[Devel,rh7,v2,3/3] net: Mark conntrack users in nftables

Submitted by Kirill Tkhai on Sept. 12, 2016, 11:38 a.m.

Details

Message ID 147368028653.23592.18252571984659007470.stgit@pro
State New
Series "Create conntrack structures only if they are really needed"
Headers show

Commit Message

Kirill Tkhai Sept. 12, 2016, 11:38 a.m.
Allow conntracks to be allocated in case of these
rules are inserted.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 net/netfilter/nft_ct.c  |    2 ++
 net/netfilter/nft_nat.c |    2 ++
 2 files changed, 4 insertions(+)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index cc56030..fc65588 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -278,6 +278,8 @@  static int nft_ct_get_init(const struct nft_ctx *ctx,
 	if (err < 0)
 		return err;
 
+	allow_conntrack_allocation(ctx->net);
+
 	return 0;
 }
 
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 799550b..e5cf706 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -159,6 +159,8 @@  static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
 			return -EINVAL;
 	}
 
+	allow_conntrack_allocation(ctx->net);
+
 	return 0;
 }