netfilter: iptables socket match

Add iptables 'socket' match, which matches packets for which a TCP/UDP socket lookup succeeds. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: KOVACS Krisztian <hidden@sch.bme.hu> 2008-10-08 11:35:12 +0200
committer: Patrick McHardy <kaber@trash.net> 2008-10-08 11:35:12 +0200
commit: 136cdc71fd54e77463e570643ac76e2b696e48a0 (patch)
tree: 89006778803d098a8f991ebeacc2dd86a2782340 /net/netfilter/Kconfig
parent: 9ad2d745a23853927a19789b034d9eb2e62d78ee (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index ed1dcfb61e12..f6c807299487 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -778,6 +778,21 @@ config NETFILTER_XT_MATCH_SCTP
 	  If you want to compile it as a module, say M here and read
 	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
 
+config NETFILTER_XT_MATCH_SOCKET
+	tristate '"socket" match support (EXPERIMENTAL)'
+	depends on EXPERIMENTAL
+	depends on NETFILTER_TPROXY
+	depends on NETFILTER_XTABLES
+	depends on NETFILTER_ADVANCED
+	select NF_DEFRAG_IPV4
+	help
+	  This option adds a `socket' match, which can be used to match
+	  packets for which a TCP or UDP socket lookup finds a valid socket.
+	  It can be used in combination with the MARK target and policy
+	  routing to implement full featured non-locally bound sockets.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
 config NETFILTER_XT_MATCH_STATE
 	tristate '"state" match support'
 	depends on NETFILTER_XTABLES
author	KOVACS Krisztian <hidden@sch.bme.hu>	2008-10-08 11:35:12 +0200
committer	Patrick McHardy <kaber@trash.net>	2008-10-08 11:35:12 +0200
commit	136cdc71fd54e77463e570643ac76e2b696e48a0 (patch)
tree	89006778803d098a8f991ebeacc2dd86a2782340 /net/netfilter/Kconfig
parent	9ad2d745a23853927a19789b034d9eb2e62d78ee (diff)