Allow conntracks to be allocated in case of these
rules are inserted.
Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com>
---
net/netfilter/nft_ct.c | 2 ++
net/netfilter/nft_nat.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index cc56030..fc65588 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -278,6 +278,8 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
if (err < 0)
return err;
+ allow_conntrack_allocation(ctx->net);
+
return 0;
}
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 799550b..e5cf706 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -159,6 +159,8 @@ static int nft_nat_init(const struct nft_ctx *ctx, const
struct nft_expr *expr,
return -EINVAL;
}
+ allow_conntrack_allocation(ctx->net);
+
return 0;
}
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
