aboutsummaryrefslogtreecommitdiff
path: root/net/ipv4/netfilter
diff options
context:
space:
mode:
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>2006-12-12 00:29:02 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-13 16:48:21 -0800
commit11078c371e2ecfce011d1dffb67888c6fed1b664 (patch)
tree7e45dea57e53396a3fa80e2c2f6901dab608fb0b /net/ipv4/netfilter
parentfe0b9294c9f951a64c768f8a5879154235efe63f (diff)
[NETFILTER]: x_tables: add missing try to load conntrack from match/targets
CLUSTERIP, CONNMARK, CONNSECMARK, and connbytes need ip_conntrack or layer 3 protocol module of nf_conntrack. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter')
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index fef56ae61ab..b1c11160b9d 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -447,6 +447,12 @@ checkentry(const char *tablename,
cipinfo->config = config;
}
+ if (nf_ct_l3proto_try_module_get(target->family) < 0) {
+ printk(KERN_WARNING "can't load conntrack support for "
+ "proto=%d\n", target->family);
+ return 0;
+ }
+
return 1;
}
@@ -460,6 +466,8 @@ static void destroy(const struct xt_target *target, void *targinfo)
clusterip_config_entry_put(cipinfo->config);
clusterip_config_put(cipinfo->config);
+
+ nf_ct_l3proto_module_put(target->family);
}
static struct ipt_target clusterip_tgt = {