[Devel] [PATCH RHEL7 COMMIT] ve/nf_conntrack: export nf_conntrack_hide_sysctl() helper

Konstantin Khorenko khorenko at virtuozzo.com
Tue Oct 27 08:48:06 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.9.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.9.2
------>
commit 500531291fd7acb791fd0b19a804ea7faec4fafe
Author: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
Date:   Tue Oct 27 19:48:06 2015 +0400

    ve/nf_conntrack: export nf_conntrack_hide_sysctl() helper
    
    Series:
    This series brings to vz7 all the nf_conntrack sysctl's,
    which are available in vz6.
    
    https://jira.sw.ru/browse/PSBM-40044
    
    Will be used for other tables
    
    Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
    Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 include/net/netfilter/nf_conntrack_core.h | 2 ++
 net/netfilter/nf_conntrack_standalone.c   | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index cc0c188..9a54afc 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -39,6 +39,8 @@ void nf_conntrack_cleanup_start(void);
 void nf_conntrack_init_end(void);
 void nf_conntrack_cleanup_end(void);
 
+int nf_conntrack_hide_sysctl(struct net *net);
+
 bool nf_ct_get_tuple(const struct sk_buff *skb, unsigned int nhoff,
 		     unsigned int dataoff, u_int16_t l3num, u_int8_t protonum,
 		     struct nf_conntrack_tuple *tuple,
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 5de29af..a137b27 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -475,7 +475,7 @@ static struct ctl_table nf_ct_netfilter_table[] = {
 
 static int zero;
 
-static int nf_conntrack_hide_sysctl(struct net *net)
+int nf_conntrack_hide_sysctl(struct net *net)
 {
 	/*
 	 * This can happen only on VE creation, when process created VE cgroup,
@@ -573,6 +573,11 @@ static void nf_conntrack_standalone_fini_sysctl(struct net *net)
 	kfree(table);
 }
 #else
+int nf_conntrack_hide_sysctl(struct net *net)
+{
+	return 0;
+}
+
 static int nf_conntrack_netfilter_init_sysctl(struct net *net)
 {
 	return 0;

More information about the Devel mailing list