Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3c941b0 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: Kconfig: improve dependency handling 



Instead of depending on internally needed options and letting users
figure out what is needed, select them when needed:

- IP_NF_IPTABLES, IP_NF_ARPTABLES and IP6_NF_IPTABLES select
  NETFILTER_XTABLES

- NETFILTER_XT_TARGET_CONNMARK, NETFILTER_XT_MATCH_CONNMARK and
  IP_NF_TARGET_CLUSTERIP select NF_CONNTRACK_MARK

- NETFILTER_XT_MATCH_CONNBYTES selects NF_CT_ACCT

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 891350c9

net/ipv4/netfilter/Kconfig

+5 −3
Original line number Diff line number Diff line
@@ -226,7 +226,7 @@ config IP_NF_QUEUE 


config IP_NF_IPTABLES

	tristate "IP tables support (required for filtering/masq/NAT)"

	depends on NETFILTER_XTABLES

	select NETFILTER_XTABLES

	help

	  iptables is a general, extensible packet identification framework.

	  The packet filtering and full NAT (masquerading, port forwarding,
@@ -606,7 +606,9 @@ config IP_NF_TARGET_TTL 
config IP_NF_TARGET_CLUSTERIP

	tristate "CLUSTERIP target support (EXPERIMENTAL)"

	depends on IP_NF_MANGLE && EXPERIMENTAL

	depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)

	depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4

	select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK

	select NF_CONNTRACK_MARK if NF_CONNTRACK_IPV4

	help

	  The CLUSTERIP target allows you to build load-balancing clusters of

	  network servers without having a dedicated load-balancing
@@ -629,7 +631,7 @@ config IP_NF_RAW 
# ARP tables

config IP_NF_ARPTABLES

	tristate "ARP tables support"

	depends on NETFILTER_XTABLES

	select NETFILTER_XTABLES

	help

	  arptables is a general, extensible packet identification framework.

	  The ARP packet filtering and mangling (manipulation)subsystems

net/ipv6/netfilter/Kconfig

+2 −1
Original line number Diff line number Diff line
@@ -42,7 +42,8 @@ config IP6_NF_QUEUE 


config IP6_NF_IPTABLES

	tristate "IP6 tables support (required for filtering)"

	depends on INET && IPV6 && EXPERIMENTAL && NETFILTER_XTABLES

	depends on INET && IPV6 && EXPERIMENTAL

	select NETFILTER_XTABLES

	help

	  ip6tables is a general, extensible packet identification framework.

	  Currently only the packet filtering and packet mangling subsystem

net/netfilter/Kconfig

+9 −3
Original line number Diff line number Diff line
@@ -302,7 +302,9 @@ config NETFILTER_XT_TARGET_CONNMARK 
	tristate  '"CONNMARK" target support'

	depends on NETFILTER_XTABLES

	depends on IP_NF_MANGLE || IP6_NF_MANGLE

	depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK)

	depends on IP_NF_CONNTRACK || NF_CONNTRACK

	select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK

	select NF_CONNTRACK_MARK if NF_CONNTRACK

	help

	  This option adds a `CONNMARK' target, which allows one to manipulate

	  the connection mark value.  Similar to the MARK target, but
@@ -434,7 +436,9 @@ config NETFILTER_XT_MATCH_COMMENT 
config NETFILTER_XT_MATCH_CONNBYTES

	tristate  '"connbytes" per-connection counter match support'

	depends on NETFILTER_XTABLES

	depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK)

	depends on IP_NF_CONNTRACK || NF_CONNTRACK

	select IP_NF_CT_ACCT if IP_NF_CONNTRACK

	select NF_CT_ACCT if NF_CONNTRACK

	help

	  This option adds a `connbytes' match, which allows you to match the

	  number of bytes and/or packets for each direction within a connection.
@@ -445,7 +449,9 @@ config NETFILTER_XT_MATCH_CONNBYTES 
config NETFILTER_XT_MATCH_CONNMARK

	tristate  '"connmark" connection mark match support'

	depends on NETFILTER_XTABLES

	depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK)

	depends on IP_NF_CONNTRACK || NF_CONNTRACK

	select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK

	select NF_CONNTRACK_MARK if NF_CONNTRACK

	help

	  This option adds a `connmark' match, which allows you to match the

	  connection mark value previously set for the session by `CONNMARK'.