[NETFILTER]: Kconfig: improve conntrack selection (b321e144) · Commits · e / devices / android_kernel_oneplus_sm8150

net/ipv4/netfilter/Kconfig

+0 −14

Original line number	Original line	Diff line number	Diff line
	@@ -31,20 +31,6 @@ config NF_CONNTRACK_PROC_COMPAT
	If unsure, say Y.		If unsure, say Y.

	# connection tracking, helpers and protocols		# connection tracking, helpers and protocols
	config IP_NF_CONNTRACK
	tristate "Connection tracking (required for masq/NAT)"
	---help---
	Connection tracking keeps a record of what packets have passed
	through your machine, in order to figure out how they are related
	into connections.

	This is required to do Masquerading or other kinds of Network
	Address Translation (except for Fast NAT). It can also be used to
	enhance packet filtering (see `Connection state match support'
	below).

	To compile it as a module, choose M here. If unsure, say N.

	config IP_NF_CT_ACCT		config IP_NF_CT_ACCT
	bool "Connection tracking flow accounting"		bool "Connection tracking flow accounting"
	depends on IP_NF_CONNTRACK		depends on IP_NF_CONNTRACK

net/netfilter/Kconfig

+44 −6

Original line number	Original line	Diff line number	Diff line
	@@ -25,19 +25,57 @@ config NETFILTER_NETLINK_LOG
	and is also scheduled to replace the old syslog-based ipt_LOG		and is also scheduled to replace the old syslog-based ipt_LOG
	and ip6t_LOG modules.		and ip6t_LOG modules.

	config NF_CONNTRACK		config NF_CONNTRACK_ENABLED
	tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)"		tristate "Netfilter connection tracking support"
	depends on EXPERIMENTAL && IP_NF_CONNTRACK=n		help
	default n
	---help---
	Connection tracking keeps a record of what packets have passed		Connection tracking keeps a record of what packets have passed
	through your machine, in order to figure out how they are related		through your machine, in order to figure out how they are related
	into connections.		into connections.

			This is required to do Masquerading or other kinds of Network
			Address Translation (except for Fast NAT). It can also be used to
			enhance packet filtering (see `Connection state match support'
			below).

			To compile it as a module, choose M here. If unsure, say N.

			choice
			prompt "Netfilter connection tracking support"
			depends on NF_CONNTRACK_ENABLED

			config NF_CONNTRACK_SUPPORT
			bool "Layer 3 Independent Connection tracking (EXPERIMENTAL)"
			depends on EXPERIMENTAL
			help
	Layer 3 independent connection tracking is experimental scheme		Layer 3 independent connection tracking is experimental scheme
	which generalize ip_conntrack to support other layer 3 protocols.		which generalize ip_conntrack to support other layer 3 protocols.

	To compile it as a module, choose M here. If unsure, say N.		This is required to do Masquerading or other kinds of Network
			Address Translation (except for Fast NAT). It can also be used to
			enhance packet filtering (see `Connection state match support'
			below).

			config IP_NF_CONNTRACK_SUPPORT
			bool "Layer 3 Dependent Connection tracking"
			help
			The old, Layer 3 dependent ip_conntrack subsystem of netfilter.

			This is required to do Masquerading or other kinds of Network
			Address Translation (except for Fast NAT). It can also be used to
			enhance packet filtering (see `Connection state match support'
			below).

			endchoice

			config NF_CONNTRACK
			tristate
			default m if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m
			default y if NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y

			config IP_NF_CONNTRACK
			tristate
			default m if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=m
			default y if IP_NF_CONNTRACK_SUPPORT && NF_CONNTRACK_ENABLED=y

	config NF_CT_ACCT		config NF_CT_ACCT
	bool "Connection tracking flow accounting"		bool "Connection tracking flow accounting"