[PATCH] Helper modules load-on-demand support for ctnetlink

This patch adds module loading for helpers via ctnetlink. We perform
the module loading before we enter the spin lock area. Thus, the number
of lookups to assign a helper is two: one to check if the helper is
present and one to assign it.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Index: net-next-2.6.git/net/netfilter/nf_conntrack_netlink.c
===================================================================
--- net-next-2.6.git.orig/net/netfilter/nf_conntrack_netlink.c	2008-07-31 10:15:37.000000000 +0200
+++ net-next-2.6.git/net/netfilter/nf_conntrack_netlink.c	2008-07-31 10:33:13.000000000 +0200
@@ -1203,6 +1203,35 @@ ctnetlink_new_conntrack(struct sock *ctn
 			return err;
 	}
 
+	if (cda[CTA_HELP]) {
+		const struct nf_conntrack_helper *helper;
+		char *helpname;
+
+		err = ctnetlink_parse_help(cda[CTA_HELP], &helpname);
+		if (err < 0)
+			return err;
+
+		rcu_read_lock();
+		helper = __nf_conntrack_helper_find_byname(helpname);
+		if (helper == NULL) {
+			rcu_read_unlock();
+#ifdef CONFIG_KMOD
+			if (request_module("nfct-helper-%s", helpname) < 0)
+				return -EOPNOTSUPP;
+
+			rcu_read_lock();
+			helper = __nf_conntrack_helper_find_byname(helpname);
+			if (helper == NULL) {
+				rcu_read_unlock();
+				return -EOPNOTSUPP;
+			}
+#else
+			return -EOPNOTSUPP;
+#endif
+		}
+		rcu_read_unlock();
+	}
+
 	spin_lock_bh(&nf_conntrack_lock);
 	if (cda[CTA_TUPLE_ORIG])
 		h = __nf_conntrack_find(&otuple);