[Devel] [PATCH RH7 1/3] Revert "ve/ipset: prohibit ipset from the inside CT"
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri Apr 1 07:10:27 PDT 2016
This reverts commit 5c2acb86f7bf5031b0fb30c719b5931596f08f87.
https://jira.sw.ru/browse/PSBM-45281
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
net/netfilter/nfnetlink.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index d2de992..e009087 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -368,7 +368,6 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
static void nfnetlink_rcv(struct sk_buff *skb)
{
struct nlmsghdr *nlh = nlmsg_hdr(skb);
- struct net *net = sock_net(skb->sk);
int msglen;
if (nlh->nlmsg_len < NLMSG_HDRLEN ||
@@ -380,12 +379,6 @@ static void nfnetlink_rcv(struct sk_buff *skb)
return;
}
- if (net->owner_ve != get_ve0() &&
- NFNL_SUBSYS_ID(nlh->nlmsg_type) == NFNL_SUBSYS_IPSET) {
- netlink_ack(skb, nlh, -EPERM);
- return;
- }
-
if (nlh->nlmsg_type == NFNL_MSG_BATCH_BEGIN) {
struct nfgenmsg *nfgenmsg;
--
1.9.3
More information about the Devel
mailing list