mk-rootfs.sh

hc

2023-12-11 072de836f53be56a70cecf70b43ae43b7ce17376

 kernel/net/ipv6/netfilter/Kconfig
..
..
@@ -1,3 +1,4 @@
1
+# SPDX-License-Identifier: GPL-2.0-only
1
2
 #
2
3
 # IP netfilter configuration
3
4
 #
..
..
@@ -22,42 +23,6 @@
22
23
 	  This option enables the IPv6 support for nf_tables.
23
24
 
24
25
 if NF_TABLES_IPV6
25
-
26
-config NFT_CHAIN_ROUTE_IPV6
27
-	tristate "IPv6 nf_tables route chain support"
28
-	help
29
-	  This option enables the "route" chain for IPv6 in nf_tables. This
30
-	  chain type is used to force packet re-routing after mangling header
31
-	  fields such as the source, destination, flowlabel, hop-limit and
32
-	  the packet mark.
33
-
34
-if NF_NAT_IPV6
35
-
36
-config NFT_CHAIN_NAT_IPV6
37
-	tristate "IPv6 nf_tables nat chain support"
38
-	help
39
-	  This option enables the "nat" chain for IPv6 in nf_tables. This
40
-	  chain type is used to perform Network Address Translation (NAT)
41
-	  packet transformations such as the source, destination address and
42
-	  source and destination ports.
43
-
44
-config NFT_MASQ_IPV6
45
-	tristate "IPv6 masquerade support for nf_tables"
46
-	depends on NFT_MASQ
47
-	select NF_NAT_MASQUERADE_IPV6
48
-	help
49
-	  This is the expression that provides IPv4 masquerading support for
50
-	  nf_tables.
51
-
52
-config NFT_REDIR_IPV6
53
-	tristate "IPv6 redirect support for nf_tables"
54
-	depends on NFT_REDIR
55
-	select NF_NAT_REDIRECT
56
-	help
57
-	  This is the expression that provides IPv4 redirect support for
58
-	  nf_tables.
59
-
60
-endif # NF_NAT_IPV6
61
26
 
62
27
 config NFT_REJECT_IPV6
63
28
 	select NF_REJECT_IPV6
..
..
@@ -105,23 +70,6 @@
105
70
 	tristate "IPv6 packet logging"
106
71
 	default m if NETFILTER_ADVANCED=n
107
72
 	select NF_LOG_COMMON
108
-
109
-config NF_NAT_IPV6
110
-	tristate "IPv6 NAT"
111
-	depends on NF_CONNTRACK
112
-	depends on NETFILTER_ADVANCED
113
-	select NF_NAT
114
-	help
115
-	  The IPv6 NAT option allows masquerading, port forwarding and other
116
-	  forms of full Network Address Port Translation. This can be
117
-	  controlled by iptables or nft.
118
-
119
-if NF_NAT_IPV6
120
-
121
-config NF_NAT_MASQUERADE_IPV6
122
-	bool
123
-
124
-endif # NF_NAT_IPV6
125
73
 
126
74
 config IP6_NF_IPTABLES
127
75
 	tristate "IP6 tables support (required for filtering)"
..
..
@@ -179,10 +127,10 @@
179
127
 	tristate '"hl" hoplimit match support'
180
128
 	depends on NETFILTER_ADVANCED
181
129
 	select NETFILTER_XT_MATCH_HL
182
-	---help---
183
-	This is a backwards-compat option for the user's convenience
184
-	(e.g. when running oldconfig). It selects
185
-	CONFIG_NETFILTER_XT_MATCH_HL.
130
+	help
131
+	  This is a backwards-compat option for the user's convenience
132
+	  (e.g. when running oldconfig). It selects
133
+	  CONFIG_NETFILTER_XT_MATCH_HL.
186
134
 
187
135
 config IP6_NF_MATCH_IPV6HEADER
188
136
 	tristate '"ipv6header" IPv6 Extension Headers Match'
..
..
@@ -205,7 +153,7 @@
205
153
 	tristate '"rpfilter" reverse path filter match support'
206
154
 	depends on NETFILTER_ADVANCED
207
155
 	depends on IP6_NF_MANGLE || IP6_NF_RAW
208
-	---help---
156
+	help
209
157
 	  This option allows you to match packets whose replies would
210
158
 	  go out via the interface the packet came in.
211
159
 
..
..
@@ -222,23 +170,23 @@
222
170
 	  To compile it as a module, choose M here.  If unsure, say N.
223
171
 
224
172
 config IP6_NF_MATCH_SRH
225
-        tristate '"srh" Segment Routing header match support'
226
-        depends on NETFILTER_ADVANCED
227
-        help
228
-          srh matching allows you to match packets based on the segment
173
+	tristate '"srh" Segment Routing header match support'
174
+	depends on NETFILTER_ADVANCED
175
+	help
176
+	  srh matching allows you to match packets based on the segment
229
177
 	  routing header of the packet.
230
178
 
231
-          To compile it as a module, choose M here.  If unsure, say N.
179
+	  To compile it as a module, choose M here.  If unsure, say N.
232
180
 
233
181
 # The targets
234
182
 config IP6_NF_TARGET_HL
235
183
 	tristate '"HL" hoplimit target support'
236
184
 	depends on NETFILTER_ADVANCED && IP6_NF_MANGLE
237
185
 	select NETFILTER_XT_TARGET_HL
238
-	---help---
239
-	This is a backwards-compatible option for the user's convenience
240
-	(e.g. when running oldconfig). It selects
241
-	CONFIG_NETFILTER_XT_TARGET_HL.
186
+	help
187
+	  This is a backwards-compatible option for the user's convenience
188
+	  (e.g. when running oldconfig). It selects
189
+	  CONFIG_NETFILTER_XT_TARGET_HL.
242
190
 
243
191
 config IP6_NF_FILTER
244
192
 	tristate "Packet filtering"
..
..
@@ -293,25 +241,24 @@
293
241
 	  and OUTPUT chains.
294
242
 
295
243
 	  If you want to compile it as a module, say M here and read
296
-	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
244
+	  <file:Documentation/kbuild/modules.rst>.  If unsure, say `N'.
297
245
 
298
246
 # security table for MAC policy
299
247
 config IP6_NF_SECURITY
300
-       tristate "Security table"
301
-       depends on SECURITY
302
-       depends on NETFILTER_ADVANCED
303
-       help
304
-         This option adds a `security' table to iptables, for use
305
-         with Mandatory Access Control (MAC) policy.
248
+	tristate "Security table"
249
+	depends on SECURITY
250
+	depends on NETFILTER_ADVANCED
251
+	help
252
+	  This option adds a `security' table to iptables, for use
253
+	  with Mandatory Access Control (MAC) policy.
306
254
 
307
-         If unsure, say N.
255
+	  If unsure, say N.
308
256
 
309
257
 config IP6_NF_NAT
310
258
 	tristate "ip6tables NAT support"
311
259
 	depends on NF_CONNTRACK
312
260
 	depends on NETFILTER_ADVANCED
313
261
 	select NF_NAT
314
-	select NF_NAT_IPV6
315
262
 	select NETFILTER_XT_NAT
316
263
 	help
317
264
 	  This enables the `nat' table in ip6tables. This allows masquerading,
..
..
@@ -324,15 +271,10 @@
324
271
 
325
272
 config IP6_NF_TARGET_MASQUERADE
326
273
 	tristate "MASQUERADE target support"
327
-	select NF_NAT_MASQUERADE_IPV6
274
+	select NETFILTER_XT_TARGET_MASQUERADE
328
275
 	help
329
-	  Masquerading is a special case of NAT: all outgoing connections are
330
-	  changed to seem to come from a particular interface's address, and
331
-	  if the interface goes down, those connections are lost.  This is
332
-	  only useful for dialup accounts with dynamic IP address (ie. your IP
333
-	  address will be different on next dialup).
334
-
335
-	  To compile it as a module, choose M here.  If unsure, say N.
276
+	  This is a backwards-compat option for the user's convenience
277
+	  (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_MASQUERADE.
336
278
 
337
279
 config IP6_NF_TARGET_NPT
338
280
 	tristate "NPT (Network Prefix translation) target support"