--- zzzz-none-000/linux-5.4.213/net/netfilter/Kconfig 2022-09-15 10:04:56.000000000 +0000 +++ alder-5690pro-762/linux-5.4.213/net/netfilter/Kconfig 2024-08-14 09:02:13.000000000 +0000 @@ -11,7 +11,7 @@ infrastructure. config NETFILTER_NETLINK - tristate + tristate "Netfilter NFNETLINK interface" config NETFILTER_FAMILY_BRIDGE bool @@ -135,6 +135,18 @@ If unsure, say `N'. +config NF_CONNTRACK_RTCACHE + tristate "Cache route entries in conntrack objects" + depends on NETFILTER_ADVANCED + depends on NF_CONNTRACK + help + If this option is enabled, the connection tracking code will + cache routing information for each connection that is being + forwarded, at a cost of 32 bytes per conntrack object. + + To compile it as a module, choose M here. If unsure, say N. + The module will be called nf_conntrack_rtcache. + config NF_CONNTRACK_TIMEOUT bool 'Connection tracking timeout' depends on NETFILTER_ADVANCED @@ -145,6 +157,21 @@ If unsure, say `N'. +config NF_CONNTRACK_DSCPREMARK_EXT + bool 'Connection tracking extension for dscp remark target' + depends on NETFILTER_ADVANCED + help + This option enables support for connection tracking extension + for dscp remark. + +config NF_CONNTRACK_CHAIN_EVENTS + bool "Register multiple callbacks to ct events" + depends on NF_CONNTRACK_EVENTS + help + Support multiple registrations. + + If unsure, say `N'. + config NF_CONNTRACK_TIMESTAMP bool 'Connection tracking timestamping' depends on NETFILTER_ADVANCED @@ -227,7 +254,6 @@ config NF_CONNTRACK_H323 tristate "H.323 protocol support" - depends on IPV6 || IPV6=n depends on NETFILTER_ADVANCED help H.323 is a VoIP signalling protocol from ITU-T. As one of the most @@ -427,6 +453,15 @@ depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_TFTP +config NF_NAT_TRY_NEXT_RULE + tristate + depends on NF_CONNTRACK && NF_NAT + default n + help + If this option is enabled, the iptables will move on to the + next rule in the chain if a unique tuple is not found for + translation from the current matched rule. + config NF_NAT_REDIRECT bool @@ -690,8 +725,6 @@ endif # NF_TABLES_NETDEV -endif # NF_TABLES - config NF_FLOW_TABLE_INET tristate "Netfilter flow table mixed IPv4/IPv6 module" depends on NF_FLOW_TABLE @@ -700,16 +733,26 @@ To compile it as a module, choose M here. +endif # NF_TABLES + config NF_FLOW_TABLE tristate "Netfilter flow table module" depends on NETFILTER_INGRESS depends on NF_CONNTRACK - depends on NF_TABLES help This option adds the flow table core infrastructure. To compile it as a module, choose M here. +config NF_FLOW_TABLE_HW + tristate "Netfilter flow table hardware offload module" + depends on NF_FLOW_TABLE + help + This option adds hardware offload support for the flow table core + infrastructure. + + To compile it as a module, choose M here. + config NETFILTER_XTABLES tristate "Netfilter Xtables support (required for ip_tables)" default m if NETFILTER_ADVANCED=n @@ -984,6 +1027,15 @@ depends on NETFILTER_ADVANCED select NETFILTER_XT_TARGET_CT +config NETFILTER_XT_TARGET_FLOWOFFLOAD + tristate '"FLOWOFFLOAD" target support' + depends on NF_FLOW_TABLE + depends on NETFILTER_INGRESS + help + This option adds a `FLOWOFFLOAD' target, which uses the nf_flow_offload + module to speed up processing of packets by bypassing the usual + netfilter chains + config NETFILTER_XT_TARGET_RATEEST tristate '"RATEEST" target support' depends on NETFILTER_ADVANCED @@ -1078,7 +1130,6 @@ config NETFILTER_XT_TARGET_TCPMSS tristate '"TCPMSS" target support' - depends on IPV6 || IPV6=n default m if NETFILTER_ADVANCED=n ---help--- This option adds a `TCPMSS' target, which allows you to alter the