[Devel] [PATCH] net: Allow autoloading conntrack nft-helper-* modules
Kirill Tkhai
ktkhai at virtuozzo.com
Fri Apr 12 19:16:34 MSK 2019
Otherwise, in case of destination node does not have
modules loaded, CT migration fails.
https://jira.sw.ru/browse/PSBM-90319
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
kernel/kmod.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 2f40ebd4d2b2..a260658f3471 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -373,6 +373,10 @@ static inline int module_payload_iptable_allowed(const char *module)
if (!strncmp("nft-expr-", module, 9))
return nft_expr_allowed(module + 9);
+ /* The rest of nfct-helper- modules */
+ if (!strncmp("nfct-helper-", module, 12))
+ return mask_ipt_allow(permitted, VE_IP_CONNTRACK);
+
return -1;
}
More information about the Devel
mailing list