evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

netfilter: nf_tables: consolidate Kconfig options

Browse source 
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2015-03-05 14:56:15 +01:00
parent 1a1e1a1219
commit f04e599e20
3 changed files with 47 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
net/ipv4/netfilter/Kconfig
View file

@ -36,6 +36,37 @@ config NF_CONNTRACK_PROC_COMPAT
If unsure, say Y. If unsure, say Y.
if NF_TABLES
config NF_TABLES_IPV4
tristate "IPv4 nf_tables support"
help
This option enables the IPv4 support for nf_tables.
if NF_TABLES_IPV4
config NFT_CHAIN_ROUTE_IPV4
tristate "IPv4 nf_tables route chain support"
help
This option enables the "route" chain for IPv4 in nf_tables. This
chain type is used to force packet re-routing after mangling header
fields such as the source, destination, type of service and
the packet mark.
config NFT_REJECT_IPV4
select NF_REJECT_IPV4
default NFT_REJECT
tristate
endif # NF_TABLES_IPV4
config NF_TABLES_ARP
tristate "ARP nf_tables support"
help
This option enables the ARP support for nf_tables.
endif # NF_TABLES
config NF_LOG_ARP config NF_LOG_ARP
tristate "ARP packet logging" tristate "ARP packet logging"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
@ -46,37 +77,10 @@ config NF_LOG_IPV4
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
select NF_LOG_COMMON select NF_LOG_COMMON
config NF_TABLES_IPV4
depends on NF_TABLES
tristate "IPv4 nf_tables support"
help
This option enables the IPv4 support for nf_tables.
config NFT_CHAIN_ROUTE_IPV4
depends on NF_TABLES_IPV4
tristate "IPv4 nf_tables route chain support"
help
This option enables the "route" chain for IPv4 in nf_tables. This
chain type is used to force packet re-routing after mangling header
fields such as the source, destination, type of service and
the packet mark.
config NF_REJECT_IPV4 config NF_REJECT_IPV4
tristate "IPv4 packet rejection" tristate "IPv4 packet rejection"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
config NFT_REJECT_IPV4
depends on NF_TABLES_IPV4
select NF_REJECT_IPV4
default NFT_REJECT
tristate
config NF_TABLES_ARP
depends on NF_TABLES
tristate "ARP nf_tables support"
help
This option enables the ARP support for nf_tables.
config NF_NAT_IPV4 config NF_NAT_IPV4
tristate "IPv4 NAT" tristate "IPv4 NAT"
depends on NF_CONNTRACK_IPV4 depends on NF_CONNTRACK_IPV4

18
net/ipv6/netfilter/Kconfig
View file

@ -25,14 +25,16 @@ config NF_CONNTRACK_IPV6
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
if NF_TABLES
config NF_TABLES_IPV6 config NF_TABLES_IPV6
depends on NF_TABLES
tristate "IPv6 nf_tables support" tristate "IPv6 nf_tables support"
help help
This option enables the IPv6 support for nf_tables. This option enables the IPv6 support for nf_tables.
if NF_TABLES_IPV6
config NFT_CHAIN_ROUTE_IPV6 config NFT_CHAIN_ROUTE_IPV6
depends on NF_TABLES_IPV6
tristate "IPv6 nf_tables route chain support" tristate "IPv6 nf_tables route chain support"
help help
This option enables the "route" chain for IPv6 in nf_tables. This This option enables the "route" chain for IPv6 in nf_tables. This
@ -40,16 +42,18 @@ config NFT_CHAIN_ROUTE_IPV6
fields such as the source, destination, flowlabel, hop-limit and fields such as the source, destination, flowlabel, hop-limit and
the packet mark. the packet mark.
config NF_REJECT_IPV6
tristate "IPv6 packet rejection"
default m if NETFILTER_ADVANCED=n
config NFT_REJECT_IPV6 config NFT_REJECT_IPV6
depends on NF_TABLES_IPV6
select NF_REJECT_IPV6 select NF_REJECT_IPV6
default NFT_REJECT default NFT_REJECT
tristate tristate
endif # NF_TABLES_IPV6
endif # NF_TABLES
config NF_REJECT_IPV6
tristate "IPv6 packet rejection"
default m if NETFILTER_ADVANCED=n
config NF_LOG_IPV6 config NF_LOG_IPV6
tristate "IPv6 packet logging" tristate "IPv6 packet logging"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n

20
net/netfilter/Kconfig
View file

@ -438,8 +438,10 @@ config NF_TABLES
To compile it as a module, choose M here. To compile it as a module, choose M here.
if NF_TABLES
config NF_TABLES_INET config NF_TABLES_INET
depends on NF_TABLES && IPV6 depends on IPV6
select NF_TABLES_IPV4 select NF_TABLES_IPV4
select NF_TABLES_IPV6 select NF_TABLES_IPV6
tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support" tristate "Netfilter nf_tables mixed IPv4/IPv6 tables support"
@ -447,21 +449,18 @@ config NF_TABLES_INET
This option enables support for a mixed IPv4/IPv6 "inet" table. This option enables support for a mixed IPv4/IPv6 "inet" table.
config NFT_EXTHDR config NFT_EXTHDR
depends on NF_TABLES
tristate "Netfilter nf_tables IPv6 exthdr module" tristate "Netfilter nf_tables IPv6 exthdr module"
help help
This option adds the "exthdr" expression that you can use to match This option adds the "exthdr" expression that you can use to match
IPv6 extension headers. IPv6 extension headers.
config NFT_META config NFT_META
depends on NF_TABLES
tristate "Netfilter nf_tables meta module" tristate "Netfilter nf_tables meta module"
help help
This option adds the "meta" expression that you can use to match and This option adds the "meta" expression that you can use to match and
to set packet metainformation such as the packet mark. to set packet metainformation such as the packet mark.
config NFT_CT config NFT_CT
depends on NF_TABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
tristate "Netfilter nf_tables conntrack module" tristate "Netfilter nf_tables conntrack module"
help help
@ -469,42 +468,36 @@ config NFT_CT
connection tracking information such as the flow state. connection tracking information such as the flow state.
config NFT_RBTREE config NFT_RBTREE
depends on NF_TABLES
tristate "Netfilter nf_tables rbtree set module" tristate "Netfilter nf_tables rbtree set module"
help help
This option adds the "rbtree" set type (Red Black tree) that is used This option adds the "rbtree" set type (Red Black tree) that is used
to build interval-based sets. to build interval-based sets.
config NFT_HASH config NFT_HASH
depends on NF_TABLES
tristate "Netfilter nf_tables hash set module" tristate "Netfilter nf_tables hash set module"
help help
This option adds the "hash" set type that is used to build one-way This option adds the "hash" set type that is used to build one-way
mappings between matchings and actions. mappings between matchings and actions.
config NFT_COUNTER config NFT_COUNTER
depends on NF_TABLES
tristate "Netfilter nf_tables counter module" tristate "Netfilter nf_tables counter module"
help help
This option adds the "counter" expression that you can use to This option adds the "counter" expression that you can use to
include packet and byte counters in a rule. include packet and byte counters in a rule.
config NFT_LOG config NFT_LOG
depends on NF_TABLES
tristate "Netfilter nf_tables log module" tristate "Netfilter nf_tables log module"
help help
This option adds the "log" expression that you can use to log This option adds the "log" expression that you can use to log
packets matching some criteria. packets matching some criteria.
config NFT_LIMIT config NFT_LIMIT
depends on NF_TABLES
tristate "Netfilter nf_tables limit module" tristate "Netfilter nf_tables limit module"
help help
This option adds the "limit" expression that you can use to This option adds the "limit" expression that you can use to
ratelimit rule matchings. ratelimit rule matchings.
config NFT_MASQ config NFT_MASQ
depends on NF_TABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NF_NAT depends on NF_NAT
tristate "Netfilter nf_tables masquerade support" tristate "Netfilter nf_tables masquerade support"
@ -513,7 +506,6 @@ config NFT_MASQ
to perform NAT in the masquerade flavour. to perform NAT in the masquerade flavour.
config NFT_REDIR config NFT_REDIR
depends on NF_TABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NF_NAT depends on NF_NAT
tristate "Netfilter nf_tables redirect support" tristate "Netfilter nf_tables redirect support"
@ -522,7 +514,6 @@ config NFT_REDIR
to perform NAT in the redirect flavour. to perform NAT in the redirect flavour.
config NFT_NAT config NFT_NAT
depends on NF_TABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
select NF_NAT select NF_NAT
tristate "Netfilter nf_tables nat module" tristate "Netfilter nf_tables nat module"
@ -531,7 +522,6 @@ config NFT_NAT
typical Network Address Translation (NAT) packet transformations. typical Network Address Translation (NAT) packet transformations.
config NFT_QUEUE config NFT_QUEUE
depends on NF_TABLES
depends on NETFILTER_XTABLES depends on NETFILTER_XTABLES
depends on NETFILTER_NETLINK_QUEUE depends on NETFILTER_NETLINK_QUEUE
tristate "Netfilter nf_tables queue module" tristate "Netfilter nf_tables queue module"
@ -540,7 +530,6 @@ config NFT_QUEUE
infrastructure (also known as NFQUEUE) from nftables. infrastructure (also known as NFQUEUE) from nftables.
config NFT_REJECT config NFT_REJECT
depends on NF_TABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
tristate "Netfilter nf_tables reject support" tristate "Netfilter nf_tables reject support"
help help
@ -554,7 +543,6 @@ config NFT_REJECT_INET
tristate tristate
config NFT_COMPAT config NFT_COMPAT
depends on NF_TABLES
depends on NETFILTER_XTABLES depends on NETFILTER_XTABLES
tristate "Netfilter x_tables over nf_tables module" tristate "Netfilter x_tables over nf_tables module"
help help
@ -562,6 +550,8 @@ config NFT_COMPAT
x_tables match/target extensions over the nf_tables x_tables match/target extensions over the nf_tables
framework. framework.
endif # NF_TABLES
config NETFILTER_XTABLES config NETFILTER_XTABLES
tristate "Netfilter Xtables support (required for ip_tables)" tristate "Netfilter Xtables support (required for ip_tables)"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n