]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3fa4990) | patch
memcg: enable accounting for nft objects
authorVasily Averin <vasily.averin@linux.dev>
Thu, 24 Mar 2022 18:05:50 +0000 (21:05 +0300)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 28 Mar 2022 08:11:23 +0000 (10:11 +0200)
commit8a3449e583eed766339618e80771f6e38835b5b9
treec7c0a388313a1894e13529f422e2265ab830fb00tree | snapshot
parent3fa499064515b2f4e35316cf884f3240401997b2commit | diff
memcg: enable accounting for nft objects

nftables replaces iptables, but it lacks memcg accounting.

This patch account most of the memory allocation associated with nft
and should protect the host from misusing nft inside a memcg restricted
container.

Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/core.c diff | blob | history
net/netfilter/nf_tables_api.c diff | blob | history
Linux Kernel Source Tree.