[Devel] [PATCH 2/2] net: Do not allow conntrack if netlink conntrack is requested
Kirill Tkhai
ktkhai at virtuozzo.com
Mon Oct 3 07:16:43 PDT 2016
The scheme with allowing conntracks suggestes to allow conntrack
only after a rule is inserted. But this place is not inserting
a rule, it's a manual conntrack creation.
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
net/netfilter/nf_conntrack_netlink.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index aad05a0..d6b6465 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1617,7 +1617,6 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
struct nf_conntrack_helper *helper;
struct nf_conn_tstamp *tstamp;
- allow_conntrack_allocation(net);
ct = nf_conntrack_alloc(net, zone, otuple, rtuple, GFP_ATOMIC);
if (IS_ERR(ct))
return ERR_PTR(-ENOMEM);
More information about the Devel
mailing list