niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity

netfilter: arptables: allow xtables-nft only builds

Browse source 
Allows to build kernel that supports the arptables mangle target
via nftables' compat infra but without the arptables get/setsockopt
interface or the old arptables filter interpreter.

IOW, setting IP_NF_ARPFILTER=n will break arptables-legacy, but
arptables-nft will continue to work as long as nftables compat
support is enabled.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Phil Sutter <phil@nwl.cc>
This commit is contained in:
Florian Westphal 2024-01-23 16:42:48 +01:00
parent d5f9142fb9
commit 4654467dc7
1 changed files with 13 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
net/ipv4/netfilter/Kconfig
View file

@ -309,36 +309,34 @@ endif # IP_NF_IPTABLES
# ARP tables # ARP tables
config IP_NF_ARPTABLES config IP_NF_ARPTABLES
tristate "ARP tables support" tristate
select NETFILTER_XTABLES
select NETFILTER_FAMILY_ARP
depends on NETFILTER_ADVANCED
help
arptables is a general, extensible packet identification framework.
The ARP packet filtering and mangling (manipulation)subsystems
use this: say Y or M here if you want to use either of those.
To compile it as a module, choose M here. If unsure, say N. config NFT_COMPAT_ARP
tristate
if IP_NF_ARPTABLES depends on NF_TABLES_ARP && NFT_COMPAT
default m if NFT_COMPAT=m
default y if NFT_COMPAT=y
config IP_NF_ARPFILTER config IP_NF_ARPFILTER
tristate "ARP packet filtering" tristate "arptables-legacy packet filtering support"
select IP_NF_ARPTABLES
help help
ARP packet filtering defines a table `filter', which has a series of ARP packet filtering defines a table `filter', which has a series of
rules for simple ARP packet filtering at local input and rules for simple ARP packet filtering at local input and
local output. On a bridge, you can also specify filtering rules local output. This is only needed for arptables-legacy(8).
for forwarded ARP packets. See the man page for arptables(8). Neither arptables-nft nor nftables need this to work.
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config IP_NF_ARP_MANGLE config IP_NF_ARP_MANGLE
tristate "ARP payload mangling" tristate "ARP payload mangling"
depends on IP_NF_ARPTABLES || NFT_COMPAT_ARP
help help
Allows altering the ARP packet payload: source and destination Allows altering the ARP packet payload: source and destination
hardware and network addresses. hardware and network addresses.
endif # IP_NF_ARPTABLES This option is needed by both arptables-legacy and arptables-nft.
It is not used by nftables.
endmenu endmenu