This patch enables to check if GLUE_CT is enabled and try to load
dependent, nf_conntrack_netlink module when NFQA_CFG_F_CONNTRACK
config flag is received. Then returns error either case is failed.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
---
net/netfilter/nfnetlink_queue.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a659e57..583a7a0 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -1225,6 +1225,23 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
goto err_out_unlock;
}
#endif
+ if (flags & mask & NFQA_CFG_F_CONNTRACK &&
+ !rcu_dereference(nfnl_ct_hook)) {
+#ifdef CONFIG_MODULES
+ rcu_read_unlock();
+ nfnl_unlock(NFNL_SUBSYS_QUEUE);
+ request_module("ip_conntrack_netlink");
+ nfnl_lock(NFNL_SUBSYS_QUEUE);
+ rcu_read_lock();
+ if (rcu_dereference(nfnl_ct_hook)) {
+ ret = -EAGAIN;
+ goto err_out_unlock;
+ }
+#endif
+ ret = -EOPNOTSUPP;
+ goto err_out_unlock;
+ }
+
spin_lock_bh(&queue->lock);
queue->flags &= ~mask;
queue->flags |= flags & mask;
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
