Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

2 files changed, 56 insertions, 48 deletions

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index fb173126f03d..7cbcaf4f0194 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -82,6 +82,52 @@ config NF_TABLES_ARP
         help
           This option enables the ARP support for nf_tables.
 
+config NF_NAT_IPV4
+        tristate "IPv4 NAT"
+        depends on NF_CONNTRACK_IPV4
+        default m if NETFILTER_ADVANCED=n
+        select NF_NAT
+        help
+          The IPv4 NAT option allows masquerading, port forwarding and other
+          forms of full Network Address Port Translation. This can be
+          controlled by iptables or nft.
+
+if NF_NAT_IPV4
+
+config NF_NAT_SNMP_BASIC
+        tristate "Basic SNMP-ALG support"
+        depends on NF_CONNTRACK_SNMP
+        depends on NETFILTER_ADVANCED
+        default NF_NAT && NF_CONNTRACK_SNMP
+        ---help---
+
+          This module implements an Application Layer Gateway (ALG) for
+          SNMP payloads.  In conjunction with NAT, it allows a network
+          management system to access multiple private networks with
+          conflicting addresses.  It works by modifying IP addresses
+          inside SNMP payloads to match IP-layer NAT mapping.
+
+          This is the "basic" form of SNMP-ALG, as described in RFC 2962
+
+          To compile it as a module, choose M here.  If unsure, say N.
+
+config NF_NAT_PROTO_GRE
+        tristate
+        depends on NF_CT_PROTO_GRE
+
+config NF_NAT_PPTP
+        tristate
+        depends on NF_CONNTRACK
+        default NF_CONNTRACK_PPTP
+        select NF_NAT_PROTO_GRE
+
+config NF_NAT_H323
+        tristate
+        depends on NF_CONNTRACK
+        default NF_CONNTRACK_H323
+
+endif # NF_NAT_IPV4
+
 config IP_NF_IPTABLES
         tristate "IP tables support (required for filtering/masq/NAT)"
         default m if NETFILTER_ADVANCED=n
@@ -170,19 +216,21 @@ config IP_NF_TARGET_SYNPROXY
           To compile it as a module, choose M here. If unsure, say N.
 
 # NAT + specific targets: nf_conntrack
-config NF_NAT_IPV4
-        tristate "IPv4 NAT"
+config IP_NF_NAT
+        tristate "iptables NAT support"
         depends on NF_CONNTRACK_IPV4
         default m if NETFILTER_ADVANCED=n
         select NF_NAT
+        select NF_NAT_IPV4
+        select NETFILTER_XT_NAT
         help
-          The IPv4 NAT option allows masquerading, port forwarding and other
-          forms of full Network Address Port Translation.  It is controlled by
-          the `nat' table in iptables: see the man page for iptables(8).
+          This enables the `nat' table in iptables. This allows masquerading,
+          port forwarding and other forms of full Network Address Port
+          Translation.
 
           To compile it as a module, choose M here.  If unsure, say N.
 
-if NF_NAT_IPV4
+if IP_NF_NAT
 
 config IP_NF_TARGET_MASQUERADE
         tristate "MASQUERADE target support"
@@ -214,47 +262,7 @@ config IP_NF_TARGET_REDIRECT
         (e.g. when running oldconfig). It selects
         CONFIG_NETFILTER_XT_TARGET_REDIRECT.
 
-endif
-
-config NF_NAT_SNMP_BASIC
-        tristate "Basic SNMP-ALG support"
-        depends on NF_CONNTRACK_SNMP && NF_NAT_IPV4
-        depends on NETFILTER_ADVANCED
-        default NF_NAT && NF_CONNTRACK_SNMP
-        ---help---
-
-          This module implements an Application Layer Gateway (ALG) for
-          SNMP payloads.  In conjunction with NAT, it allows a network
-          management system to access multiple private networks with
-          conflicting addresses.  It works by modifying IP addresses
-          inside SNMP payloads to match IP-layer NAT mapping.
-
-          This is the "basic" form of SNMP-ALG, as described in RFC 2962
-
-          To compile it as a module, choose M here.  If unsure, say N.
-
-# If they want FTP, set to $CONFIG_IP_NF_NAT (m or y),
-# or $CONFIG_IP_NF_FTP (m or y), whichever is weaker.
-# From kconfig-language.txt:
-#
-#           <expr> '&&' <expr>                   (6)
-#
-# (6) Returns the result of min(/expr/, /expr/).
-
-config NF_NAT_PROTO_GRE
-        tristate
-        depends on NF_NAT_IPV4 && NF_CT_PROTO_GRE
-
-config NF_NAT_PPTP
-        tristate
-        depends on NF_CONNTRACK && NF_NAT_IPV4
-        default NF_NAT_IPV4 && NF_CONNTRACK_PPTP
-        select NF_NAT_PROTO_GRE
-
-config NF_NAT_H323
-        tristate
-        depends on NF_CONNTRACK && NF_NAT_IPV4
-        default NF_NAT_IPV4 && NF_CONNTRACK_H323
+endif # IP_NF_NAT
 
 # mangle + specific targets
 config IP_NF_MANGLE
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 33001621465b..edf4af32e9f2 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -43,7 +43,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
 # the three instances of ip_tables
 obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
 obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
-obj-$(CONFIG_NF_NAT_IPV4) += iptable_nat.o
+obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
 obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
 obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o