[Devel] [PATCH rh7 v2 3/3] net: Mark conntrack users in nftables
Kirill Tkhai
ktkhai at virtuozzo.com
Mon Sep 12 04:38:06 PDT 2016
Allow conntracks to be allocated in case of these
rules are inserted.
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
net/netfilter/nft_ct.c | 2 ++
net/netfilter/nft_nat.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index cc56030..fc65588 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -278,6 +278,8 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
if (err < 0)
return err;
+ allow_conntrack_allocation(ctx->net);
+
return 0;
}
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 799550b..e5cf706 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -159,6 +159,8 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
return -EINVAL;
}
+ allow_conntrack_allocation(ctx->net);
+
return 0;
}
More information about the Devel
mailing list