netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT

Now that we have masquerading support in nf_tables, the NAT chain can
be use with it, not only for SNAT/DNAT. So make this chain type
independent of it.

While at it, move it inside the scope of 'if NF_NAT_IPV*' to simplify
dependencies.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index d189c5262bdbd3f44d77ca8cbba149ecdb8c809d..eb6995fc4f673c1cfca56df336ee9c2ae5bc5fb2 100644 (file)
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -61,16 +61,6 @@ config NFT_CHAIN_ROUTE_IPV4
          fields such as the source, destination, type of service and
          the packet mark.
 
-config NFT_CHAIN_NAT_IPV4
-       depends on NF_TABLES_IPV4
-       depends on NF_NAT_IPV4 && NFT_NAT
-       tristate "IPv4 nf_tables nat chain support"
-       help
-         This option enables the "nat" chain for IPv4 in nf_tables. This
-         chain type is used to perform Network Address Translation (NAT)
-         packet transformations such as the source, destination address and
-         source and destination ports.
-
 config NFT_REJECT_IPV4
        depends on NF_TABLES_IPV4
        default NFT_REJECT
@@ -94,6 +84,15 @@ config NF_NAT_IPV4
 
 if NF_NAT_IPV4
 
+config NFT_CHAIN_NAT_IPV4
+       depends on NF_TABLES_IPV4
+       tristate "IPv4 nf_tables nat chain support"
+       help
+         This option enables the "nat" chain for IPv4 in nf_tables. This
+         chain type is used to perform Network Address Translation (NAT)
+         packet transformations such as the source, destination address and
+         source and destination ports.
+
 config NF_NAT_SNMP_BASIC
        tristate "Basic SNMP-ALG support"
        depends on NF_CONNTRACK_SNMP

diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index a8f25306a46a2457d07fb9ce12a90649d9dcfec7..e854062d0c363e2273fcfd1dd0bc1ff432a1dc5a 100644 (file)
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -40,16 +40,6 @@ config NFT_CHAIN_ROUTE_IPV6
          fields such as the source, destination, flowlabel, hop-limit and
          the packet mark.
 
-config NFT_CHAIN_NAT_IPV6
-       depends on NF_TABLES_IPV6
-       depends on NF_NAT_IPV6 && NFT_NAT
-       tristate "IPv6 nf_tables nat chain support"
-       help
-         This option enables the "nat" chain for IPv6 in nf_tables. This
-         chain type is used to perform Network Address Translation (NAT)
-         packet transformations such as the source, destination address and
-         source and destination ports.
-
 config NFT_REJECT_IPV6
        depends on NF_TABLES_IPV6
        default NFT_REJECT
@@ -70,6 +60,19 @@ config NF_NAT_IPV6
          forms of full Network Address Port Translation. This can be
          controlled by iptables or nft.
 
+if NF_NAT_IPV6
+
+config NFT_CHAIN_NAT_IPV6
+       depends on NF_TABLES_IPV6
+       tristate "IPv6 nf_tables nat chain support"
+       help
+         This option enables the "nat" chain for IPv6 in nf_tables. This
+         chain type is used to perform Network Address Translation (NAT)
+         packet transformations such as the source, destination address and
+         source and destination ports.
+
+endif # NF_NAT_IPV6
+
 config IP6_NF_IPTABLES
        tristate "IP6 tables support (required for filtering)"
        depends on INET && IPV6