首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT

Now that we have masquerading support in nf_tables, the NAT chain can
be use with it, not only for SNAT/DNAT. So make this chain type
independent of it.

While at it, move it inside the scope of 'if NF_NAT_IPV*' to simplify
dependencies.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso 11 年之前
父節點
39e393bb4f
當前提交
3e8dc212a0
共有 2 個文件被更改,包括 22 次插入20 次删除
分割檢視 顯示文件統計
  1. 9 10
      net/ipv4/netfilter/Kconfig
  2. 13 10
      net/ipv6/netfilter/Kconfig

+ 9 - 10
net/ipv4/netfilter/Kconfig
查看文件 

@@ -61,16 +61,6 @@ config NFT_CHAIN_ROUTE_IPV4
 
 	  fields such as the source, destination, type of service and
 
 	  the packet mark.
 
 
-config NFT_CHAIN_NAT_IPV4
 
-	depends on NF_TABLES_IPV4
 
-	depends on NF_NAT_IPV4 && NFT_NAT
 
-	tristate "IPv4 nf_tables nat chain support"
 
-	help
 
-	  This option enables the "nat" chain for IPv4 in nf_tables. This
 
-	  chain type is used to perform Network Address Translation (NAT)
 
-	  packet transformations such as the source, destination address and
 
-	  source and destination ports.
 
-
 
 config NFT_REJECT_IPV4
 
 	depends on NF_TABLES_IPV4
 
 	default NFT_REJECT
 
@@ -94,6 +84,15 @@ config NF_NAT_IPV4
 
 
 if NF_NAT_IPV4
 
 
+config NFT_CHAIN_NAT_IPV4
 
+	depends on NF_TABLES_IPV4
 
+	tristate "IPv4 nf_tables nat chain support"
 
+	help
 
+	  This option enables the "nat" chain for IPv4 in nf_tables. This
 
+	  chain type is used to perform Network Address Translation (NAT)
 
+	  packet transformations such as the source, destination address and
 
+	  source and destination ports.
 
+
 
 config NF_NAT_SNMP_BASIC
 
 	tristate "Basic SNMP-ALG support"
 
 	depends on NF_CONNTRACK_SNMP

+ 13 - 10
net/ipv6/netfilter/Kconfig
查看文件 

@@ -40,16 +40,6 @@ config NFT_CHAIN_ROUTE_IPV6
 
 	  fields such as the source, destination, flowlabel, hop-limit and
 
 	  the packet mark.
 
 
-config NFT_CHAIN_NAT_IPV6
 
-	depends on NF_TABLES_IPV6
 
-	depends on NF_NAT_IPV6 && NFT_NAT
 
-	tristate "IPv6 nf_tables nat chain support"
 
-	help
 
-	  This option enables the "nat" chain for IPv6 in nf_tables. This
 
-	  chain type is used to perform Network Address Translation (NAT)
 
-	  packet transformations such as the source, destination address and
 
-	  source and destination ports.
 
-
 
 config NFT_REJECT_IPV6
 
 	depends on NF_TABLES_IPV6
 
 	default NFT_REJECT
 
@@ -70,6 +60,19 @@ config NF_NAT_IPV6
 
 	  forms of full Network Address Port Translation. This can be
 
 	  controlled by iptables or nft.
 
 
+if NF_NAT_IPV6
 
+
 
+config NFT_CHAIN_NAT_IPV6
 
+	depends on NF_TABLES_IPV6
 
+	tristate "IPv6 nf_tables nat chain support"
 
+	help
 
+	  This option enables the "nat" chain for IPv6 in nf_tables. This
 
+	  chain type is used to perform Network Address Translation (NAT)
 
+	  packet transformations such as the source, destination address and
 
+	  source and destination ports.
 
+
 
+endif # NF_NAT_IPV6
 
+
 
 config IP6_NF_IPTABLES
 
 	tristate "IP6 tables support (required for filtering)"
 
 	depends on INET && IPV6