--- zzzz-none-000/linux-4.4.271/net/netfilter/Kconfig	2021-06-03 06:22:09.000000000 +0000
+++ hawkeye-5590-750/linux-4.4.271/net/netfilter/Kconfig	2023-04-19 10:22:30.000000000 +0000
@@ -10,7 +10,7 @@
 	  infrastructure.
 
 config NETFILTER_NETLINK
-	tristate
+	tristate "Netfilter NFNETLINK interface"
 
 config NETFILTER_NETLINK_ACCT
 tristate "Netfilter NFACCT over NFNETLINK interface"
@@ -114,6 +114,18 @@
 
 	  If unsure, say `N'.
 
+config NF_CONNTRACK_RTCACHE
+	tristate "Cache route entries in conntrack objects"
+	depends on NETFILTER_ADVANCED
+	depends on NF_CONNTRACK
+	help
+	  If this option is enabled, the connection tracking code will
+	  cache routing information for each connection that is being
+	  forwarded, at a cost of 32 bytes per conntrack object.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+	  The module will be called nf_conntrack_rtcache.
+
 config NF_CONNTRACK_TIMEOUT
 	bool  'Connection tracking timeout'
 	depends on NETFILTER_ADVANCED
@@ -124,6 +136,21 @@
 
 	  If unsure, say `N'.
 
+config NF_CONNTRACK_DSCPREMARK_EXT
+	bool  'Connection tracking extension for dscp remark target'
+	depends on NETFILTER_ADVANCED
+	help
+	  This option enables support for connection tracking extension
+	  for dscp remark.
+
+config NF_CONNTRACK_CHAIN_EVENTS
+	bool "Register multiple callbacks to ct events"
+	depends on NF_CONNTRACK_EVENTS
+	help
+	  Support multiple registrations.
+
+	  If unsure, say `N'.
+
 config NF_CONNTRACK_TIMESTAMP
 	bool  'Connection tracking timestamping'
 	depends on NETFILTER_ADVANCED
@@ -206,7 +233,6 @@
 
 config NF_CONNTRACK_H323
 	tristate "H.323 protocol support"
-	depends on IPV6 || IPV6=n
 	depends on NETFILTER_ADVANCED
 	help
 	  H.323 is a VoIP signalling protocol from ITU-T. As one of the most
@@ -420,6 +446,15 @@
 	depends on NF_CONNTRACK && NF_NAT
 	default NF_NAT && NF_CONNTRACK_TFTP
 
+config NF_NAT_TRY_NEXT_RULE
+	tristate
+	depends on NF_CONNTRACK && NF_NAT
+	default n
+	help
+	  If this option is enabled, the iptables will move on to the
+	  next rule in the chain if a unique tuple is not found for
+	  translation from the current matched rule.
+
 config NF_NAT_REDIRECT
         tristate "IPv4/IPv6 redirect support"
 	depends on NF_NAT
@@ -918,7 +953,6 @@
 
 config NETFILTER_XT_TARGET_TCPMSS
 	tristate '"TCPMSS" target support'
-	depends on IPV6 || IPV6=n
 	default m if NETFILTER_ADVANCED=n
 	---help---
 	  This option adds a `TCPMSS' target, which allows you to alter the
@@ -1170,6 +1204,13 @@
 
 	  To compile it as a module, choose M here.  If unsure, say N.
 
+config NETFILTER_XT_MATCH_ID
+	tristate '"id" match support'
+	depends on NETFILTER_ADVANCED
+	---help---
+	This option adds a `id' dummy-match, which allows you to put
+	numeric IDs into your iptables ruleset.
+
 config NETFILTER_XT_MATCH_IPRANGE
 	tristate '"iprange" address range match support'
 	depends on NETFILTER_ADVANCED