[NETFILTER]: nf_conntrack: support for layer 3 protocol load on demand
x_tables matches and targets that require nf_conntrack_ipv[4|6] to work don't have enough information to load on demand these modules. This patch introduces the following changes to solve this issue: o nf_ct_l3proto_try_module_get: try to load the layer 3 connection tracker module and increases the refcount. o nf_ct_l3proto_module put: drop the refcount of the module. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Pablo Neira Ayuso
committed by
David S. Miller
David S. Miller
parent
a45049c51c
commit
b9f78f9fca
@ -195,6 +195,10 @@ static inline void nf_ct_put(struct nf_conn *ct)
|
||||
nf_conntrack_put(&ct->ct_general);
|
||||
}
|
||||
|
||||
/* Protocol module loading */
|
||||
extern int nf_ct_l3proto_try_module_get(unsigned short l3proto);
|
||||
extern void nf_ct_l3proto_module_put(unsigned short l3proto);
|
||||
|
||||
extern struct nf_conntrack_tuple_hash *
|
||||
__nf_conntrack_find(const struct nf_conntrack_tuple *tuple,
|
||||
const struct nf_conn *ignored_conntrack);
|
||||
|
||||
Reference in New Issue
Block a user