On 27.12.2017 18:57, Konstantin Khorenko wrote: > Need to send to mainstream as well?
There are signify changes. Maybe I'll analyse that a little bit later. > On 12/27/2017 11:58 AM, Kirill Tkhai wrote: >> This allows to load conntrack modules on inserting a rule >> containing "socket" match. >> >> It seems this may be useful for socket_match() function, >> which uses nf_ct_get() to obtain additional information >> about skb. >> >> Note, that xt_socket already depends on VE_IP_CONNTRACK >> in kernel/kmod.c, so we don't add new dependence >> in ve0_ipt_am. >> >> https://jira.sw.ru/browse/PSBM-69269 >> >> Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com> >> --- >> net/netfilter/xt_socket.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c >> index 102946ad4a0d..f7bf0ebca1e7 100644 >> --- a/net/netfilter/xt_socket.c >> +++ b/net/netfilter/xt_socket.c >> @@ -485,7 +485,9 @@ static int __init socket_mt_init(void) >> #ifdef XT_SOCKET_HAVE_IPV6 >> nf_defrag_ipv6_enable(); >> #endif >> - >> +#ifdef XT_SOCKET_HAVE_CONNTRACK >> + need_ipv4_conntrack(); >> +#endif >> return xt_register_matches(socket_mt_reg, ARRAY_SIZE(socket_mt_reg)); >> } >> >> >> . >> _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel