evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

netfilter: fix IPv6 NAT dependencies in Kconfig

Browse source 
* NF_NAT_IPV6 requires IP6_NF_IPTABLES

* IP6_NF_TARGET_MASQUERADE, IP6_NF_TARGET_NETMAP, IP6_NF_TARGET_REDIRECT
  and IP6_NF_TARGET_NPT require NF_NAT_IPV6.

This change just mirrors what IPv4 does in Kconfig, for consistency.

Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2012-09-18 21:03:39 +02:00
parent b216a4d86f
commit b0041d1b8e
1 changed files with 55 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
net/ipv6/netfilter/Kconfig
View file

@ -25,18 +25,6 @@ config NF_CONNTRACK_IPV6
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config NF_NAT_IPV6
tristate "IPv6 NAT"
depends on NF_CONNTRACK_IPV6
depends on NETFILTER_ADVANCED
select NF_NAT
help
The IPv6 NAT option allows masquerading, port forwarding and other
forms of full Network Address Port Translation. It is controlled by
the `nat' table in ip6tables, see the man page for ip6tables(8).
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_IPTABLES config IP6_NF_IPTABLES
tristate "IP6 tables support (required for filtering)" tristate "IP6 tables support (required for filtering)"
depends on INET && IPV6 depends on INET && IPV6
@ -144,48 +132,6 @@ config IP6_NF_TARGET_HL
(e.g. when running oldconfig). It selects (e.g. when running oldconfig). It selects
CONFIG_NETFILTER_XT_TARGET_HL. CONFIG_NETFILTER_XT_TARGET_HL.
config IP6_NF_TARGET_MASQUERADE
tristate "MASQUERADE target support"
depends on NF_NAT_IPV6
help
Masquerading is a special case of NAT: all outgoing connections are
changed to seem to come from a particular interface's address, and
if the interface goes down, those connections are lost. This is
only useful for dialup accounts with dynamic IP address (ie. your IP
address will be different on next dialup).
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_NETMAP
tristate "NETMAP target support"
depends on NF_NAT_IPV6
help
NETMAP is an implementation of static 1:1 NAT mapping of network
addresses. It maps the network address part, while keeping the host
address part intact.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_REDIRECT
tristate "REDIRECT target support"
depends on NF_NAT_IPV6
help
REDIRECT is a special case of NAT: all incoming connections are
mapped onto the incoming interface's address, causing the packets to
come to the local machine instead of passing through. This is
useful for transparent proxies.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_NPT
tristate "NPT (Network Prefix translation) target support"
depends on NETFILTER_ADVANCED
help
This option adds the `SNPT' and `DNPT' target, which perform
stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_FILTER config IP6_NF_FILTER
tristate "Packet filtering" tristate "Packet filtering"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
@ -235,9 +181,63 @@ config IP6_NF_SECURITY
help help
This option adds a `security' table to iptables, for use This option adds a `security' table to iptables, for use
with Mandatory Access Control (MAC) policy. with Mandatory Access Control (MAC) policy.
If unsure, say N. If unsure, say N.
config NF_NAT_IPV6
tristate "IPv6 NAT"
depends on NF_CONNTRACK_IPV6
depends on NETFILTER_ADVANCED
select NF_NAT
help
The IPv6 NAT option allows masquerading, port forwarding and other
forms of full Network Address Port Translation. It is controlled by
the `nat' table in ip6tables, see the man page for ip6tables(8).
To compile it as a module, choose M here. If unsure, say N.
if NF_NAT_IPV6
config IP6_NF_TARGET_MASQUERADE
tristate "MASQUERADE target support"
help
Masquerading is a special case of NAT: all outgoing connections are
changed to seem to come from a particular interface's address, and
if the interface goes down, those connections are lost. This is
only useful for dialup accounts with dynamic IP address (ie. your IP
address will be different on next dialup).
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_NETMAP
tristate "NETMAP target support"
help
NETMAP is an implementation of static 1:1 NAT mapping of network
addresses. It maps the network address part, while keeping the host
address part intact.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_REDIRECT
tristate "REDIRECT target support"
help
REDIRECT is a special case of NAT: all incoming connections are
mapped onto the incoming interface's address, causing the packets to
come to the local machine instead of passing through. This is
useful for transparent proxies.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_NPT
tristate "NPT (Network Prefix translation) target support"
help
This option adds the `SNPT' and `DNPT' target, which perform
stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296.
To compile it as a module, choose M here. If unsure, say N.
endif # NF_NAT_IPV6
endif # IP6_NF_IPTABLES endif # IP6_NF_IPTABLES
endmenu endmenu