[Devel] [PATCH RHEL7 COMMIT] ve/net/sctp: allow using SCTP inside Containers
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Sep 12 07:04:25 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.28.2.vz7.17.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.28.2.vz7.17.5
------>
commit 6e949ca88971f45d7104dd37d2f9a84dcd8d35f7
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Mon Sep 12 18:04:25 2016 +0400
ve/net/sctp: allow using SCTP inside Containers
SCTP support of network namespaces appeared in 3.7 kernel =>
all we need is to enable it inside Containers.
Note 1: sctp module is NOT included into the autoload modules list
=> hoster needs to preload the "sctp" module on the host before
CT owners are able to use it. This is done on purpose and not going
to be changed in a while. Reason: too many security issues found in sctp
protocol implementation last year.
Note 2: CRIU does not support SCTP => online migration is known to fail
in case SCTP sockets are used.
https://lwn.net/Articles/509992/
https://jira.sw.ru/browse/PSBM-51186
https://bugs.openvz.org/browse/OVZ-3547
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/ve/ve.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 0461790..8afff3d 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -216,6 +216,7 @@ int vz_security_protocol_check(struct net *net, int protocol)
case IPPROTO_GRE:
case IPPROTO_ESP:
case IPPROTO_AH:
+ case IPPROTO_SCTP:
return 0;
default:
return -EAFNOSUPPORT;
More information about the Devel
mailing list