[Devel] [PATCH RHEL7 COMMIT] ve/netfilter/ipset: allow modules autoload
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Jun 7 05:49:02 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.12
------>
commit 1ed1f50c30db9de1db34fb639da71bcd1d4a7094
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Tue Jun 7 16:49:02 2016 +0400
ve/netfilter/ipset: allow modules autoload
I forgot to allow in CT autoload of needed modules, so do:
ip_set_list_set
ip_set_hash_netiface
ip_set_hash_ipportnet
ip_set_hash_netport
ip_set_hash_net
ip_set_hash_ipportip
ip_set_hash_ipport
ip_set_hash_ip
ip_set_bitmap_port
ip_set_bitmap_ipmac
ip_set_bitmap_ip
ip_set
https://jira.sw.ru/browse/PSBM-46102
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
kernel/kmod.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 4e53fef..5e5c2c6 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -403,6 +403,20 @@ static const char * const ve0_allowed_mod[] = {
/* netlink_diag */
"net-pf-16-proto-4-type-16", /* PF_NETLINK, NETLINK_SOCK_DIAG, AF_NETLINK */
+
+ /* ip_set */
+ "nfnetlink-subsys-6", /* NFNL_SUBSYS_IPSET */
+ "ip_set_bitmap:ip",
+ "ip_set_bitmap:ip,mac",
+ "ip_set_bitmap:port",
+ "ip_set_hash:ip",
+ "ip_set_hash:ip,port",
+ "ip_set_hash:ip,port,ip",
+ "ip_set_hash:net",
+ "ip_set_hash:net,port",
+ "ip_set_hash:ip,port,net",
+ "ip_set_hash:net,iface",
+ "ip_set_list:set",
};
/*
More information about the Devel
mailing list