netfilter: nf_tables: add support for native socket matching

Now it can only match the transparent flag of an ip/ipv6 socket. Signed-off-by: Máté Eckl <ecklm94@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Máté Eckl <ecklm94@gmail.com> 2018-05-28 09:15:33 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-01 09:46:15 +0200
commit: 554ced0a6e2946562c20d9fffdbaf2aa7da36b1b (patch)
tree: 183337776f85d8e10d2a23b7ddc49a59cc0502c7 /net/netfilter/Kconfig
parent: 7849958b51aa392e3592b6b8181db0baad979b0b (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 3ec8886850b2..276e1e32f44e 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -613,6 +613,15 @@ config NFT_FIB_INET
 	  The lookup will be delegated to the IPv4 or IPv6 FIB depending
 	  on the protocol of the packet.
 
+config NFT_SOCKET
+	tristate "Netfilter nf_tables socket match support"
+	depends on IPV6 || IPV6=n
+	select NF_SOCKET_IPV4
+	select NF_SOCKET_IPV6 if IPV6
+	help
+	  This option allows matching for the presence or absence of a
+	  corresponding socket and its attributes.
+
 if NF_TABLES_NETDEV
 
 config NF_DUP_NETDEV
author	Máté Eckl <ecklm94@gmail.com>	2018-05-28 09:15:33 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-01 09:46:15 +0200
commit	554ced0a6e2946562c20d9fffdbaf2aa7da36b1b (patch)
tree	183337776f85d8e10d2a23b7ddc49a59cc0502c7 /net/netfilter/Kconfig
parent	7849958b51aa392e3592b6b8181db0baad979b0b (diff)