These modules are required for adding the LOG iptables target.
In PCS6 the LOG target is provided by ipt_LOG (in case of ipv4) or
ip6t_LOG (in case of ipv6) module. In Vz7 it is split between xt_LOG
(generic) and nf_log_ipv[46] (ipv[46] specific) with ipt_LOG and
ip6t_LOG being aliases for xt_LOG.
As in PCS6, in Vz7 we load ip{,6}t_LOG on IP{,6}T_SO_SET_REPLACE
setsockopt, but in contrast to PCS6, this actually loads xt_LOG
containing only generic implementation. The ipv[46] part is loaded by
the xt_target->checkentry virtual method, which is log_tg_check in case
of xt_LOG. The log_tg_check function loads the modules by name
"nf-logger-<addr-family>-<type>".
Since the type is 0 for ipv[46] LOG target, we should allow to load the
following modules from inside a container:
- nf-logger-2-0 for ipv4 (AF_INET)
- nf-logger-10-0 for ipv6 (AF_INET6)
https://jira.sw.ru/browse/PSBM-38573
Signed-off-by: Vladimir Davydov <vdavy...@parallels.com>
---
kernel/kmod.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index e0554f819b2d..7a552617b39f 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -294,6 +294,8 @@ static struct {
{ "nft-expr-2-reject", VE_IP_IPTABLES },
{ "nft-expr-10-reject", VE_IP_IPTABLES6 },
+ { "nf-logger-2-0", VE_IP_IPTABLES },
+ { "nf-logger-10-0", VE_IP_IPTABLES6 },
};
/*
--
2.1.4
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
