[Devel] [PATCH rh8 03/28] Revert "ve/netfilter: check per-ve netfilter status on actual operation"
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Apr 13 11:25:13 MSK 2021
This reverts commit 798216831b05f642683092d0f326e70c1de42b82.
Getting rid of iptables mask.
https://jira.sw.ru/browse/PSBM-127787
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
net/ipv4/ip_sockglue.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 93c2f7370683..b7a26120d552 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1254,13 +1254,8 @@ int ip_setsockopt(struct sock *sk, int level,
if (err == -ENOPROTOOPT && optname != IP_HDRINCL &&
optname != IP_IPSEC_POLICY &&
optname != IP_XFRM_POLICY &&
- !ip_mroute_opt(optname)) {
-
- if (!ve_ipt_permitted(net, VE_IP_FILTER))
- return -ENOPROTOOPT;
-
+ !ip_mroute_opt(optname))
err = nf_setsockopt(sk, PF_INET, optname, optval, optlen);
- }
#endif
return err;
}
@@ -1576,9 +1571,6 @@ int ip_getsockopt(struct sock *sk, int level,
if (get_user(len, optlen))
return -EFAULT;
- if (!ve_ipt_permitted(net, VE_IP_FILTER))
- return -ENOENT;
-
err = nf_getsockopt(sk, PF_INET, optname, optval, &len);
if (err >= 0)
err = put_user(len, optlen);
--
2.28.0
More information about the Devel
mailing list