summaryrefslogtreecommitdiffstats
path: root/net/ipv4/netfilter/Kconfig
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2015-05-31 18:04:11 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-08-07 11:49:49 +0200
commitd877f07112f1e5a247c6b585c971a93895c9f738 (patch)
tree6ff7fa3d31b94ef6cbe88284d63f93bdab8a35fb /net/ipv4/netfilter/Kconfig
parentbbde9fc1824aab58bc78c084163007dd6c03fe5b (diff)
downloadlinux-stable-d877f07112f1e5a247c6b585c971a93895c9f738.tar.gz
linux-stable-d877f07112f1e5a247c6b585c971a93895c9f738.tar.bz2
linux-stable-d877f07112f1e5a247c6b585c971a93895c9f738.zip
netfilter: nf_tables: add nft_dup expression
This new expression uses the nf_dup engine to clone packets to a given gateway. Unlike xt_TEE, we use an index to indicate output interface which should be fine at this stage. Moreover, change to the preemtion-safe this_cpu_read(nf_skb_duplicated) from nf_dup_ipv{4,6} to silence a lockdep splat. Based on the original tee expression from Arturo Borrero Gonzalez, although this patch has diverted quite a bit from this initial effort due to the change to support maps. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4/netfilter/Kconfig')
-rw-r--r--net/ipv4/netfilter/Kconfig6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 0142ea259d7d..690d27d3f2f9 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -58,6 +58,12 @@ config NFT_REJECT_IPV4
default NFT_REJECT
tristate
+config NFT_DUP_IPV4
+ tristate "IPv4 nf_tables packet duplication support"
+ select NF_DUP_IPV4
+ help
+ This module enables IPv4 packet duplication support for nf_tables.
+
endif # NF_TABLES_IPV4
config NF_TABLES_ARP