[SK_BUFF]: Introduce skb_mac_header()

[deliverable/linux.git] / net / ipv4 / netfilter / Kconfig

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index f6026d4ac428d1bab8f1f59080e6d55c315275a7..601808c796ec16ca59cbd7fbccee71891cacb268 100644 (file)
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -6,8 +6,8 @@ menu "IP: Netfilter Configuration"
        depends on INET && NETFILTER
 
 config NF_CONNTRACK_IPV4
-       tristate "IPv4 connection tracking support (required for NAT) (EXPERIMENTAL)"
-       depends on EXPERIMENTAL && NF_CONNTRACK
+       tristate "IPv4 connection tracking support (required for NAT)"
+       depends on NF_CONNTRACK
        ---help---
          Connection tracking keeps a record of what packets have passed
          through your machine, in order to figure out how they are related
@@ -226,7 +226,7 @@ config IP_NF_QUEUE
 
 config IP_NF_IPTABLES
        tristate "IP tables support (required for filtering/masq/NAT)"
-       depends on NETFILTER_XTABLES
+       select NETFILTER_XTABLES
        help
          iptables is a general, extensible packet identification framework.
          The packet filtering and full NAT (masquerading, port forwarding,
@@ -361,32 +361,6 @@ config IP_NF_TARGET_ULOG
 
          To compile it as a module, choose M here.  If unsure, say N.
 
-config IP_NF_TARGET_TCPMSS
-       tristate "TCPMSS target support"
-       depends on IP_NF_IPTABLES
-       ---help---
-         This option adds a `TCPMSS' target, which allows you to alter the
-         MSS value of TCP SYN packets, to control the maximum size for that
-         connection (usually limiting it to your outgoing interface's MTU
-         minus 40).
-
-         This is used to overcome criminally braindead ISPs or servers which
-         block ICMP Fragmentation Needed packets.  The symptoms of this
-         problem are that everything works fine from your Linux
-         firewall/router, but machines behind it can never exchange large
-         packets:
-               1) Web browsers connect, then hang with no data received.
-               2) Small mail works fine, but large emails hang.
-               3) ssh works fine, but scp hangs after initial handshaking.
-
-         Workaround: activate this option and add a rule to your firewall
-         configuration like:
-
-         iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-                        -j TCPMSS --clamp-mss-to-pmtu
-
-         To compile it as a module, choose M here.  If unsure, say N.
-
 # NAT + specific targets: ip_conntrack
 config IP_NF_NAT
        tristate "Full NAT"
@@ -632,7 +606,9 @@ config IP_NF_TARGET_TTL
 config IP_NF_TARGET_CLUSTERIP
        tristate "CLUSTERIP target support (EXPERIMENTAL)"
        depends on IP_NF_MANGLE && EXPERIMENTAL
-       depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
+       depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4
+       select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK
+       select NF_CONNTRACK_MARK if NF_CONNTRACK_IPV4
        help
          The CLUSTERIP target allows you to build load-balancing clusters of
          network servers without having a dedicated load-balancing
@@ -655,7 +631,7 @@ config IP_NF_RAW
 # ARP tables
 config IP_NF_ARPTABLES
        tristate "ARP tables support"
-       depends on NETFILTER_XTABLES
+       select NETFILTER_XTABLES
        help
          arptables is a general, extensible packet identification framework.
          The ARP packet filtering and mangling (manipulation)subsystems