[Devel] [PATCH 1/5] netfilter: ve_ipt_permitted() helper introduced
Stanislav Kinsburskiy
skinsbursky at virtuozzo.com
Fri Jul 21 10:23:13 MSK 2017
Will be used for iptables availability initialization
Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
include/linux/netfilter.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 98e53c8..f395cc3 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -410,6 +410,9 @@ DECLARE_PER_CPU(bool, nf_skb_duplicated);
#ifdef CONFIG_VE_IPTABLES
#include <linux/vziptable_defs.h>
+#define ve_ipt_permitted(netns, ipt) \
+ (mask_ipt_allow(get_exec_env()->ipt_mask, ipt))
+
#define net_ipt_permitted(netns, ipt) \
(mask_ipt_allow((netns)->owner_ve->ipt_mask, ipt))
More information about the Devel
mailing list