The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-229.7.2.vz7.6.2 ------> commit 1ae3e69714effdf80dd8306271096d86607608b1 Author: Kirill Tkhai <ktk...@odin.com> Date: Thu Aug 27 20:32:43 2015 +0400
ve/net: Add VE_NF_CONNTRACK check in resolve_normal_ct() This is a missed hunk from diff-ve-net-netfilter-combined. https://jira.sw.ru/browse/PSBM-35154 Signed-off-by: Kirill Tkhai <ktk...@odin.com> --- net/netfilter/nf_conntrack_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index bcd215d..33a6e9c 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1061,6 +1061,9 @@ resolve_normal_ct(struct net *net, struct nf_conn *tmpl, u16 zone = tmpl ? nf_ct_zone(tmpl) : NF_CT_DEFAULT_ZONE; u32 hash; + if (!net_ipt_permitted(net, VE_NF_CONNTRACK)) + return NULL; + if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, protonum, &tuple, l3proto, l4proto)) { _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel