[NETFILTER]: nf_conntrack_h323: fix compile error with CONFIG_IPV6=m, CONFIG_NF_CONNT...

[deliverable/linux.git] / net / netfilter / Kconfig

diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index d1a365d83c53c443ce9f49802caa958b6ed8c261..80107d4909c5b88fb69c519ea7f4301b93bb63c0 100644 (file)
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -1,5 +1,5 @@
 menu "Core Netfilter Configuration"
-       depends on NET && NETFILTER
+       depends on NET && INET && NETFILTER
 
 config NETFILTER_NETLINK
        tristate "Netfilter netlink interface"
@@ -44,8 +44,7 @@ choice
        depends on NF_CONNTRACK_ENABLED
 
 config NF_CONNTRACK_SUPPORT
-       bool "Layer 3 Independent Connection tracking (EXPERIMENTAL)"
-       depends on EXPERIMENTAL
+       bool "Layer 3 Independent Connection tracking"
        help
          Layer 3 independent connection tracking is experimental scheme
          which generalize ip_conntrack to support other layer 3 protocols.
@@ -56,7 +55,7 @@ config NF_CONNTRACK_SUPPORT
          below).
 
 config IP_NF_CONNTRACK_SUPPORT
-       bool "Layer 3 Dependent Connection tracking"
+       bool "Layer 3 Dependent Connection tracking (OBSOLETE)"
        help
          The old, Layer 3 dependent ip_conntrack subsystem of netfilter.
 
@@ -120,8 +119,12 @@ config NF_CONNTRACK_EVENTS
 
          If unsure, say `N'.
 
+config NF_CT_PROTO_GRE
+       tristate
+       depends on NF_CONNTRACK
+
 config NF_CT_PROTO_SCTP
-       tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
+       tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
        depends on EXPERIMENTAL && NF_CONNTRACK
        default n
        help
@@ -132,8 +135,8 @@ config NF_CT_PROTO_SCTP
          Documentation/modules.txt.  If unsure, say `N'.
 
 config NF_CONNTRACK_AMANDA
-       tristate "Amanda backup protocol support (EXPERIMENTAL)"
-       depends on EXPERIMENTAL && NF_CONNTRACK
+       tristate "Amanda backup protocol support"
+       depends on NF_CONNTRACK
        select TEXTSEARCH
        select TEXTSEARCH_KMP
        help
@@ -147,8 +150,8 @@ config NF_CONNTRACK_AMANDA
          To compile it as a module, choose M here.  If unsure, say N.
 
 config NF_CONNTRACK_FTP
-       tristate "FTP support on new connection tracking (EXPERIMENTAL)"
-       depends on EXPERIMENTAL && NF_CONNTRACK
+       tristate "FTP protocol support"
+       depends on NF_CONNTRACK
        help
          Tracking FTP connections is problematic: special helpers are
          required for tracking them, and doing masquerading and other forms
@@ -162,7 +165,7 @@ config NF_CONNTRACK_FTP
 
 config NF_CONNTRACK_H323
        tristate "H.323 protocol support (EXPERIMENTAL)"
-       depends on EXPERIMENTAL && NF_CONNTRACK
+       depends on EXPERIMENTAL && NF_CONNTRACK && (IPV6 || IPV6=n)
        help
          H.323 is a VoIP signalling protocol from ITU-T. As one of the most
          important VoIP protocols, it is widely used by voice hardware and
@@ -180,8 +183,8 @@ config NF_CONNTRACK_H323
          To compile it as a module, choose M here.  If unsure, say N.
 
 config NF_CONNTRACK_IRC
-       tristate "IRC protocol support (EXPERIMENTAL)"
-       depends on EXPERIMENTAL && NF_CONNTRACK
+       tristate "IRC protocol support"
+       depends on NF_CONNTRACK
        help
          There is a commonly-used extension to IRC called
          Direct Client-to-Client Protocol (DCC).  This enables users to send
@@ -213,6 +216,48 @@ config NF_CONNTRACK_NETBIOS_NS
 
          To compile it as a module, choose M here.  If unsure, say N.
 
+config NF_CONNTRACK_PPTP
+       tristate "PPtP protocol support"
+       depends on NF_CONNTRACK
+       select NF_CT_PROTO_GRE
+       help
+         This module adds support for PPTP (Point to Point Tunnelling
+         Protocol, RFC2637) connection tracking and NAT.
+
+         If you are running PPTP sessions over a stateful firewall or NAT
+         box, you may want to enable this feature.
+
+         Please note that not all PPTP modes of operation are supported yet.
+         Specifically these limitations exist:
+           - Blindy assumes that control connections are always established
+             in PNS->PAC direction. This is a violation of RFC2637.
+           - Only supports a single call within each session
+
+         To compile it as a module, choose M here.  If unsure, say N.
+
+config NF_CONNTRACK_SIP
+       tristate "SIP protocol support (EXPERIMENTAL)"
+       depends on EXPERIMENTAL && NF_CONNTRACK
+       help
+         SIP is an application-layer control protocol that can establish,
+         modify, and terminate multimedia sessions (conferences) such as
+         Internet telephony calls. With the ip_conntrack_sip and
+         the nf_nat_sip modules you can support the protocol on a connection
+         tracking/NATing firewall.
+
+         To compile it as a module, choose M here.  If unsure, say N.
+
+config NF_CONNTRACK_TFTP
+       tristate "TFTP protocol support"
+       depends on NF_CONNTRACK
+       help
+         TFTP connection tracking helper, this is required depending
+         on how restrictive your ruleset is.
+         If you are using a tftp client behind -j SNAT or -j MASQUERADING
+         you will need this.
+
+         To compile it as a module, choose M here.  If unsure, say N.
+
 config NF_CT_NETLINK
        tristate 'Connection tracking netlink interface (EXPERIMENTAL)'
        depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK
@@ -583,7 +628,7 @@ config NETFILTER_XT_MATCH_TCPMSS
 
 config NETFILTER_XT_MATCH_HASHLIMIT
        tristate '"hashlimit" match support'
-       depends on NETFILTER_XTABLES
+       depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
        help
          This option adds a `hashlimit' match.