--- zzzz-none-000/linux-4.1.52/net/netfilter/Kconfig 2018-05-28 02:26:45.000000000 +0000 +++ bcm63-7530ax-731/linux-4.1.52/net/netfilter/Kconfig 2022-03-02 11:37:14.000000000 +0000 @@ -76,7 +76,6 @@ config NF_CONNTRACK_ZONES bool 'Connection tracking zones' depends on NETFILTER_ADVANCED - depends on NETFILTER_XT_TARGET_CT help This option enables support for connection tracking zones. Normally, each connection needs to have a unique system wide @@ -128,10 +127,11 @@ If unsure, say `N'. config NF_CONNTRACK_LABELS - bool + bool "Connection tracking labels" help This option enables support for assigning user-defined flag bits - to connection tracking entries. It selected by the connlabel match. + to connection tracking entries. It can be used with xtables connlabel + match and the nftables ct expression. config NF_CT_PROTO_DCCP tristate 'DCCP protocol connection tracking support' @@ -167,6 +167,15 @@ To compile it as a module, choose M here. If unsure, say N. +config NF_CT_PROTO_ESP + tristate 'ESP protocol connection tracking support' + depends on NETFILTER_ADVANCED && BCM_KF_NETFILTER + help + With this option enabled, the layer 3 ESP protocol + tracking will be able to do tracking on ESP connections + + To compile it as a module, choose M here. If unsure, say N. + config NF_CONNTRACK_AMANDA tristate "Amanda backup protocol support" depends on NETFILTER_ADVANCED @@ -312,6 +321,16 @@ To compile it as a module, choose M here. If unsure, say N. +config NF_CONNTRACK_IPSEC + tristate "IPSEC protocol support" + depends on BCM_KF_NETFILTER + default m if NETFILTER_ADVANCED=n + help + IPSec is used for for securing IP communications by authenticating and + encrypting each IP packet of a communication session + + To compile it as a module, choose M here. If unsure, say N. + config NF_CONNTRACK_TFTP tristate "TFTP protocol support" depends on NETFILTER_ADVANCED @@ -323,6 +342,25 @@ To compile it as a module, choose M here. If unsure, say N. +#BRCM begin +config NF_DYNDSCP + tristate "Dynamic DSCP Mangling support " + depends on NF_CONNTRACK && BCM_KF_NETFILTER + default n + help + This option enables support for dynamic DSCP, i.e tos will be derived from + tos value of WAN packets of each connection. + +config NF_CONNTRACK_RTSP + tristate "RTSP protocol support" + depends on NF_CONNTRACK && BCM_KF_NETFILTER + help + RTSP (Real Time Streaming Protocol) support. + + To compile it as a module, choose M here. If unsure, say N. + +#BRCM end + config NF_CT_NETLINK tristate 'Connection tracking netlink interface' select NETFILTER_NETLINK @@ -386,6 +424,7 @@ depends on NF_NAT && NF_CT_PROTO_SCTP select LIBCRC32C + config NF_NAT_AMANDA tristate depends on NF_CONNTRACK && NF_NAT @@ -396,6 +435,11 @@ depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_FTP +config NF_NAT_RTSP + tristate + depends on BCM_KF_NETFILTER && IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT + default NF_NAT && NF_CONNTRACK_RTSP + config NF_NAT_IRC tristate depends on NF_CONNTRACK && NF_NAT @@ -935,6 +979,16 @@ This option adds a "TCPOPTSTRIP" target, which allows you to strip TCP options from TCP packets. +config NETFILTER_XT_TARGET_SKIPLOG + tristate '"SKIPLOG" target support' + depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) && BCM_KF_NETFILTER + ---help--- + configuration like: + + iptables -A FORWARD -p tcp -j SKIPLOG + + To compile it as a module, choose M here. If unsure, say N. + # alphabetically ordered list of matches comment "Xtables matches" @@ -1438,6 +1492,23 @@ Details and examples are in the kernel module source. +config NETFILTER_XT_MATCH_BLOG + tristate '"blog" blog match support' + depends on NETFILTER_XTABLES && BCM_KF_NETFILTER && BLOG + help + This option adds a `blog' match, which allows you to match based + on blog fields. + + To compile it as a module, choose M here. If unsure, say N. + +config NETFILTER_XT_MATCH_FLOWLABEL + tristate '"flowlabel" match support' + depends on NETFILTER_XTABLES && BCM_KF_NETFILTER + help + This option adds a `flowlabel' match, which allows you to match based + on IPv6 flowlabel fields. + + To compile it as a module, choose M here. If unsure, say N. endif # NETFILTER_XTABLES endmenu