]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e301af7) | patch
memcg: enable accounting for nft objects
authorVasily Averin <vasily.averin@linux.dev>
Thu, 24 Mar 2022 18:05:50 +0000 (21:05 +0300)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 28 Mar 2022 08:11:23 +0000 (10:11 +0200)
commit737f38be575f4c449086607c2a5f9953ca76da4a
treec7c0a388313a1894e13529f422e2265ab830fb00tree | snapshot
parente301af78d561f3c3e5c7120e33c427f5003ea588commit | diff
memcg: enable accounting for nft objects

nftables replaces iptables, but it lacks memcg accounting.

This patch account most of the memory allocation associated with nft
and should protect the host from misusing nft inside a memcg restricted
container.

Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/core.c diff | blob | history
net/netfilter/nf_tables_api.c diff | blob | history
Linux Kernel Source Tree.