From 1e80380b14681f229fc6bcd3d53f001f4fc0a463 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 26 Feb 2018 10:15:16 +0100 Subject: netfilter: nf_flow_table: relax mixed ipv4/ipv6 flowtable dependencies Since the offload hook code was moved, this table no longer depends on the IPv4 and IPv6 flowtable modules Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso --- net/netfilter/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'net/netfilter/Kconfig') diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 704b3832dbad..d20664b02ae4 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -666,8 +666,7 @@ endif # NF_TABLES config NF_FLOW_TABLE_INET tristate "Netfilter flow table mixed IPv4/IPv6 module" - depends on NF_FLOW_TABLE_IPV4 - depends on NF_FLOW_TABLE_IPV6 + depends on NF_FLOW_TABLE help This option adds the flow table mixed IPv4/IPv6 support. -- cgit v1.2.1 From 8a22543c8e7093104d7c22190746b9492bfbd897 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 16 Apr 2018 19:15:54 +0200 Subject: netfilter: nf_tables: make meta expression builtin size net/netfilter/nft_meta.ko text data bss dec hex filename 5826 936 1 6763 1a6b net/netfilter/nft_meta.ko 96407 2064 400 98871 18237 net/netfilter/nf_tables.ko after: 100826 2240 401 103467 1942b net/netfilter/nf_tables.ko Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/netfilter/Kconfig | 6 ------ 1 file changed, 6 deletions(-) (limited to 'net/netfilter/Kconfig') diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index d20664b02ae4..29a13c7a5af2 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -480,12 +480,6 @@ config NFT_EXTHDR This option adds the "exthdr" expression that you can use to match IPv6 extension headers and tcp options. -config NFT_META - tristate "Netfilter nf_tables meta module" - help - This option adds the "meta" expression that you can use to match and - to set packet metainformation such as the packet mark. - config NFT_RT tristate "Netfilter nf_tables routing module" help -- cgit v1.2.1 From ae1bc6a9f398d5e0310387eb077a0d9ce1fb21f5 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 16 Apr 2018 19:15:55 +0200 Subject: netfilter: nf_tables: merge rt expression into nft core before: text data bss dec hex filename 2657 844 0 3501 dad net/netfilter/nft_rt.ko 100826 2240 401 103467 1942b net/netfilter/nf_tables.ko after: 2657 844 0 3501 dad net/netfilter/nft_rt.ko 102456 2316 401 105173 19ad5 net/netfilter/nf_tables.ko Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/netfilter/Kconfig | 6 ------ 1 file changed, 6 deletions(-) (limited to 'net/netfilter/Kconfig') diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 29a13c7a5af2..771f1a4f3376 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -480,12 +480,6 @@ config NFT_EXTHDR This option adds the "exthdr" expression that you can use to match IPv6 extension headers and tcp options. -config NFT_RT - tristate "Netfilter nf_tables routing module" - help - This option adds the "rt" expression that you can use to match - packet routing information such as the packet nexthop. - config NFT_NUMGEN tristate "Netfilter nf_tables number generator module" help -- cgit v1.2.1 From d0103158cf7c9190860dabd12b85ccad3c6e3455 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 16 Apr 2018 19:15:56 +0200 Subject: netfilter: nf_tables: merge exthdr expression into nft core before: text data bss dec hex filename 5056 844 0 5900 170c net/netfilter/nft_exthdr.ko 102456 2316 401 105173 19ad5 net/netfilter/nf_tables.ko after: 106410 2392 401 109203 1aa93 net/netfilter/nf_tables.ko Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/netfilter/Kconfig | 6 ------ 1 file changed, 6 deletions(-) (limited to 'net/netfilter/Kconfig') diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 771f1a4f3376..f66586fb41cd 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -474,12 +474,6 @@ config NF_TABLES_NETDEV help This option enables support for the "netdev" table. -config NFT_EXTHDR - tristate "Netfilter nf_tables exthdr module" - help - This option adds the "exthdr" expression that you can use to match - IPv6 extension headers and tcp options. - config NFT_NUMGEN tristate "Netfilter nf_tables number generator module" help -- cgit v1.2.1 From bfb15f2a95cbbc548b59abf8007d0fdb35fdfee5 Mon Sep 17 00:00:00 2001 From: Fernando Fernandez Mancera Date: Thu, 3 May 2018 14:05:40 +0200 Subject: netfilter: extract Passive OS fingerprint infrastructure from xt_osf Add nf_osf_ttl() and nf_osf_match() into nf_osf.c to prepare for nf_tables support. Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso --- net/netfilter/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'net/netfilter/Kconfig') diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index f66586fb41cd..e25cdb3d51cb 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -444,6 +444,9 @@ config NETFILTER_SYNPROXY endif # NF_CONNTRACK +config NF_OSF + tristate 'Passive OS fingerprint infrastructure' + config NF_TABLES select NETFILTER_NETLINK tristate "Netfilter nf_tables support" @@ -1358,6 +1361,7 @@ config NETFILTER_XT_MATCH_NFACCT config NETFILTER_XT_MATCH_OSF tristate '"osf" Passive OS fingerprint match' depends on NETFILTER_ADVANCED && NETFILTER_NETLINK + select NF_OSF help This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by -- cgit v1.2.1