From b321e14425c0234dd9cd07a5327a179507956c7c Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sat, 2 Dec 2006 22:05:46 -0800 Subject: [PATCH] [NETFILTER]: Kconfig: improve conntrack selection Improve the connection tracking selection (well, the user experience, not really the aesthetics) by offering one option to enable connection tracking and a choice between the implementations. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/Kconfig | 14 ----------- net/netfilter/Kconfig | 50 +++++++++++++++++++++++++++++++++----- 2 files changed, 44 insertions(+), 20 deletions(-) diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 06fec80a0089..71485276b819 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig @@ -31,20 +31,6 @@ config NF_CONNTRACK_PROC_COMPAT If unsure, say Y. # connection tracking, helpers and protocols -config IP_NF_CONNTRACK - tristate "Connection tracking (required for masq/NAT)" - ---help--- - Connection tracking keeps a record of what packets have passed - through your machine, in order to figure out how they are related - into connections. - - This is required to do Masquerading or other kinds of Network - Address Translation (except for Fast NAT). It can also be used to - enhance packet filtering (see `Connection state match support' - below). - - To compile it as a module, choose M here. If unsure, say N. - config IP_NF_CT_ACCT bool "Connection tracking flow accounting" depends on IP_NF_CONNTRACK diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index d191dacead5e..efe56f768f34 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -25,19 +25,57 @@ config NETFILTER_NETLINK_LOG and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules. -config NF_CONNTRACK - tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)" - depends on EXPERIMENTAL && IP_NF_CONNTRACK=n - default n - ---help--- +config NF_CONNTRACK_ENABLED + tristate "Netfilter connection tracking support" + help Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections. + This is required to do Masquerading or other kinds of Network + Address Translation (except for Fast NAT). It can also be used to + enhance packet filtering (see `Connection state match support' + below). + + To compile it as a module, choose M here. If unsure, say N. + +choice + prompt "Netfilter connection tracking support" + depends on NF_CONNTRACK_ENABLED + +config NF_CONNTRACK_SUPPORT + bool "Layer 3 Independent Connection tracking (EXPERIMENTAL)" + depends on EXPERIMENTAL + help Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols. - To compile it as a module, choose M here. If unsure, say N. + This is required to do Masquerading or other kinds of Network + Address Translation (except for Fast NAT). It can also be used to + enhance packet filtering (see `Connection state match support' + below). + +config IP_NF_CONNTRACK_SUPPORT + bool "Layer 3 Dependent Connection tracking" + help + The old, Layer 3 dependent ip_conntrack subsystem of netfilter. + + This is required to do Masquerading or other kinds of Network + Address Translation (except for Fast NAT). It can also be used to + enhance packet filtering (see `Connection state match support' + below). + +endchoice + +config NF_CONNTRACK + tristate + default m if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m + default y if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y + +config IP_NF_CONNTRACK + tristate + default m if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m + default y if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y config NF_CT_ACCT bool "Connection tracking flow accounting"