[Devel] [PATCH RHEL7 COMMIT] net: Mark conntrack users in nftables
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Sep 13 02:09:58 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.28.2.vz7.17.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.28.2.vz7.17.5
------>
commit 21925dac815b2c1307b98045a1feb522bebd8d48
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date: Tue Sep 13 13:09:58 2016 +0400
net: Mark conntrack users in nftables
Allow conntracks to be allocated in case of these
rules are inserted.
https://jira.sw.ru/browse/PSBM-51050
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
Reviewed-by: Andrei Vagin <avagin at virtuozzo.com>
---
net/netfilter/nft_ct.c | 2 ++
net/netfilter/nft_nat.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index cc56030..fc65588 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -278,6 +278,8 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
if (err < 0)
return err;
+ allow_conntrack_allocation(ctx->net);
+
return 0;
}
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 799550b..e5cf706 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -159,6 +159,8 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
return -EINVAL;
}
+ allow_conntrack_allocation(ctx->net);
+
return 0;
}
More information about the Devel
mailing list