Bug#511165: SOLVED
Vitaliy Gusev wrote:
It seem like bug #1091 (http://bugzilla.openvz.org/show_bug.cgi?id=1091)
Pavel, please apply fix patch to 2.6.26
Yes, this does it. For the Debian openvz-amd64 sources the above patch
translated to quilt results in what's attached.
Regards,
- lars.
Index: build_amd64_openvz_amd64/include/net/netfilter/nf_conntrack_l4proto.h
===================================================================
--- build_amd64_openvz_amd64.orig/include/net/netfilter/nf_conntrack_l4proto.h 2009-01-29 12:42:16.000000000 +0100
+++ build_amd64_openvz_amd64/include/net/netfilter/nf_conntrack_l4proto.h 2009-01-29 12:46:07.000000000 +0100
@@ -126,6 +126,9 @@
#ifdef CONFIG_VE_IPTABLES
#include <linux/sched.h>
#define ve_nf_ct4 (get_exec_env()->_nf_conntrack)
+#define ve_nf_ct_initialized() (get_exec_env()->_nf_conntrack != NULL)
+#else
+#define ve_nf_ct_initialized() 1
#endif
#if defined(CONFIG_VE_IPTABLES) && defined(CONFIG_SYSCTL)
Index: build_amd64_openvz_amd64/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
===================================================================
--- build_amd64_openvz_amd64.orig/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2009-01-29 12:42:25.000000000 +0100
+++ build_amd64_openvz_amd64/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2009-01-29 12:48:43.000000000 +0100
@@ -306,6 +306,9 @@
const struct nf_conntrack_tuple_hash *h;
struct nf_conntrack_tuple tuple;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
memset(&tuple, 0, sizeof(tuple));
tuple.src.u3.ip = inet->rcv_saddr;
tuple.src.u.tcp.port = inet->sport;
Index: build_amd64_openvz_amd64/net/netfilter/nf_conntrack_netlink.c
===================================================================
--- build_amd64_openvz_amd64.orig/net/netfilter/nf_conntrack_netlink.c 2009-01-29 12:42:36.000000000 +0100
+++ build_amd64_openvz_amd64/net/netfilter/nf_conntrack_netlink.c 2009-01-29 12:53:28.000000000 +0100
@@ -790,6 +790,9 @@
u_int8_t u3 = nfmsg->nfgen_family;
int err = 0;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
if (cda[CTA_TUPLE_ORIG])
err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3);
else if (cda[CTA_TUPLE_REPLY])
@@ -836,6 +839,9 @@
u_int8_t u3 = nfmsg->nfgen_family;
int err = 0;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
if (nlh->nlmsg_flags & NLM_F_DUMP) {
#ifndef CONFIG_NF_CT_ACCT
if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO)
@@ -1203,6 +1209,9 @@
u_int8_t u3 = nfmsg->nfgen_family;
int err = 0;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
if (cda[CTA_TUPLE_ORIG]) {
err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG, u3);
if (err < 0)
@@ -1527,6 +1536,9 @@
u_int8_t u3 = nfmsg->nfgen_family;
int err = 0;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
if (nlh->nlmsg_flags & NLM_F_DUMP) {
return netlink_dump_start(ctnl, skb, nlh,
ctnetlink_exp_dump_table,
@@ -1588,6 +1600,9 @@
unsigned int i;
int err;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
if (cda[CTA_EXPECT_TUPLE]) {
/* delete a single expect by tuple */
err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
@@ -1726,6 +1741,9 @@
u_int8_t u3 = nfmsg->nfgen_family;
int err = 0;
+ if (!ve_nf_ct_initialized())
+ return -ENOPROTOOPT;
+
if (!cda[CTA_EXPECT_TUPLE]
|| !cda[CTA_EXPECT_MASK]
|| !cda[CTA_EXPECT_MASTER])
Reply to: