[Devel,RHEL7,COMMIT] net: Mark conntrack users in nftables

Submitted by Konstantin Khorenko on Sept. 13, 2016, 9:09 a.m.

Details

Message ID 201609130909.u8D99wYG016259@finist_cl7.x64_64.work.ct
State New
Series "Create conntrack structures only if they are really needed"
Headers show

Commit Message

Konstantin Khorenko Sept. 13, 2016, 9:09 a.m.
The commit is pushed to "branch-rh7-3.10.0-327.28.2.vz7.17.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.28.2.vz7.17.5
------>
commit 21925dac815b2c1307b98045a1feb522bebd8d48
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date:   Tue Sep 13 13:09:58 2016 +0400

    net: Mark conntrack users in nftables
    
    Allow conntracks to be allocated in case of these
    rules are inserted.
    
    https://jira.sw.ru/browse/PSBM-51050
    
    Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
    Reviewed-by: Andrei Vagin <avagin@virtuozzo.com>
---
 net/netfilter/nft_ct.c  | 2 ++
 net/netfilter/nft_nat.c | 2 ++
 2 files changed, 4 insertions(+)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index cc56030..fc65588 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -278,6 +278,8 @@  static int nft_ct_get_init(const struct nft_ctx *ctx,
 	if (err < 0)
 		return err;
 
+	allow_conntrack_allocation(ctx->net);
+
 	return 0;
 }
 
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 799550b..e5cf706 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -159,6 +159,8 @@  static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
 			return -EINVAL;
 	}
 
+	allow_conntrack_allocation(ctx->net);
+
 	return 0;
 }