Bug#511165: SOLVED

[Lars Hanke <lars@lhanke.de>]

Vitaliy Gusev wrote:
> It seem like bug #1091 (http://bugzilla.openvz.org/show_bug.cgi?id=1091)
> Pavel, please apply fix patch to 2.6.26
>   
Yes, this does it. For the Debian openvz-amd64 sources the above patch 
translated to quilt results in what's attached.

Regards,
- lars.



Index: build_amd64_openvz_amd64/include/net/netfilter/nf_conntrack_l4proto.h
===================================================================
--- build_amd64_openvz_amd64.orig/include/net/netfilter/nf_conntrack_l4proto.h	2009-01-29 12:42:16.000000000 +0100
+++ build_amd64_openvz_amd64/include/net/netfilter/nf_conntrack_l4proto.h	2009-01-29 12:46:07.000000000 +0100
@@ -126,6 +126,9 @@
 #ifdef CONFIG_VE_IPTABLES
 #include <linux/sched.h>
 #define ve_nf_ct4			(get_exec_env()->_nf_conntrack)
+#define ve_nf_ct_initialized()          (get_exec_env()->_nf_conntrack != NULL)
+#else
+#define ve_nf_ct_initialized()          1
 #endif
 
 #if defined(CONFIG_VE_IPTABLES) && defined(CONFIG_SYSCTL)
Index: build_amd64_openvz_amd64/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
===================================================================
--- build_amd64_openvz_amd64.orig/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c	2009-01-29 12:42:25.000000000 +0100
+++ build_amd64_openvz_amd64/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c	2009-01-29 12:48:43.000000000 +0100
@@ -306,6 +306,9 @@
 	const struct nf_conntrack_tuple_hash *h;
 	struct nf_conntrack_tuple tuple;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	memset(&tuple, 0, sizeof(tuple));
 	tuple.src.u3.ip = inet->rcv_saddr;
 	tuple.src.u.tcp.port = inet->sport;
Index: build_amd64_openvz_amd64/net/netfilter/nf_conntrack_netlink.c
===================================================================
--- build_amd64_openvz_amd64.orig/net/netfilter/nf_conntrack_netlink.c	2009-01-29 12:42:36.000000000 +0100
+++ build_amd64_openvz_amd64/net/netfilter/nf_conntrack_netlink.c	2009-01-29 12:53:28.000000000 +0100
@@ -790,6 +790,9 @@
 	u_int8_t u3 = nfmsg->nfgen_family;
 	int err = 0;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	if (cda[CTA_TUPLE_ORIG])
 		err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG, u3);
 	else if (cda[CTA_TUPLE_REPLY])
@@ -836,6 +839,9 @@
 	u_int8_t u3 = nfmsg->nfgen_family;
 	int err = 0;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	if (nlh->nlmsg_flags & NLM_F_DUMP) {
 #ifndef CONFIG_NF_CT_ACCT
 		if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO)
@@ -1203,6 +1209,9 @@
 	u_int8_t u3 = nfmsg->nfgen_family;
 	int err = 0;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	if (cda[CTA_TUPLE_ORIG]) {
 		err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG, u3);
 		if (err < 0)
@@ -1527,6 +1536,9 @@
 	u_int8_t u3 = nfmsg->nfgen_family;
 	int err = 0;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	if (nlh->nlmsg_flags & NLM_F_DUMP) {
 		return netlink_dump_start(ctnl, skb, nlh,
 					  ctnetlink_exp_dump_table,
@@ -1588,6 +1600,9 @@
 	unsigned int i;
 	int err;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	if (cda[CTA_EXPECT_TUPLE]) {
 		/* delete a single expect by tuple */
 		err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
@@ -1726,6 +1741,9 @@
 	u_int8_t u3 = nfmsg->nfgen_family;
 	int err = 0;
 
+	if (!ve_nf_ct_initialized())
+	  return -ENOPROTOOPT;
+
 	if (!cda[CTA_EXPECT_TUPLE]
 	    || !cda[CTA_EXPECT_MASK]
 	    || !cda[CTA_EXPECT_MASTER])