--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -1009,6 +1009,27 @@ config NETFILTER_XT_MATCH_IPVS
 
 	  If unsure, say N.
 
+config NETFILTER_XT_MATCH_LAYER7
+	tristate '"layer7" match support'
+	depends on EXPERIMENTAL
+	depends on NETFILTER_XTABLES
+	depends on NETFILTER_ADVANCED
+	depends on NF_CONNTRACK
+	help
+	  Say Y if you want to be able to classify connections (and their
+	  packets) based on regular expression matching of their application
+	  layer data.   This is one way to classify applications such as
+	  peer-to-peer filesharing systems that do not always use the same
+	  port.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
+config NETFILTER_XT_MATCH_LAYER7_DEBUG
+	bool 'Layer 7 debugging output'
+	depends on NETFILTER_XT_MATCH_LAYER7
+	help
+	  Say Y to get lots of debugging output.
+
 config NETFILTER_XT_MATCH_LENGTH
 	tristate '"length" match support'
 	depends on NETFILTER_ADVANCED
@@ -1203,26 +1224,11 @@ config NETFILTER_XT_MATCH_STATE
 
 	  To compile it as a module, choose M here.  If unsure, say N.
 
-config NETFILTER_XT_MATCH_LAYER7
-	tristate '"layer7" match support'
-	depends on NETFILTER_XTABLES
-	depends on EXPERIMENTAL && (IP_NF_CONNTRACK || NF_CONNTRACK)
-       depends on NETFILTER_ADVANCED
-	help
-	  Say Y if you want to be able to classify connections (and their
-	  packets) based on regular expression matching of their application
-	  layer data.   This is one way to classify applications such as
-	  peer-to-peer filesharing systems that do not always use the same
-	  port.
-
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config NETFILTER_XT_MATCH_LAYER7_DEBUG
-        bool 'Layer 7 debugging output'
-        depends on NETFILTER_XT_MATCH_LAYER7
-        help
-          Say Y to get lots of debugging output.
-
+	bool 'Layer 7 debugging output'
+	depends on NETFILTER_XT_MATCH_LAYER7
+	help
+	  Say Y to get lots of debugging output.
 
 config NETFILTER_XT_MATCH_STATISTIC
 	tristate '"statistic" match support'