Commit b321e144 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Kconfig: improve conntrack selection

Improve the connection tracking selection (well, the user experience,
not really the aesthetics) by offering one option to enable connection
tracking and a choice between the implementations.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9457d851
...@@ -31,20 +31,6 @@ config NF_CONNTRACK_PROC_COMPAT ...@@ -31,20 +31,6 @@ config NF_CONNTRACK_PROC_COMPAT
If unsure, say Y. If unsure, say Y.
# connection tracking, helpers and protocols # connection tracking, helpers and protocols
config IP_NF_CONNTRACK
tristate "Connection tracking (required for masq/NAT)"
---help---
Connection tracking keeps a record of what packets have passed
through your machine, in order to figure out how they are related
into connections.
This is required to do Masquerading or other kinds of Network
Address Translation (except for Fast NAT). It can also be used to
enhance packet filtering (see `Connection state match support'
below).
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_CT_ACCT config IP_NF_CT_ACCT
bool "Connection tracking flow accounting" bool "Connection tracking flow accounting"
depends on IP_NF_CONNTRACK depends on IP_NF_CONNTRACK
......
...@@ -25,19 +25,57 @@ config NETFILTER_NETLINK_LOG ...@@ -25,19 +25,57 @@ config NETFILTER_NETLINK_LOG
and is also scheduled to replace the old syslog-based ipt_LOG and is also scheduled to replace the old syslog-based ipt_LOG
and ip6t_LOG modules. and ip6t_LOG modules.
config NF_CONNTRACK config NF_CONNTRACK_ENABLED
tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)" tristate "Netfilter connection tracking support"
depends on EXPERIMENTAL && IP_NF_CONNTRACK=n help
default n
---help---
Connection tracking keeps a record of what packets have passed Connection tracking keeps a record of what packets have passed
through your machine, in order to figure out how they are related through your machine, in order to figure out how they are related
into connections. into connections.
This is required to do Masquerading or other kinds of Network
Address Translation (except for Fast NAT). It can also be used to
enhance packet filtering (see `Connection state match support'
below).
To compile it as a module, choose M here. If unsure, say N.
choice
prompt "Netfilter connection tracking support"
depends on NF_CONNTRACK_ENABLED
config NF_CONNTRACK_SUPPORT
bool "Layer 3 Independent Connection tracking (EXPERIMENTAL)"
depends on EXPERIMENTAL
help
Layer 3 independent connection tracking is experimental scheme Layer 3 independent connection tracking is experimental scheme
which generalize ip_conntrack to support other layer 3 protocols. which generalize ip_conntrack to support other layer 3 protocols.
To compile it as a module, choose M here. If unsure, say N. This is required to do Masquerading or other kinds of Network
Address Translation (except for Fast NAT). It can also be used to
enhance packet filtering (see `Connection state match support'
below).
config IP_NF_CONNTRACK_SUPPORT
bool "Layer 3 Dependent Connection tracking"
help
The old, Layer 3 dependent ip_conntrack subsystem of netfilter.
This is required to do Masquerading or other kinds of Network
Address Translation (except for Fast NAT). It can also be used to
enhance packet filtering (see `Connection state match support'
below).
endchoice
config NF_CONNTRACK
tristate
default m if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m
default y if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y
config IP_NF_CONNTRACK
tristate
default m if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m
default y if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y
config NF_CT_ACCT config NF_CT_ACCT
bool "Connection tracking flow accounting" bool "Connection tracking flow accounting"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment