tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: fix IPv6 NAT dependencies in Kconfig

* NF_NAT_IPV6 requires IP6_NF_IPTABLES

* IP6_NF_TARGET_MASQUERADE, IP6_NF_TARGET_NETMAP, IP6_NF_TARGET_REDIRECT
and IP6_NF_TARGET_NPT require NF_NAT_IPV6.

This change just mirrors what IPv4 does in Kconfig, for consistency.

Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso b0041d1b b216a4d8

+55 -55
+55 -55
net/ipv6/netfilter/Kconfig
··· 25 25 26 26 To compile it as a module, choose M here. If unsure, say N. 27 27 28 - config NF_NAT_IPV6 29 - tristate "IPv6 NAT" 30 - depends on NF_CONNTRACK_IPV6 31 - depends on NETFILTER_ADVANCED 32 - select NF_NAT 33 - help 34 - The IPv6 NAT option allows masquerading, port forwarding and other 35 - forms of full Network Address Port Translation. It is controlled by 36 - the `nat' table in ip6tables, see the man page for ip6tables(8). 37 - 38 - To compile it as a module, choose M here. If unsure, say N. 39 - 40 28 config IP6_NF_IPTABLES 41 29 tristate "IP6 tables support (required for filtering)" 42 30 depends on INET && IPV6 ··· 132 144 (e.g. when running oldconfig). It selects 133 145 CONFIG_NETFILTER_XT_TARGET_HL. 134 146 135 - config IP6_NF_TARGET_MASQUERADE 136 - tristate "MASQUERADE target support" 137 - depends on NF_NAT_IPV6 138 - help 139 - Masquerading is a special case of NAT: all outgoing connections are 140 - changed to seem to come from a particular interface's address, and 141 - if the interface goes down, those connections are lost. This is 142 - only useful for dialup accounts with dynamic IP address (ie. your IP 143 - address will be different on next dialup). 144 - 145 - To compile it as a module, choose M here. If unsure, say N. 146 - 147 - config IP6_NF_TARGET_NETMAP 148 - tristate "NETMAP target support" 149 - depends on NF_NAT_IPV6 150 - help 151 - NETMAP is an implementation of static 1:1 NAT mapping of network 152 - addresses. It maps the network address part, while keeping the host 153 - address part intact. 154 - 155 - To compile it as a module, choose M here. If unsure, say N. 156 - 157 - config IP6_NF_TARGET_REDIRECT 158 - tristate "REDIRECT target support" 159 - depends on NF_NAT_IPV6 160 - help 161 - REDIRECT is a special case of NAT: all incoming connections are 162 - mapped onto the incoming interface's address, causing the packets to 163 - come to the local machine instead of passing through. This is 164 - useful for transparent proxies. 165 - 166 - To compile it as a module, choose M here. If unsure, say N. 167 - 168 - config IP6_NF_TARGET_NPT 169 - tristate "NPT (Network Prefix translation) target support" 170 - depends on NETFILTER_ADVANCED 171 - help 172 - This option adds the `SNPT' and `DNPT' target, which perform 173 - stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296. 174 - 175 - To compile it as a module, choose M here. If unsure, say N. 176 - 177 147 config IP6_NF_FILTER 178 148 tristate "Packet filtering" 179 149 default m if NETFILTER_ADVANCED=n ··· 181 235 help 182 236 This option adds a `security' table to iptables, for use 183 237 with Mandatory Access Control (MAC) policy. 184 - 238 + 185 239 If unsure, say N. 240 + 241 + config NF_NAT_IPV6 242 + tristate "IPv6 NAT" 243 + depends on NF_CONNTRACK_IPV6 244 + depends on NETFILTER_ADVANCED 245 + select NF_NAT 246 + help 247 + The IPv6 NAT option allows masquerading, port forwarding and other 248 + forms of full Network Address Port Translation. It is controlled by 249 + the `nat' table in ip6tables, see the man page for ip6tables(8). 250 + 251 + To compile it as a module, choose M here. If unsure, say N. 252 + 253 + if NF_NAT_IPV6 254 + 255 + config IP6_NF_TARGET_MASQUERADE 256 + tristate "MASQUERADE target support" 257 + help 258 + Masquerading is a special case of NAT: all outgoing connections are 259 + changed to seem to come from a particular interface's address, and 260 + if the interface goes down, those connections are lost. This is 261 + only useful for dialup accounts with dynamic IP address (ie. your IP 262 + address will be different on next dialup). 263 + 264 + To compile it as a module, choose M here. If unsure, say N. 265 + 266 + config IP6_NF_TARGET_NETMAP 267 + tristate "NETMAP target support" 268 + help 269 + NETMAP is an implementation of static 1:1 NAT mapping of network 270 + addresses. It maps the network address part, while keeping the host 271 + address part intact. 272 + 273 + To compile it as a module, choose M here. If unsure, say N. 274 + 275 + config IP6_NF_TARGET_REDIRECT 276 + tristate "REDIRECT target support" 277 + help 278 + REDIRECT is a special case of NAT: all incoming connections are 279 + mapped onto the incoming interface's address, causing the packets to 280 + come to the local machine instead of passing through. This is 281 + useful for transparent proxies. 282 + 283 + To compile it as a module, choose M here. If unsure, say N. 284 + 285 + config IP6_NF_TARGET_NPT 286 + tristate "NPT (Network Prefix translation) target support" 287 + help 288 + This option adds the `SNPT' and `DNPT' target, which perform 289 + stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296. 290 + 291 + To compile it as a module, choose M here. If unsure, say N. 292 + 293 + endif # NF_NAT_IPV6 186 294 187 295 endif # IP6_NF_IPTABLES 188 296