[Devel,RHEL7,COMMIT] ve/net: Allow conntrack allocation if a rule with xt_CT target is inserted

Submitted by Konstantin Khorenko on Nov. 7, 2016, 8 a.m.

Details

Message ID 201611070800.uA7807Z5028427@finist_cl7.x64_64.work.ct
State New
Series "ve/net: Allow conntrack allocation if a rule with xt_CT target is inserted"
Headers show

Commit Message

Konstantin Khorenko Nov. 7, 2016, 8 a.m.
The commit is pushed to "branch-rh7-3.10.0-493.vz7.25.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-493.el7
------>
commit e016f04ace44962a9d8a13cb27f3e9139b270c53
Author: Kirill Tkhai <ktkhai@virtuozzo.com>
Date:   Mon Nov 7 12:00:07 2016 +0400

    ve/net: Allow conntrack allocation if a rule with xt_CT target is inserted
    
    To be merged to commit 894c8a374856
    "net: Mark conntrack users in xtables"
    
    https://jira.sw.ru/browse/PSBM-54823
    
    Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 net/netfilter/xt_CT.c | 1 +
 1 file changed, 1 insertion(+)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 06a694f..7bff162 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -248,6 +248,7 @@  static int xt_ct_tg_check(const struct xt_tgchk_param *par,
 	}
 	__set_bit(IPS_CONFIRMED_BIT, &ct->status);
 	nf_conntrack_get(&ct->ct_general);
+	allow_conntrack_allocation(par->net);
 out:
 	info->ct = ct;
 	return 0;