diff options
| author | Patrick McHardy <kaber@trash.net> | 2006-12-03 01:05:46 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-12-03 01:05:46 -0500 |
| commit | b321e14425c0234dd9cd07a5327a179507956c7c (patch) | |
| tree | 1e5926654d2e0f77aa73ca2be224d20f45e788c4 /net | |
| parent | 9457d851fc5df54522d733f72cbb1f02ab59272e (diff) | |
[NETFILTER]: Kconfig: improve conntrack selection
Improve the connection tracking selection (well, the user experience,
not really the aesthetics) by offering one option to enable connection
tracking and a choice between the implementations.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 14 | ||||
| -rw-r--r-- | net/netfilter/Kconfig | 50 |
2 files changed, 44 insertions, 20 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 06fec80a0089..71485276b819 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -31,20 +31,6 @@ config NF_CONNTRACK_PROC_COMPAT | |||
| 31 | If unsure, say Y. | 31 | If unsure, say Y. |
| 32 | 32 | ||
| 33 | # connection tracking, helpers and protocols | 33 | # connection tracking, helpers and protocols |
| 34 | config IP_NF_CONNTRACK | ||
| 35 | tristate "Connection tracking (required for masq/NAT)" | ||
| 36 | ---help--- | ||
| 37 | Connection tracking keeps a record of what packets have passed | ||
| 38 | through your machine, in order to figure out how they are related | ||
| 39 | into connections. | ||
| 40 | |||
| 41 | This is required to do Masquerading or other kinds of Network | ||
| 42 | Address Translation (except for Fast NAT). It can also be used to | ||
| 43 | enhance packet filtering (see `Connection state match support' | ||
| 44 | below). | ||
| 45 | |||
| 46 | To compile it as a module, choose M here. If unsure, say N. | ||
| 47 | |||
| 48 | config IP_NF_CT_ACCT | 34 | config IP_NF_CT_ACCT |
| 49 | bool "Connection tracking flow accounting" | 35 | bool "Connection tracking flow accounting" |
| 50 | depends on IP_NF_CONNTRACK | 36 | depends on IP_NF_CONNTRACK |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index d191dacead5e..efe56f768f34 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -25,19 +25,57 @@ config NETFILTER_NETLINK_LOG | |||
| 25 | and is also scheduled to replace the old syslog-based ipt_LOG | 25 | and is also scheduled to replace the old syslog-based ipt_LOG |
| 26 | and ip6t_LOG modules. | 26 | and ip6t_LOG modules. |
| 27 | 27 | ||
| 28 | config NF_CONNTRACK | 28 | config NF_CONNTRACK_ENABLED |
| 29 | tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)" | 29 | tristate "Netfilter connection tracking support" |
| 30 | depends on EXPERIMENTAL && IP_NF_CONNTRACK=n | 30 | help |
| 31 | default n | ||
| 32 | ---help--- | ||
| 33 | Connection tracking keeps a record of what packets have passed | 31 | Connection tracking keeps a record of what packets have passed |
| 34 | through your machine, in order to figure out how they are related | 32 | through your machine, in order to figure out how they are related |
| 35 | into connections. | 33 | into connections. |
| 36 | 34 | ||
| 35 | This is required to do Masquerading or other kinds of Network | ||
| 36 | Address Translation (except for Fast NAT). It can also be used to | ||
| 37 | enhance packet filtering (see `Connection state match support' | ||
| 38 | below). | ||
| 39 | |||
| 40 | To compile it as a module, choose M here. If unsure, say N. | ||
| 41 | |||
| 42 | choice | ||
| 43 | prompt "Netfilter connection tracking support" | ||
| 44 | depends on NF_CONNTRACK_ENABLED | ||
| 45 | |||
| 46 | config NF_CONNTRACK_SUPPORT | ||
| 47 | bool "Layer 3 Independent Connection tracking (EXPERIMENTAL)" | ||
| 48 | depends on EXPERIMENTAL | ||
| 49 | help | ||
| 37 | Layer 3 independent connection tracking is experimental scheme | 50 | Layer 3 independent connection tracking is experimental scheme |
| 38 | which generalize ip_conntrack to support other layer 3 protocols. | 51 | which generalize ip_conntrack to support other layer 3 protocols. |
| 39 | 52 | ||
| 40 | To compile it as a module, choose M here. If unsure, say N. | 53 | This is required to do Masquerading or other kinds of Network |
| 54 | Address Translation (except for Fast NAT). It can also be used to | ||
| 55 | enhance packet filtering (see `Connection state match support' | ||
| 56 | below). | ||
| 57 | |||
| 58 | config IP_NF_CONNTRACK_SUPPORT | ||
| 59 | bool "Layer 3 Dependent Connection tracking" | ||
| 60 | help | ||
| 61 | The old, Layer 3 dependent ip_conntrack subsystem of netfilter. | ||
| 62 | |||
| 63 | This is required to do Masquerading or other kinds of Network | ||
| 64 | Address Translation (except for Fast NAT). It can also be used to | ||
| 65 | enhance packet filtering (see `Connection state match support' | ||
| 66 | below). | ||
| 67 | |||
| 68 | endchoice | ||
| 69 | |||
| 70 | config NF_CONNTRACK | ||
| 71 | tristate | ||
| 72 | default m if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m | ||
| 73 | default y if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y | ||
| 74 | |||
| 75 | config IP_NF_CONNTRACK | ||
| 76 | tristate | ||
| 77 | default m if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m | ||
| 78 | default y if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y | ||
| 41 | 79 | ||
| 42 | config NF_CT_ACCT | 80 | config NF_CT_ACCT |
| 43 | bool "Connection tracking flow accounting" | 81 | bool "Connection tracking flow accounting" |