[NETFILTER]: nf_conntrack: support for layer 3 protocol load on demand

[linux-2.6-omap-h63xx.git] / net / netfilter / xt_conntrack.c

diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 7d20caa0d605b9ee40a0f775d46623b89ec1a62e..65a84809fd3054a7c47eb3363c8146136eeb285e 100644 (file)
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -203,9 +203,37 @@ match(const struct sk_buff *skb,
 
 #endif /* CONFIG_NF_IP_CONNTRACK */
 
+static int
+checkentry(const char *tablename,
+          const void *ip,
+          const struct xt_match *match,
+          void *matchinfo,
+          unsigned int matchsize,
+          unsigned int hook_mask)
+{
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+       if (nf_ct_l3proto_try_module_get(match->family) < 0) {
+               printk(KERN_WARNING "can't load nf_conntrack support for "
+                                   "proto=%d\n", match->family);
+               return 0;
+       }
+#endif
+       return 1;
+}
+
+static void
+destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize)
+{
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+       nf_ct_l3proto_module_put(match->family);
+#endif
+}
+
 static struct xt_match conntrack_match = {
        .name           = "conntrack",
        .match          = match,
+       .checkentry     = checkentry,
+       .destroy        = destroy,
        .matchsize      = sizeof(struct xt_conntrack_info),
        .family         = AF_INET,
        .me             = THIS_MODULE,