, xt_family(par), info->add_set.dim,
- info->add_set.flags, info->flags, info->timeout);
-- ADT_OPT(del_opt, par->family, info->del_set.dim,
-+ ADT_OPT(del_opt, xt_family(par), info->del_set.dim,
- info->del_set.flags, 0, UINT_MAX);
-- ADT_OPT(map_opt, par->family, info->map_set.dim,
-+ ADT_OPT(map_opt, xt_family(par), info->map_set.dim,
- info->map_set.flags, 0, UINT_MAX);
-
- /* Normalize to fit into jiffies */
---- ipset-6.32/kernel/net/netfilter/ipset/ip_set_hash_netiface.c.orig 2017-03-12 18:41:03.000000000 +0100
-+++ ipset-6.32/kernel/net/netfilter/ipset/ip_set_hash_netiface.c 2017-03-25 20:21:11.890900536 +0100
-@@ -170,7 +170,8 @@
- ip4addrptr(skb, opt->flags & IPSET_DIM_ONE_SRC, &e.ip);
- e.ip &= ip_set_netmask(e.cidr);
-
--#define IFACE(dir) (par->dir ? par->dir->name : "")
-+#define IFACEIN (xt_in(par) ? xt_in(par)->name : "")
-+#define IFACEOUT (xt_out(par) ? xt_out(par)->name : "")
- #define SRCDIR (opt->flags & IPSET_DIM_TWO_SRC)
-
- if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
-@@ -184,7 +185,7 @@
- e.physdev = 1;
- #endif
- } else {
-- STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out));
-+ STRLCPY(e.iface, SRCDIR ? IFACEIN : IFACEOUT);
- }
-
- if (strlen(e.iface) == 0)
-@@ -392,7 +393,7 @@
- e.physdev = 1;
- #endif
- } else {
-- STRLCPY(e.iface, SRCDIR ? IFACE(in) : IFACE(out));
-+ STRLCPY(e.iface, SRCDIR ? IFACEIN : IFACEOUT);
- }
-
- if (strlen(e.iface) == 0)
---- ipset-6.32/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in.orig 2017-03-25 20:11:14.791803460 +0100
-+++ ipset-6.32/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in 2017-03-25 20:27:17.970438585 +0100
-@@ -285,10 +285,16 @@
- }
- #endif
-
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
-+#define xt_in(par) par->in
-+#define xt_out(par) par->out
-+#define xt_family(par) par->family
-+#endif
-+
- #ifdef HAVE_NET_IN_XT_ACTION_PARAM
- #define IPSET_DEV_NET(par) (par)->net
- #else
--#define IPSET_DEV_NET(par) dev_net((par)->in ? (par)->in : (par)->out)
-+#define IPSET_DEV_NET(par) dev_net(xt_in(par) ? xt_in(par) : xt_out(par))
- #endif
-
- #ifndef smp_mb__before_atomic
+++ /dev/null
---- ipset-6.32/kernel/net/netfilter/ipset/ip_set_core.c.orig 2017-08-01 15:16:35.420874095 +0200
-+++ ipset-6.32/kernel/net/netfilter/ipset/ip_set_core.c 2017-08-01 15:20:22.597111757 +0200
-@@ -300,7 +300,11 @@
-
- if (unlikely(!flag_nested(nla)))
- return -IPSET_ERR_PROTOCOL;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy, NULL))
-+#else
- if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
- if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV4)))
- return -IPSET_ERR_PROTOCOL;
-@@ -318,7 +322,11 @@
- if (unlikely(!flag_nested(nla)))
- return -IPSET_ERR_PROTOCOL;
-
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy, NULL))
-+#else
- if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
- if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV6)))
- return -IPSET_ERR_PROTOCOL;
-@@ -914,7 +922,11 @@
- /* Without holding any locks, create private part. */
- if (attr[IPSET_ATTR_DATA] &&
- nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA],
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ set->type->create_policy, NULL)) {
-+#else
- set->type->create_policy)) {
-+#endif
- ret = -IPSET_ERR_PROTOCOL;
- goto put_out;
- }
-@@ -1270,7 +1282,11 @@
-
- /* Second pass, so parser can't fail */
- nla_parse(cda, IPSET_ATTR_CMD_MAX,
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ attr, nlh->nlmsg_len - min_len, ip_set_setname_policy, NULL);
-+#else
- attr, nlh->nlmsg_len - min_len, ip_set_setname_policy);
-+#endif
-
- if (cda[IPSET_ATTR_SETNAME]) {
- struct ip_set *set;
-@@ -1333,7 +1333,11 @@
- * manually :-(
- */
- if (nlh->nlmsg_flags & NLM_F_ACK)
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ netlink_ack(cb->skb, nlh, ret, NULL);
-+#else
- netlink_ack(cb->skb, nlh, ret);
-+#endif
- return ret;
- }
- }
-@@ -1526,7 +1542,11 @@
-
- nla_parse(cda, IPSET_ATTR_CMD_MAX,
- cmdattr, nlh->nlmsg_len - min_len,
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ ip_set_adt_policy, NULL);
-+#else
- ip_set_adt_policy);
-+#endif
-
- errline = nla_data(cda[IPSET_ATTR_LINENO]);
-
-@@ -1573,7 +1593,11 @@
- if (attr[IPSET_ATTR_DATA]) {
- if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX,
- attr[IPSET_ATTR_DATA],
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ set->type->adt_policy, NULL))
-+#else
- set->type->adt_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
- ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags,
- use_lineno);
-@@ -1585,7 +1609,11 @@
- if (nla_type(nla) != IPSET_ATTR_DATA ||
- !flag_nested(nla) ||
- nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ set->type->adt_policy, NULL))
-+#else
- set->type->adt_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
- ret = call_ad(ctnl, skb, set, tb, IPSET_ADD,
- flags, use_lineno);
-@@ -1628,7 +1656,11 @@
- if (attr[IPSET_ATTR_DATA]) {
- if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX,
- attr[IPSET_ATTR_DATA],
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ set->type->adt_policy, NULL))
-+#else
- set->type->adt_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
- ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags,
- use_lineno);
-@@ -1640,7 +1672,11 @@
- if (nla_type(nla) != IPSET_ATTR_DATA ||
- !flag_nested(nla) ||
- nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ set->type->adt_policy, NULL))
-+#else
- set->type->adt_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
- ret = call_ad(ctnl, skb, set, tb, IPSET_DEL,
- flags, use_lineno);
-@@ -1673,7 +1709,11 @@
- return -ENOENT;
-
- if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA],
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,12,0)
-+ set->type->adt_policy, NULL))
-+#else
- set->type->adt_policy))
-+#endif
- return -IPSET_ERR_PROTOCOL;
-
- rcu_read_lock_bh();