[NETFILTER]: nf_conntrack: support for layer 3 protocol load on demand

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / netfilter / xt_state.c

diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index 7cd557c932baf09394da1bda987354239fdbb69e..e6c0be9d94d2130cf076bd1f47b00aa867dd7406 100644 (file)
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -44,9 +44,36 @@ match(const struct sk_buff *skb,
        return (sinfo->statemask & statebit);
 }
 
+static int check(const char *tablename,
+                const void *inf,
+                const struct xt_match *match,
+                void *matchinfo,
+                unsigned int matchsize,
+                unsigned int hook_mask)
+{
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+       if (nf_ct_l3proto_try_module_get(match->family) < 0) {
+               printk(KERN_WARNING "can't load nf_conntrack support for "
+                                   "proto=%d\n", match->family);
+               return 0;
+       }
+#endif
+       return 1;
+}
+
+static void
+destroy(const struct xt_match *match, void *matchinfo, unsigned int matchsize)
+{
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+       nf_ct_l3proto_module_put(match->family);
+#endif
+}
+
 static struct xt_match state_match = {
        .name           = "state",
        .match          = match,
+       .checkentry     = check,
+       .destroy        = destroy,
        .matchsize      = sizeof(struct xt_state_info),
        .family         = AF_INET,
        .me             = THIS_MODULE,
@@ -55,6 +82,8 @@ static struct xt_match state_match = {
 static struct xt_match state6_match = {
        .name           = "state",
        .match          = match,
+       .checkentry     = check,
+       .destroy        = destroy,
        .matchsize      = sizeof(struct xt_state_info),
        .family         = AF_INET6,
        .me             = THIS_MODULE,