[prev in list] [next in list] [prev in thread] [next in thread]
List: openvz-devel
Subject: [Devel] [PATCH rh7] netfilter: Add warning on nft NAT init if "iptable_nat" already loaded
From: Konstantin Khorenko <khorenko () virtuozzo ! com>
Date: 2020-11-30 15:50:49
Message-ID: 20201130155049.31770-1-khorenko () virtuozzo ! com
[Download RAW message or body]
nft NAT cannot work along with iptables NAT.
"iptable_nat" module is always loaded on the VZ Node (libvirt triggers
the load), so warn on "nft_nat" module load.
i've added an additional check - if "ip(6)table_nat" modules are really
loaded - may be some time later libvirt won't trigger their load.
https://jira.sw.ru/browse/PSBM-102919
https://jira.sw.ru/browse/PSBM-123111
Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
net/netfilter/nft_nat.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 3883504db5c3..d12d540e1b60 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -279,6 +279,12 @@ static struct nft_expr_type nft_nat_type __read_mostly = {
static int __init nft_nat_module_init(void)
{
+ /* nft NAT does not work if ip(6)table_nat module is loaded */
+ WARN_ONCE(init_net.ipv4.nat_table || init_net.ipv6.ip6table_nat,
+ "WARNING: 'nft_nat' kernel module is being loaded "
+ "while 'ip(6)table_nat' module already loaded. "
+ "nft NAT will not work.\n");
+
return nft_register_expr(&nft_nat_type);
}
--
2.24.3
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic