diff options
author | Patrick McHardy <kaber@trash.net> | 2007-02-12 14:15:02 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-02-12 14:15:02 -0500 |
commit | a3c941b08d73e26af9030d34a73a1992cfff1703 (patch) | |
tree | 8da2c5caf2f197a2bf84bb20563f381c757d61e7 /net | |
parent | 891350c9d168a7d58a193a67a1d107c23f9c2eb1 (diff) |
[NETFILTER]: Kconfig: improve dependency handling
Instead of depending on internally needed options and letting users
figure out what is needed, select them when needed:
- IP_NF_IPTABLES, IP_NF_ARPTABLES and IP6_NF_IPTABLES select
NETFILTER_XTABLES
- NETFILTER_XT_TARGET_CONNMARK, NETFILTER_XT_MATCH_CONNMARK and
IP_NF_TARGET_CLUSTERIP select NF_CONNTRACK_MARK
- NETFILTER_XT_MATCH_CONNBYTES selects NF_CT_ACCT
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/Kconfig | 8 | ||||
-rw-r--r-- | net/ipv6/netfilter/Kconfig | 3 | ||||
-rw-r--r-- | net/netfilter/Kconfig | 12 |
3 files changed, 16 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 9b08e7ad71bc..601808c796ec 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -226,7 +226,7 @@ config IP_NF_QUEUE | |||
226 | 226 | ||
227 | config IP_NF_IPTABLES | 227 | config IP_NF_IPTABLES |
228 | tristate "IP tables support (required for filtering/masq/NAT)" | 228 | tristate "IP tables support (required for filtering/masq/NAT)" |
229 | depends on NETFILTER_XTABLES | 229 | select NETFILTER_XTABLES |
230 | help | 230 | help |
231 | iptables is a general, extensible packet identification framework. | 231 | iptables is a general, extensible packet identification framework. |
232 | The packet filtering and full NAT (masquerading, port forwarding, | 232 | The packet filtering and full NAT (masquerading, port forwarding, |
@@ -606,7 +606,9 @@ config IP_NF_TARGET_TTL | |||
606 | config IP_NF_TARGET_CLUSTERIP | 606 | config IP_NF_TARGET_CLUSTERIP |
607 | tristate "CLUSTERIP target support (EXPERIMENTAL)" | 607 | tristate "CLUSTERIP target support (EXPERIMENTAL)" |
608 | depends on IP_NF_MANGLE && EXPERIMENTAL | 608 | depends on IP_NF_MANGLE && EXPERIMENTAL |
609 | depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4) | 609 | depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4 |
610 | select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK | ||
611 | select NF_CONNTRACK_MARK if NF_CONNTRACK_IPV4 | ||
610 | help | 612 | help |
611 | The CLUSTERIP target allows you to build load-balancing clusters of | 613 | The CLUSTERIP target allows you to build load-balancing clusters of |
612 | network servers without having a dedicated load-balancing | 614 | network servers without having a dedicated load-balancing |
@@ -629,7 +631,7 @@ config IP_NF_RAW | |||
629 | # ARP tables | 631 | # ARP tables |
630 | config IP_NF_ARPTABLES | 632 | config IP_NF_ARPTABLES |
631 | tristate "ARP tables support" | 633 | tristate "ARP tables support" |
632 | depends on NETFILTER_XTABLES | 634 | select NETFILTER_XTABLES |
633 | help | 635 | help |
634 | arptables is a general, extensible packet identification framework. | 636 | arptables is a general, extensible packet identification framework. |
635 | The ARP packet filtering and mangling (manipulation)subsystems | 637 | The ARP packet filtering and mangling (manipulation)subsystems |
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index cd549aea84f0..da07e9a88ee9 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig | |||
@@ -42,7 +42,8 @@ config IP6_NF_QUEUE | |||
42 | 42 | ||
43 | config IP6_NF_IPTABLES | 43 | config IP6_NF_IPTABLES |
44 | tristate "IP6 tables support (required for filtering)" | 44 | tristate "IP6 tables support (required for filtering)" |
45 | depends on INET && IPV6 && EXPERIMENTAL && NETFILTER_XTABLES | 45 | depends on INET && IPV6 && EXPERIMENTAL |
46 | select NETFILTER_XTABLES | ||
46 | help | 47 | help |
47 | ip6tables is a general, extensible packet identification framework. | 48 | ip6tables is a general, extensible packet identification framework. |
48 | Currently only the packet filtering and packet mangling subsystem | 49 | Currently only the packet filtering and packet mangling subsystem |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 748f7f00909a..253fce3ad2d3 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
@@ -302,7 +302,9 @@ config NETFILTER_XT_TARGET_CONNMARK | |||
302 | tristate '"CONNMARK" target support' | 302 | tristate '"CONNMARK" target support' |
303 | depends on NETFILTER_XTABLES | 303 | depends on NETFILTER_XTABLES |
304 | depends on IP_NF_MANGLE || IP6_NF_MANGLE | 304 | depends on IP_NF_MANGLE || IP6_NF_MANGLE |
305 | depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK) | 305 | depends on IP_NF_CONNTRACK || NF_CONNTRACK |
306 | select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK | ||
307 | select NF_CONNTRACK_MARK if NF_CONNTRACK | ||
306 | help | 308 | help |
307 | This option adds a `CONNMARK' target, which allows one to manipulate | 309 | This option adds a `CONNMARK' target, which allows one to manipulate |
308 | the connection mark value. Similar to the MARK target, but | 310 | the connection mark value. Similar to the MARK target, but |
@@ -434,7 +436,9 @@ config NETFILTER_XT_MATCH_COMMENT | |||
434 | config NETFILTER_XT_MATCH_CONNBYTES | 436 | config NETFILTER_XT_MATCH_CONNBYTES |
435 | tristate '"connbytes" per-connection counter match support' | 437 | tristate '"connbytes" per-connection counter match support' |
436 | depends on NETFILTER_XTABLES | 438 | depends on NETFILTER_XTABLES |
437 | depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK) | 439 | depends on IP_NF_CONNTRACK || NF_CONNTRACK |
440 | select IP_NF_CT_ACCT if IP_NF_CONNTRACK | ||
441 | select NF_CT_ACCT if NF_CONNTRACK | ||
438 | help | 442 | help |
439 | This option adds a `connbytes' match, which allows you to match the | 443 | This option adds a `connbytes' match, which allows you to match the |
440 | number of bytes and/or packets for each direction within a connection. | 444 | number of bytes and/or packets for each direction within a connection. |
@@ -445,7 +449,9 @@ config NETFILTER_XT_MATCH_CONNBYTES | |||
445 | config NETFILTER_XT_MATCH_CONNMARK | 449 | config NETFILTER_XT_MATCH_CONNMARK |
446 | tristate '"connmark" connection mark match support' | 450 | tristate '"connmark" connection mark match support' |
447 | depends on NETFILTER_XTABLES | 451 | depends on NETFILTER_XTABLES |
448 | depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK) | 452 | depends on IP_NF_CONNTRACK || NF_CONNTRACK |
453 | select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK | ||
454 | select NF_CONNTRACK_MARK if NF_CONNTRACK | ||
449 | help | 455 | help |
450 | This option adds a `connmark' match, which allows you to match the | 456 | This option adds a `connmark' match, which allows you to match the |
451 | connection mark value previously set for the session by `CONNMARK'. | 457 | connection mark value previously set for the session by `CONNMARK'. |