netfiler: ipset: Add net namespace for ipset

This patch adds netns support for ipset.

Major changes were made in ip_set_core.c and ip_set.h.
Global variables are moved to per net namespace.
Added initialization code and the destruction of the network namespace ipset subsystem.
In the prototypes of public functions ip_set_* added parameter "struct net*".

The remaining corrections related to the change prototypes of public functions ip_set_*.

The patch for git://git.netfilter.org/ipset.git commit 6a4ec96c0b8caac5c35474e40e319704d92ca347

Signed-off-by: Vitaly Lavrov <lve@guap.ru>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

1 files changed, 4 insertions, 3 deletions

diff --git a/net/sched/em_ipset.c b/net/sched/em_ipset.c
index 938b7cbf5627..1ac41d3de5c3 100644
--- a/net/sched/em_ipset.c
+++ b/net/sched/em_ipset.c
@@ -24,11 +24,12 @@ static int em_ipset_change(struct tcf_proto *tp, void *data, int data_len,
 {
         struct xt_set_info *set = data;
         ip_set_id_t index;
+        struct net *net = qdisc_dev(tp->q)->nd_net;
 
         if (data_len != sizeof(*set))
                 return -EINVAL;
 
-        index = ip_set_nfnl_get_byindex(set->index);
+        index = ip_set_nfnl_get_byindex(net, set->index);
         if (index == IPSET_INVALID_ID)
                 return -ENOENT;
 
@@ -37,7 +38,7 @@ static int em_ipset_change(struct tcf_proto *tp, void *data, int data_len,
         if (em->data)
                 return 0;
 
-        ip_set_nfnl_put(index);
+        ip_set_nfnl_put(net, index);
         return -ENOMEM;
 }
 
@@ -45,7 +46,7 @@ static void em_ipset_destroy(struct tcf_proto *p, struct tcf_ematch *em)
 {
         const struct xt_set_info *set = (const void *) em->data;
         if (set) {
-                ip_set_nfnl_put(set->index);
+                ip_set_nfnl_put(qdisc_dev(p->q)->nd_net, set->index);
                 kfree((void *) em->data);
         }
 }