[RHEL7,COMMIT] net: Allow autoloading conntrack nft-helper-* modules

Submitted by Konstantin Khorenko on April 15, 2019, 1:41 p.m.

Details

Message ID 201904151341.x3FDfskI010701@finist-ce7.sw.ru
State New
Series "net: Allow autoloading conntrack nft-helper-* modules"
Headers show

Commit Message

Konstantin Khorenko April 15, 2019, 1:41 p.m.
The commit is pushed to "branch-rh7-3.10.0-957.10.1.vz7.94.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-957.10.1.vz7.94.13
------>
commit 5b36c6bd1ecab131741486b292b803b05719946a
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date:   Mon Apr 15 16:41:54 2019 +0300

    net: Allow autoloading conntrack nft-helper-* modules
    
    Otherwise, in case of destination node does not have
    modules loaded, CT migration fails.
    
    https://jira.sw.ru/browse/PSBM-90319
    
    Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 kernel/kmod.c | 4 ++++
 1 file changed, 4 insertions(+)

Patch hide | download patch | download mbox

diff --git a/kernel/kmod.c b/kernel/kmod.c
index 2f40ebd4d2b2..a260658f3471 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -373,6 +373,10 @@  static inline int module_payload_iptable_allowed(const char *module)
 	if (!strncmp("nft-expr-", module, 9))
 		return nft_expr_allowed(module + 9);
 
+	/* The rest of nfct-helper- modules */
+	if (!strncmp("nfct-helper-", module, 12))
+		return mask_ipt_allow(permitted, VE_IP_CONNTRACK);
+
 	return -1;
 }