3bf195ae60
before: text data bss dec hex filename 16566 1576 4136 22278 5706 nf_nat.ko 3598 844 0 4442 115a nf_nat_ipv6.ko 3187 844 0 4031 fbf nf_nat_ipv4.ko after: text data bss dec hex filename 22948 1612 4136 28696 7018 nf_nat.ko ... with ipv4/v6 nat now provided directly via nf_nat.ko. Also changes: ret = nf_nat_ipv4_fn(priv, skb, state); if (ret != NF_DROP && ret != NF_STOLEN && into if (ret != NF_ACCEPT) return ret; everywhere. The nat hooks never should return anything other than ACCEPT or DROP (and the latter only in rare error cases). The original code uses multi-line ANDing including assignment-in-if: if (ret != NF_DROP && ret != NF_STOLEN && !(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && (ct = nf_ct_get(skb, &ctinfo)) != NULL) { I removed this while moving, breaking those in separate conditionals and moving the assignments into extra lines. checkpatch still generates some warnings: 1. Overly long lines (of moved code). Breaking them is even more ugly. so I kept this as-is. 2. use of extern function declarations in a .c file. This is necessary evil, we must call nf_nat_l3proto_register() from the nat core now. All l3proto related functions are removed later in this series, those prototypes are then removed as well. v2: keep empty nf_nat_ipv6_csum_update stub for CONFIG_IPV6=n case. v3: remove IS_ENABLED(NF_NAT_IPV4/6) tests, NF_NAT_IPVx toggles are removed here. v4: also get rid of the assignments in conditionals. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
74 lines
2.2 KiB
Plaintext
74 lines
2.2 KiB
Plaintext
#
|
|
# Open vSwitch
|
|
#
|
|
|
|
config OPENVSWITCH
|
|
tristate "Open vSwitch"
|
|
depends on INET
|
|
depends on !NF_CONNTRACK || \
|
|
(NF_CONNTRACK && ((!NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6) && \
|
|
(!NF_NAT || NF_NAT) && \
|
|
(!NETFILTER_CONNCOUNT || NETFILTER_CONNCOUNT)))
|
|
select LIBCRC32C
|
|
select MPLS
|
|
select NET_MPLS_GSO
|
|
select DST_CACHE
|
|
select NET_NSH
|
|
---help---
|
|
Open vSwitch is a multilayer Ethernet switch targeted at virtualized
|
|
environments. In addition to supporting a variety of features
|
|
expected in a traditional hardware switch, it enables fine-grained
|
|
programmatic extension and flow-based control of the network. This
|
|
control is useful in a wide variety of applications but is
|
|
particularly important in multi-server virtualization deployments,
|
|
which are often characterized by highly dynamic endpoints and the
|
|
need to maintain logical abstractions for multiple tenants.
|
|
|
|
The Open vSwitch datapath provides an in-kernel fast path for packet
|
|
forwarding. It is complemented by a userspace daemon, ovs-vswitchd,
|
|
which is able to accept configuration from a variety of sources and
|
|
translate it into packet processing rules.
|
|
|
|
See http://openvswitch.org for more information and userspace
|
|
utilities.
|
|
|
|
To compile this code as a module, choose M here: the module will be
|
|
called openvswitch.
|
|
|
|
If unsure, say N.
|
|
|
|
config OPENVSWITCH_GRE
|
|
tristate "Open vSwitch GRE tunneling support"
|
|
depends on OPENVSWITCH
|
|
depends on NET_IPGRE
|
|
default OPENVSWITCH
|
|
---help---
|
|
If you say Y here, then the Open vSwitch will be able create GRE
|
|
vport.
|
|
|
|
Say N to exclude this support and reduce the binary size.
|
|
|
|
If unsure, say Y.
|
|
|
|
config OPENVSWITCH_VXLAN
|
|
tristate "Open vSwitch VXLAN tunneling support"
|
|
depends on OPENVSWITCH
|
|
depends on VXLAN
|
|
default OPENVSWITCH
|
|
---help---
|
|
If you say Y here, then the Open vSwitch will be able create vxlan vport.
|
|
|
|
Say N to exclude this support and reduce the binary size.
|
|
|
|
If unsure, say Y.
|
|
|
|
config OPENVSWITCH_GENEVE
|
|
tristate "Open vSwitch Geneve tunneling support"
|
|
depends on OPENVSWITCH
|
|
depends on GENEVE
|
|
default OPENVSWITCH
|
|
---help---
|
|
If you say Y here, then the Open vSwitch will be able create geneve vport.
|
|
|
|
Say N to exclude this support and reduce the binary size.
|