• Florian Westphal's avatar
    netfilter: kconfig: remove ct zone/label dependencies · 7bdfcea8
    Florian Westphal authored
    connection tracking zones currently depend on the xtables CT target.
    The reasoning was that it makes no sense to support zones if they can't
    be configured (which needed CT target).
    
    Nowadays zones can also be used by OVS and configured via nftables,
    so remove the dependency.
    
    connection tracking labels are handled via hidden dependency that gets
    auto-selected by the connlabel match.
    Make it a visible knob, as labels can be attached via ctnetlink
    or via nftables rules (nft_ct expression) too.
    
    This allows to use conntrack labels and zones with nftables-only build.
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    7bdfcea8
Kconfig 51.2 KB