[Devel] [PATCH RHEL7 COMMIT] ve/kmod: allow to autoload nf_log_ipv[46]
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 1 06:16:59 PDT 2015
The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.5
------>
commit 778f99b62e2e3e68d1d5f2fa4dec3adcbe524c51
Author: Vladimir Davydov <vdavydov at parallels.com>
Date: Tue Sep 1 17:16:58 2015 +0400
ve/kmod: allow to autoload nf_log_ipv[46]
These modules are required for adding the LOG iptables target.
In PCS6 the LOG target is provided by ipt_LOG (in case of ipv4) or
ip6t_LOG (in case of ipv6) module. In Vz7 it is split between xt_LOG
(generic) and nf_log_ipv[46] (ipv[46] specific) with ipt_LOG and
ip6t_LOG being aliases for xt_LOG.
As in PCS6, in Vz7 we load ip{,6}t_LOG on IP{,6}T_SO_SET_REPLACE
setsockopt, but in contrast to PCS6, this actually loads xt_LOG
containing only generic implementation. The ipv[46] part is loaded by
the xt_target->checkentry virtual method, which is log_tg_check in case
of xt_LOG. The log_tg_check function loads the modules by name
"nf-logger-<addr-family>-<type>".
Since the type is 0 for ipv[46] LOG target, we should allow to load the
following modules from inside a container:
- nf-logger-2-0 for ipv4 (AF_INET)
- nf-logger-10-0 for ipv6 (AF_INET6)
https://jira.sw.ru/browse/PSBM-38573
Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
Acked-by: Kirill Tkhai <ktkhai at odin.com>
---
kernel/kmod.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index aa5cb99..d0cdf36 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -294,6 +294,8 @@ static struct {
{ "nft-expr-2-reject", VE_IP_IPTABLES },
{ "nft-expr-10-reject", VE_IP_IPTABLES6 },
+ { "nf-logger-2-0", VE_IP_IPTABLES },
+ { "nf-logger-10-0", VE_IP_IPTABLES6 },
};
/*
More information about the Devel
mailing list