[NETFILTER]: Add nf_conntrack subsystem.

[safe/jmp/linux-2.6] / net / netfilter / Kconfig

menu "Core Netfilter Configuration"
        depends on NET && NETFILTER

config NETFILTER_NETLINK
       tristate "Netfilter netlink interface"
       help
         If this option is enabled, the kernel will include support
         for the new netfilter netlink interface.

config NETFILTER_NETLINK_QUEUE
        tristate "Netfilter NFQUEUE over NFNETLINK interface"
        depends on NETFILTER_NETLINK
        help
          If this option isenabled, the kernel will include support
          for queueing packets via NFNETLINK.
          
config NETFILTER_NETLINK_LOG
        tristate "Netfilter LOG over NFNETLINK interface"
        depends on NETFILTER_NETLINK
        help
          If this option is enabled, the kernel will include support
          for logging packets via NFNETLINK.

          This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms,
          and is also scheduled to replace the old syslog-based ipt_LOG
          and ip6t_LOG modules.

config NF_CONNTRACK
        tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)"
        depends on EXPERIMENTAL && IP_NF_CONNTRACK=n
        default n
        ---help---
          Connection tracking keeps a record of what packets have passed
          through your machine, in order to figure out how they are related
          into connections.

          Layer 3 independent connection tracking is experimental scheme
          which generalize ip_conntrack to support other layer 3 protocols.

          To compile it as a module, choose M here.  If unsure, say N.

config NF_CT_ACCT
        bool "Connection tracking flow accounting"
        depends on NF_CONNTRACK
        help
          If this option is enabled, the connection tracking code will
          keep per-flow packet and byte counters.

          Those counters can be used for flow-based accounting or the
          `connbytes' match.

          If unsure, say `N'.

config NF_CONNTRACK_MARK
        bool  'Connection mark tracking support'
        depends on NF_CONNTRACK
        help
          This option enables support for connection marks, used by the
          `CONNMARK' target and `connmark' match. Similar to the mark value
          of packets, but this mark value is kept in the conntrack session
          instead of the individual packets.

config NF_CONNTRACK_EVENTS
        bool "Connection tracking events"
        depends on NF_CONNTRACK
        help
          If this option is enabled, the connection tracking code will
          provide a notifier chain that can be used by other kernel code
          to get notified aboutchanges in the connection tracking state.

          If unsure, say `N'.

config NF_CT_PROTO_SCTP
        tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
        depends on EXPERIMENTAL && NF_CONNTRACK
        default n
        help
          With this option enabled, the layer 3 independent connection
          tracking code will be able to do state tracking on SCTP connections.

          If you want to compile it as a module, say M here and read
          Documentation/modules.txt.  If unsure, say `N'.

config NF_CONNTRACK_FTP
        tristate "FTP support on new connection tracking (EXPERIMENTAL)"
        depends on EXPERIMENTAL && NF_CONNTRACK
        help
          Tracking FTP connections is problematic: special helpers are
          required for tracking them, and doing masquerading and other forms
          of Network Address Translation on them.

          This is FTP support on Layer 3 independent connection tracking.
          Layer 3 independent connection tracking is experimental scheme
          which generalize ip_conntrack to support other layer 3 protocols.

          To compile it as a module, choose M here.  If unsure, say N.

endmenu