[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bridge / netfilter / Kconfig

#
# Bridge netfilter configuration
#

menuconfig BRIDGE_NF_EBTABLES
	tristate "Ethernet Bridge tables (ebtables) support"
	depends on BRIDGE && NETFILTER
	select NETFILTER_XTABLES
	help
	  ebtables is a general, extensible frame/packet identification
	  framework. Say 'Y' or 'M' here if you want to do Ethernet
	  filtering/NAT/brouting on the Ethernet bridge.

if BRIDGE_NF_EBTABLES

#
# tables
#
config BRIDGE_EBT_BROUTE
	tristate "ebt: broute table support"
	help
	  The ebtables broute table is used to define rules that decide between
	  bridging and routing frames, giving Linux the functionality of a
	  brouter. See the man page for ebtables(8) and examples on the ebtables
	  website.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_T_FILTER
	tristate "ebt: filter table support"
	help
	  The ebtables filter table is used to define frame filtering rules at
	  local input, forwarding and local output. See the man page for
	  ebtables(8).

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_T_NAT
	tristate "ebt: nat table support"
	help
	  The ebtables nat table is used to define rules that alter the MAC
	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
	  See the man page for ebtables(8).

	  To compile it as a module, choose M here.  If unsure, say N.
#
# matches
#
config BRIDGE_EBT_802_3
	tristate "ebt: 802.3 filter support"
	help
	  This option adds matching support for 802.3 Ethernet frames.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_AMONG
	tristate "ebt: among filter support"
	help
	  This option adds the among match, which allows matching the MAC source
	  and/or destination address on a list of addresses. Optionally,
	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_ARP
	tristate "ebt: ARP filter support"
	help
	  This option adds the ARP match, which allows ARP and RARP header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_IP
	tristate "ebt: IP filter support"
	help
	  This option adds the IP match, which allows basic IP header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_IP6
	tristate "ebt: IP6 filter support"
	depends on BRIDGE_NF_EBTABLES && IPV6
	help
	  This option adds the IP6 match, which allows basic IPV6 header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_LIMIT
	tristate "ebt: limit match support"
	help
	  This option adds the limit match, which allows you to control
	  the rate at which a rule can be matched. This match is the
	  equivalent of the iptables limit match.

	  If you want to compile it as a module, say M here and read
	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.

config BRIDGE_EBT_MARK
	tristate "ebt: mark filter support"
	help
	  This option adds the mark match, which allows matching frames based on
	  the 'nfmark' value in the frame. This can be set by the mark target.
	  This value is the same as the one used in the iptables mark match and
	  target.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_PKTTYPE
	tristate "ebt: packet type filter support"
	help
	  This option adds the packet type match, which allows matching on the
	  type of packet based on its Ethernet "class" (as determined by
	  the generic networking code): broadcast, multicast,
	  for this host alone or for another host.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_STP
	tristate "ebt: STP filter support"
	help
	  This option adds the Spanning Tree Protocol match, which
	  allows STP header field filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_VLAN
	tristate "ebt: 802.1Q VLAN filter support"
	help
	  This option adds the 802.1Q vlan match, which allows the filtering of
	  802.1Q vlan fields.

	  To compile it as a module, choose M here.  If unsure, say N.
#
# targets
#
config BRIDGE_EBT_ARPREPLY
	tristate "ebt: arp reply target support"
	depends on BRIDGE_NF_EBTABLES && INET
	help
	  This option adds the arp reply target, which allows
	  automatically sending arp replies to arp requests.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_DNAT
	tristate "ebt: dnat target support"
	help
	  This option adds the MAC DNAT target, which allows altering the MAC
	  destination address of frames.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_MARK_T
	tristate "ebt: mark target support"
	help
	  This option adds the mark target, which allows marking frames by
	  setting the 'nfmark' value in the frame.
	  This value is the same as the one used in the iptables mark match and
	  target.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_REDIRECT
	tristate "ebt: redirect target support"
	help
	  This option adds the MAC redirect target, which allows altering the MAC
	  destination address of a frame to that of the device it arrived on.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_SNAT
	tristate "ebt: snat target support"
	help
	  This option adds the MAC SNAT target, which allows altering the MAC
	  source address of frames.

	  To compile it as a module, choose M here.  If unsure, say N.
#
# watchers
#
config BRIDGE_EBT_LOG
	tristate "ebt: log support"
	help
	  This option adds the log watcher, that you can use in any rule
	  in any ebtables table. It records info about the frame header
	  to the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_ULOG
	tristate "ebt: ulog support (OBSOLETE)"
	help
	  This option enables the old bridge-specific "ebt_ulog" implementation
	  which has been obsoleted by the new "nfnetlink_log" code (see
	  CONFIG_NETFILTER_NETLINK_LOG).

	  This option adds the ulog watcher, that you can use in any rule
	  in any ebtables table. The packet is passed to a userspace
	  logging daemon using netlink multicast sockets. This differs
	  from the log watcher in the sense that the complete packet is
	  sent to userspace instead of a descriptive text and that
	  netlink multicast sockets are used instead of the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_NFLOG
	tristate "ebt: nflog support"
	help
	  This option enables the nflog watcher, which allows to LOG
	  messages through the netfilter logging API, which can use
	  either the old LOG target, the old ULOG target or nfnetlink_log
	  as backend.

	  This option adds the nflog watcher, that you can use in any rule
	  in any ebtables table.

	  To compile it as a module, choose M here.  If unsure, say N.

endif # BRIDGE_NF_EBTABLES
Commit	Line	Data
1da177e4 LT	1	#
	2	# Bridge netfilter configuration
	3	#
	4
20f3c56f	5	menuconfig BRIDGE_NF_EBTABLES
1da177e4	6	tristate "Ethernet Bridge tables (ebtables) support"
9823d9ff	7	depends on BRIDGE && NETFILTER
043ef46c	8	select NETFILTER_XTABLES
1da177e4 LT	9	help
	10	ebtables is a general, extensible frame/packet identification
	11	framework. Say 'Y' or 'M' here if you want to do Ethernet
	12	filtering/NAT/brouting on the Ethernet bridge.
20f3c56f JE	13
	14	if BRIDGE_NF_EBTABLES
	15
1da177e4 LT	16	#
	17	# tables
	18	#
	19	config BRIDGE_EBT_BROUTE
	20	tristate "ebt: broute table support"
1da177e4 LT	21	help
	22	The ebtables broute table is used to define rules that decide between
	23	bridging and routing frames, giving Linux the functionality of a
	24	brouter. See the man page for ebtables(8) and examples on the ebtables
	25	website.
	26
	27	To compile it as a module, choose M here. If unsure, say N.
	28
	29	config BRIDGE_EBT_T_FILTER
	30	tristate "ebt: filter table support"
1da177e4 LT	31	help
	32	The ebtables filter table is used to define frame filtering rules at
	33	local input, forwarding and local output. See the man page for
	34	ebtables(8).
	35
	36	To compile it as a module, choose M here. If unsure, say N.
	37
	38	config BRIDGE_EBT_T_NAT
	39	tristate "ebt: nat table support"
1da177e4 LT	40	help
	41	The ebtables nat table is used to define rules that alter the MAC
	42	source address (MAC SNAT) or the MAC destination address (MAC DNAT).
	43	See the man page for ebtables(8).
	44
	45	To compile it as a module, choose M here. If unsure, say N.
	46	#
	47	# matches
	48	#
	49	config BRIDGE_EBT_802_3
	50	tristate "ebt: 802.3 filter support"
1da177e4 LT	51	help
	52	This option adds matching support for 802.3 Ethernet frames.
	53
	54	To compile it as a module, choose M here. If unsure, say N.
	55
	56	config BRIDGE_EBT_AMONG
	57	tristate "ebt: among filter support"
1da177e4 LT	58	help
	59	This option adds the among match, which allows matching the MAC source
	60	and/or destination address on a list of addresses. Optionally,
	61	MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
	62
	63	To compile it as a module, choose M here. If unsure, say N.
	64
	65	config BRIDGE_EBT_ARP
	66	tristate "ebt: ARP filter support"
1da177e4 LT	67	help
	68	This option adds the ARP match, which allows ARP and RARP header field
	69	filtering.
	70
	71	To compile it as a module, choose M here. If unsure, say N.
	72
	73	config BRIDGE_EBT_IP
	74	tristate "ebt: IP filter support"
1da177e4 LT	75	help
	76	This option adds the IP match, which allows basic IP header field
	77	filtering.
	78
	79	To compile it as a module, choose M here. If unsure, say N.
	80
93f65158 KT	81	config BRIDGE_EBT_IP6
93f65158 KT	82	tristate "ebt: IP6 filter support"
f586287e	83	depends on BRIDGE_NF_EBTABLES && IPV6
93f65158 KT	84	help
	85	This option adds the IP6 match, which allows basic IPV6 header field
	86	filtering.
	87
	88	To compile it as a module, choose M here. If unsure, say N.
	89
1da177e4 LT	90	config BRIDGE_EBT_LIMIT
1da177e4 LT	91	tristate "ebt: limit match support"
1da177e4 LT	92	help
	93	This option adds the limit match, which allows you to control
	94	the rate at which a rule can be matched. This match is the
	95	equivalent of the iptables limit match.
	96
	97	If you want to compile it as a module, say M here and read
	98	<file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
	99
	100	config BRIDGE_EBT_MARK
	101	tristate "ebt: mark filter support"
1da177e4 LT	102	help
	103	This option adds the mark match, which allows matching frames based on
	104	the 'nfmark' value in the frame. This can be set by the mark target.
	105	This value is the same as the one used in the iptables mark match and
	106	target.
	107
	108	To compile it as a module, choose M here. If unsure, say N.
	109
	110	config BRIDGE_EBT_PKTTYPE
	111	tristate "ebt: packet type filter support"
1da177e4 LT	112	help
	113	This option adds the packet type match, which allows matching on the
	114	type of packet based on its Ethernet "class" (as determined by
	115	the generic networking code): broadcast, multicast,
	116	for this host alone or for another host.
	117
	118	To compile it as a module, choose M here. If unsure, say N.
	119
	120	config BRIDGE_EBT_STP
	121	tristate "ebt: STP filter support"
1da177e4 LT	122	help
	123	This option adds the Spanning Tree Protocol match, which
	124	allows STP header field filtering.
	125
	126	To compile it as a module, choose M here. If unsure, say N.
	127
	128	config BRIDGE_EBT_VLAN
	129	tristate "ebt: 802.1Q VLAN filter support"
1da177e4 LT	130	help
	131	This option adds the 802.1Q vlan match, which allows the filtering of
	132	802.1Q vlan fields.
	133
	134	To compile it as a module, choose M here. If unsure, say N.
	135	#
	136	# targets
	137	#
	138	config BRIDGE_EBT_ARPREPLY
	139	tristate "ebt: arp reply target support"
eb3f8f5e	140	depends on BRIDGE_NF_EBTABLES && INET
1da177e4 LT	141	help
	142	This option adds the arp reply target, which allows
	143	automatically sending arp replies to arp requests.
	144
	145	To compile it as a module, choose M here. If unsure, say N.
	146
	147	config BRIDGE_EBT_DNAT
	148	tristate "ebt: dnat target support"
1da177e4 LT	149	help
	150	This option adds the MAC DNAT target, which allows altering the MAC
	151	destination address of frames.
	152
	153	To compile it as a module, choose M here. If unsure, say N.
	154
	155	config BRIDGE_EBT_MARK_T
	156	tristate "ebt: mark target support"
1da177e4 LT	157	help
	158	This option adds the mark target, which allows marking frames by
	159	setting the 'nfmark' value in the frame.
	160	This value is the same as the one used in the iptables mark match and
	161	target.
	162
	163	To compile it as a module, choose M here. If unsure, say N.
	164
	165	config BRIDGE_EBT_REDIRECT
	166	tristate "ebt: redirect target support"
1da177e4 LT	167	help
	168	This option adds the MAC redirect target, which allows altering the MAC
	169	destination address of a frame to that of the device it arrived on.
	170
	171	To compile it as a module, choose M here. If unsure, say N.
	172
	173	config BRIDGE_EBT_SNAT
	174	tristate "ebt: snat target support"
1da177e4 LT	175	help
	176	This option adds the MAC SNAT target, which allows altering the MAC
	177	source address of frames.
	178
	179	To compile it as a module, choose M here. If unsure, say N.
	180	#
	181	# watchers
	182	#
	183	config BRIDGE_EBT_LOG
	184	tristate "ebt: log support"
1da177e4 LT	185	help
	186	This option adds the log watcher, that you can use in any rule
	187	in any ebtables table. It records info about the frame header
	188	to the syslog.
	189
	190	To compile it as a module, choose M here. If unsure, say N.
	191
	192	config BRIDGE_EBT_ULOG
d5228a4f	193	tristate "ebt: ulog support (OBSOLETE)"
1da177e4	194	help
d5228a4f BDS	195	This option enables the old bridge-specific "ebt_ulog" implementation
	196	which has been obsoleted by the new "nfnetlink_log" code (see
	197	CONFIG_NETFILTER_NETLINK_LOG).
	198
1da177e4 LT	199	This option adds the ulog watcher, that you can use in any rule
	200	in any ebtables table. The packet is passed to a userspace
	201	logging daemon using netlink multicast sockets. This differs
	202	from the log watcher in the sense that the complete packet is
	203	sent to userspace instead of a descriptive text and that
	204	netlink multicast sockets are used instead of the syslog.
	205
	206	To compile it as a module, choose M here. If unsure, say N.
	207
e7bfd0a1 PW	208	config BRIDGE_EBT_NFLOG
e7bfd0a1 PW	209	tristate "ebt: nflog support"
e7bfd0a1 PW	210	help
	211	This option enables the nflog watcher, which allows to LOG
	212	messages through the netfilter logging API, which can use
	213	either the old LOG target, the old ULOG target or nfnetlink_log
	214	as backend.
	215
58de7862	216	This option adds the nflog watcher, that you can use in any rule
e7bfd0a1 PW	217	in any ebtables table.
	218
	219	To compile it as a module, choose M here. If unsure, say N.
	220
20f3c56f	221	endif # BRIDGE_NF_EBTABLES