Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains Netfilter/IPVS fixes for your net tree, they are: 1) Fix SIP conntrack with phones sending session descriptions for different media types but same port numbers, from Florian Westphal. 2) Fix incorrect rtnl_lock mutex logic from IPVS sync thread, from Julian Anastasov. 3) Skip compat array allocation in ebtables if there is no entries, also from Florian. 4) Do not lose left/right bits when shifting marks from xt_connmark, from Jack Ma. 5) Silence false positive memleak in conntrack extensions, from Cong Wang. 6) Fix CONFIG_NF_REJECT_IPV6=m link problems, from Arnd Bergmann. 7) Cannot kfree rule that is already in list in nf_tables, switch order so this error handling is not required, from Florian Westphal. 8) Release set name in error path, from Florian. 9) include kmemleak.h in nf_conntrack_extend.c, from Stepheh Rothwell. 10) NAT chain and extensions depend on NF_TABLES. 11) Out of bound access when renaming chains, from Taehee Yoo. 12) Incorrect casting in xt_connmark leads to wrong bitshifting. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -48,6 +48,34 @@ config NFT_CHAIN_ROUTE_IPV6
|
||||
fields such as the source, destination, flowlabel, hop-limit and
|
||||
the packet mark.
|
||||
|
||||
if NF_NAT_IPV6
|
||||
|
||||
config NFT_CHAIN_NAT_IPV6
|
||||
tristate "IPv6 nf_tables nat chain support"
|
||||
help
|
||||
This option enables the "nat" chain for IPv6 in nf_tables. This
|
||||
chain type is used to perform Network Address Translation (NAT)
|
||||
packet transformations such as the source, destination address and
|
||||
source and destination ports.
|
||||
|
||||
config NFT_MASQ_IPV6
|
||||
tristate "IPv6 masquerade support for nf_tables"
|
||||
depends on NFT_MASQ
|
||||
select NF_NAT_MASQUERADE_IPV6
|
||||
help
|
||||
This is the expression that provides IPv4 masquerading support for
|
||||
nf_tables.
|
||||
|
||||
config NFT_REDIR_IPV6
|
||||
tristate "IPv6 redirect support for nf_tables"
|
||||
depends on NFT_REDIR
|
||||
select NF_NAT_REDIRECT
|
||||
help
|
||||
This is the expression that provides IPv4 redirect support for
|
||||
nf_tables.
|
||||
|
||||
endif # NF_NAT_IPV6
|
||||
|
||||
config NFT_REJECT_IPV6
|
||||
select NF_REJECT_IPV6
|
||||
default NFT_REJECT
|
||||
@@ -107,39 +135,12 @@ config NF_NAT_IPV6
|
||||
|
||||
if NF_NAT_IPV6
|
||||
|
||||
config NFT_CHAIN_NAT_IPV6
|
||||
depends on NF_TABLES_IPV6
|
||||
tristate "IPv6 nf_tables nat chain support"
|
||||
help
|
||||
This option enables the "nat" chain for IPv6 in nf_tables. This
|
||||
chain type is used to perform Network Address Translation (NAT)
|
||||
packet transformations such as the source, destination address and
|
||||
source and destination ports.
|
||||
|
||||
config NF_NAT_MASQUERADE_IPV6
|
||||
tristate "IPv6 masquerade support"
|
||||
help
|
||||
This is the kernel functionality to provide NAT in the masquerade
|
||||
flavour (automatic source address selection) for IPv6.
|
||||
|
||||
config NFT_MASQ_IPV6
|
||||
tristate "IPv6 masquerade support for nf_tables"
|
||||
depends on NF_TABLES_IPV6
|
||||
depends on NFT_MASQ
|
||||
select NF_NAT_MASQUERADE_IPV6
|
||||
help
|
||||
This is the expression that provides IPv4 masquerading support for
|
||||
nf_tables.
|
||||
|
||||
config NFT_REDIR_IPV6
|
||||
tristate "IPv6 redirect support for nf_tables"
|
||||
depends on NF_TABLES_IPV6
|
||||
depends on NFT_REDIR
|
||||
select NF_NAT_REDIRECT
|
||||
help
|
||||
This is the expression that provides IPv4 redirect support for
|
||||
nf_tables.
|
||||
|
||||
endif # NF_NAT_IPV6
|
||||
|
||||
config IP6_NF_IPTABLES
|
||||
|
||||
Reference in New Issue
Block a user