[Devel] [PATCH] net: Add dependence xt_socket match on nf_conntrack_ipv4
Kirill Tkhai
ktkhai at virtuozzo.com
Thu Dec 28 10:05:02 MSK 2017
On 27.12.2017 18:57, Konstantin Khorenko wrote:
> Need to send to mainstream as well?
There are signify changes. Maybe I'll analyse that a little bit later.
> On 12/27/2017 11:58 AM, Kirill Tkhai wrote:
>> This allows to load conntrack modules on inserting a rule
>> containing "socket" match.
>>
>> It seems this may be useful for socket_match() function,
>> which uses nf_ct_get() to obtain additional information
>> about skb.
>>
>> Note, that xt_socket already depends on VE_IP_CONNTRACK
>> in kernel/kmod.c, so we don't add new dependence
>> in ve0_ipt_am.
>>
>> https://jira.sw.ru/browse/PSBM-69269
>>
>> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
>> ---
>> net/netfilter/xt_socket.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
>> index 102946ad4a0d..f7bf0ebca1e7 100644
>> --- a/net/netfilter/xt_socket.c
>> +++ b/net/netfilter/xt_socket.c
>> @@ -485,7 +485,9 @@ static int __init socket_mt_init(void)
>> #ifdef XT_SOCKET_HAVE_IPV6
>> nf_defrag_ipv6_enable();
>> #endif
>> -
>> +#ifdef XT_SOCKET_HAVE_CONNTRACK
>> + need_ipv4_conntrack();
>> +#endif
>> return xt_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg));
>> }
>>
>>
>> .
>>
More information about the Devel
mailing list