[Devel] [PATCH RH7 1/3] Revert "ve/ipset: prohibit ipset from the inside CT"
Kirill Tkhai
ktkhai at virtuozzo.com
Tue Apr 5 04:32:31 PDT 2016
On 01.04.2016 17:10, Pavel Tikhomirov wrote:
> This reverts commit 5c2acb86f7bf5031b0fb30c719b5931596f08f87.
>
> https://jira.sw.ru/browse/PSBM-45281
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>
> ---
> net/netfilter/nfnetlink.c | 7 -------
> 1 file changed, 7 deletions(-)
>
> diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
> index d2de992..e009087 100644
> --- a/net/netfilter/nfnetlink.c
> +++ b/net/netfilter/nfnetlink.c
> @@ -368,7 +368,6 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
> static void nfnetlink_rcv(struct sk_buff *skb)
> {
> struct nlmsghdr *nlh = nlmsg_hdr(skb);
> - struct net *net = sock_net(skb->sk);
> int msglen;
>
> if (nlh->nlmsg_len < NLMSG_HDRLEN ||
> @@ -380,12 +379,6 @@ static void nfnetlink_rcv(struct sk_buff *skb)
> return;
> }
>
> - if (net->owner_ve != get_ve0() &&
> - NFNL_SUBSYS_ID(nlh->nlmsg_type) == NFNL_SUBSYS_IPSET) {
> - netlink_ack(skb, nlh, -EPERM);
> - return;
> - }
> -
> if (nlh->nlmsg_type == NFNL_MSG_BATCH_BEGIN) {
> struct nfgenmsg *nfgenmsg;
>
>
More information about the Devel
mailing list