Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables

[linux.git] / net / netfilter / Kconfig

diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 06095144ec8d674005d035697786284395c84ff1..c3b3b26c4c4e2ef311aa9d5868d40a80ec534c13 100644 (file)
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -915,6 +915,16 @@ config NETFILTER_XT_MATCH_BPF
 
          To compile it as a module, choose M here.  If unsure, say N.
 
+config NETFILTER_XT_MATCH_CGROUP
+       tristate '"control group" match support'
+       depends on NETFILTER_ADVANCED
+       depends on CGROUPS
+       select CGROUP_NET_CLASSID
+       ---help---
+       Socket/process control group matching allows you to match locally
+       generated packets based on which net_cls control group processes
+       belong to.
+
 config NETFILTER_XT_MATCH_CLUSTER
        tristate '"cluster" match support'
        depends on NF_CONNTRACK
@@ -966,7 +976,7 @@ config NETFILTER_XT_MATCH_CONNLABEL
          connection simultaneously.
 
 config NETFILTER_XT_MATCH_CONNLIMIT
-       tristate '"connlimit" match support"'
+       tristate '"connlimit" match support'
        depends on NF_CONNTRACK
        depends on NETFILTER_ADVANCED
        ---help---
@@ -1092,6 +1102,15 @@ config NETFILTER_XT_MATCH_HL
        in the IPv6 header, or the time-to-live field in the IPv4
        header of the packet.
 
+config NETFILTER_XT_MATCH_IPCOMP
+       tristate '"ipcomp" match support'
+       depends on NETFILTER_ADVANCED
+       help
+         This match extension allows you to match a range of CPIs(16 bits)
+         inside IPComp header of IPSec packets.
+
+         To compile it as a module, choose M here.  If unsure, say N.
+
 config NETFILTER_XT_MATCH_IPRANGE
        tristate '"iprange" address range match support'
        depends on NETFILTER_ADVANCED