netfilter: nf_tables: enable conntrack if NAT chain is registered

[platform/kernel/linux-rpi.git] / net / ipv4 / netfilter / nft_chain_nat_ipv4.c

diff --git a/net/ipv4/netfilter/nft_chain_nat_ipv4.c b/net/ipv4/netfilter/nft_chain_nat_ipv4.c
index 9864f5b..b5464a3 100644 (file)
--- a/net/ipv4/netfilter/nft_chain_nat_ipv4.c
+++ b/net/ipv4/netfilter/nft_chain_nat_ipv4.c
@@ -67,6 +67,16 @@ static unsigned int nft_nat_ipv4_local_fn(void *priv,
        return nf_nat_ipv4_local_fn(priv, skb, state, nft_nat_do_chain);
 }
 
+static int nft_nat_ipv4_init(struct nft_ctx *ctx)
+{
+       return nf_ct_netns_get(ctx->net, ctx->family);
+}
+
+static void nft_nat_ipv4_free(struct nft_ctx *ctx)
+{
+       nf_ct_netns_put(ctx->net, ctx->family);
+}
+
 static const struct nft_chain_type nft_chain_nat_ipv4 = {
        .name           = "nat",
        .type           = NFT_CHAIN_T_NAT,
@@ -82,6 +92,8 @@ static const struct nft_chain_type nft_chain_nat_ipv4 = {
                [NF_INET_LOCAL_OUT]     = nft_nat_ipv4_local_fn,
                [NF_INET_LOCAL_IN]      = nft_nat_ipv4_fn,
        },
+       .init           = nft_nat_ipv4_init,
+       .free           = nft_nat_ipv4_free,
 };
 
 static int __init nft_chain_nat_init(void)