diff options
author | Mark Brown <broonie@sirena.org.uk> | 2013-06-14 17:42:49 +0100 |
---|---|---|
committer | Mark Brown <broonie@sirena.org.uk> | 2013-06-14 17:42:49 +0100 |
commit | c4d0a06860b8ade51836f07ae050245f9059c6d6 (patch) | |
tree | 88931d8ccb3cc94bb2a895149ff18dfc448e3324 /net/netfilter/Kconfig | |
parent | ebb7c3b1a10a2cd3986f2db60612d2c6fbb915ab (diff) | |
parent | 1f76bce8544acd38f7bb1e822540f8ca521e1b7f (diff) |
Merge remote-tracking branch 'jstultz-android/linaro-fixes/experimental/android-3.9' into merge-androidlsk-android-2013.06
Conflicts:
arch/arm/common/Makefile
arch/arm/include/asm/irq.h
arch/arm/include/asm/smp.h
arch/arm/kernel/smp.c
Diffstat (limited to 'net/netfilter/Kconfig')
-rw-r--r-- | net/netfilter/Kconfig | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 56d22cae590..bdf9c60b296 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -1089,6 +1089,8 @@ config NETFILTER_XT_MATCH_OWNER based on who created the socket: the user or group. It is also possible to check whether a socket actually exists. + Conflicts with '"quota, tag, uid" match' + config NETFILTER_XT_MATCH_POLICY tristate 'IPsec "policy" match support' depends on XFRM @@ -1122,6 +1124,22 @@ config NETFILTER_XT_MATCH_PKTTYPE To compile it as a module, choose M here. If unsure, say N. +config NETFILTER_XT_MATCH_QTAGUID + bool '"quota, tag, owner" match and stats support' + depends on NETFILTER_XT_MATCH_SOCKET + depends on NETFILTER_XT_MATCH_OWNER=n + help + This option replaces the `owner' match. In addition to matching + on uid, it keeps stats based on a tag assigned to a socket. + The full tag is comprised of a UID and an accounting tag. + The tags are assignable to sockets from user space (e.g. a download + manager can assign the socket to another UID for accounting). + Stats and control are done via /proc/net/xt_qtaguid/. + It replaces owner as it takes the same arguments, but should + really be recognized by the iptables tool. + + If unsure, say `N'. + config NETFILTER_XT_MATCH_QUOTA tristate '"quota" match support' depends on NETFILTER_ADVANCED @@ -1132,6 +1150,30 @@ config NETFILTER_XT_MATCH_QUOTA If you want to compile it as a module, say M here and read <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. +config NETFILTER_XT_MATCH_QUOTA2 + tristate '"quota2" match support' + depends on NETFILTER_ADVANCED + help + This option adds a `quota2' match, which allows to match on a + byte counter correctly and not per CPU. + It allows naming the quotas. + This is based on http://xtables-addons.git.sourceforge.net + + If you want to compile it as a module, say M here and read + <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. + +config NETFILTER_XT_MATCH_QUOTA2_LOG + bool '"quota2" Netfilter LOG support' + depends on NETFILTER_XT_MATCH_QUOTA2 + depends on IP_NF_TARGET_ULOG=n # not yes, not module, just no + default n + help + This option allows `quota2' to log ONCE when a quota limit + is passed. It logs via NETLINK using the NETLINK_NFLOG family. + It logs similarly to how ipt_ULOG would without data. + + If unsure, say `N'. + config NETFILTER_XT_MATCH_RATEEST tristate '"rateest" match support' depends on NETFILTER_ADVANCED |