fix nat helpers for ipv4, add rtsp nat helper

1 files changed, 1 insertions, 122 deletions

diff --git a/target/linux/config/Config.in.netfilter.ip4 b/target/linux/config/Config.in.netfilter.ip4
index 34eb14449..95a71b917 100644
--- a/target/linux/config/Config.in.netfilter.ip4
+++ b/target/linux/config/Config.in.netfilter.ip4
@@ -8,7 +8,7 @@ config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IPV4
 
 config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT
 	bool 'Connection tracking flow accounting'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
+	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
 	help
 	  If this option is enabled, the connection tracking code will
 	  keep per-flow packet and byte counters.
@@ -16,127 +16,6 @@ config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT
 	  Those counters can be used for flow-based accounting or the
 	  `connbytes' match.
 
-config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_MARK
-	bool 'Connection mark tracking support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	select ADK_KERNEL_IP_NF_MATCH_CONNMARK
-	help
-	  This option enables support for connection marks, used by the
-	  `CONNMARK' target and `connmark' match. Similar to the mark value
-	  of packets, but this mark value is kept in the conntrack session
-	  instead of the individual packets.
-
-config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_SECMARK
-	bool 'Connection tracking security mark support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	#FIXME select NETWORK_SECMARK
-	help
-	  This option enables security markings to be applied to
-	  connections.  Typically they are copied to connections from
-	  packets using the CONNSECMARK target and copied back from
-	  connections to packets with the same target, with the packets
-	  being originally labeled via SECMARK.
-
-config ADK_KPACKAGE_KMOD_IP_NF_FTP
-	tristate 'FTP protocol support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  Tracking FTP connections is problematic: special helpers are
-	  required for tracking them, and doing masquerading and other forms
-	  of Network Address Translation on them.
-
-config ADK_KPACKAGE_KMOD_IP_NF_IRC
-	tristate 'IRC protocol support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  There is a commonly-used extension to IRC called
-	  Direct Client-to-Client Protocol (DCC).  This enables users to send
-	  files to each other, and also chat to each other without the need
-	  of a server.  DCC Sending is used anywhere you send files over IRC,
-	  and DCC Chat is most commonly used by Eggdrop bots.  If you are
-	  using NAT, this extension will enable you to send files and initiate
-	  chats.  Note that you do NOT need this extension to get files or
-	  have others initiate chats, or everything else in IRC.
-
-config ADK_KPACKAGE_KMOD_IP_NF_NETBIOS_NS
-	tristate 'NetBIOS name service protocol support (EXPERIMENTAL)'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  NetBIOS name service requests are sent as broadcast messages from an
-	  unprivileged port and responded to with unicast messages to the
-	  same port. This make them hard to firewall properly because connection
-	  tracking doesn't deal with broadcasts. This helper tracks locally
-	  originating NetBIOS name service requests and the corresponding
-	  responses. It relies on correct IP address configuration, specifically
-	  netmask and broadcast address. When properly configured, the output
-	  of "ip address show" should look similar to this:
-
-	  $ ip -4 address show eth0
-	  4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
-	      inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0
-
-config ADK_KPACKAGE_KMOD_IP_NF_TFTP
-	tristate 'TFTP protocol support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  TFTP connection tracking helper, this is required depending
-	  on how restrictive your ruleset is.
-	  If you are using a tftp client behind -j SNAT or -j MASQUERADING
-	  you will need this.
-
-config ADK_KPACKAGE_KMOD_IP_NF_AMANDA
-	tristate 'Amanda backup protocol support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	#FIXME TEXTSEARCH && TEXTSEARCH_KMP
-	help
-	  If you are running the Amanda backup package <http://www.amanda.org/>
-	  on this machine or machines that will be MASQUERADED through this
-	  machine, then you may want to enable this feature.  This allows the
-	  connection tracking and natting code to allow the sub-channels that
-	  Amanda requires for communication of the backup data, messages and
-	  index.
-
-config ADK_KPACKAGE_KMOD_IP_NF_PPTP
-	tristate 'PPTP protocol support'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  This module adds support for PPTP (Point to Point Tunnelling
-	  Protocol, RFC2637) connection tracking and NAT. 
-	
-	  If you are running PPTP sessions over a stateful firewall or NAT
-	  box, you may want to enable this feature.  
-	
-	  Please note that not all PPTP modes of operation are supported yet.
-	  For more info, read top of the file
-	  net/ipv4/netfilter/ip_conntrack_pptp.c
-
-config ADK_KPACKAGE_KMOD_IP_NF_H323
-	tristate 'H.323 protocol support (EXPERIMENTAL)'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  H.323 is a VoIP signalling protocol from ITU-T. As one of the most
-	  important VoIP protocols, it is widely used by voice hardware and
-	  software including voice gateways, IP phones, Netmeeting, OpenPhone,
-	  Gnomemeeting, etc.
-
-	  With this module you can support H.323 on a connection tracking/NAT
-	  firewall.
-
-	  This module supports RAS, Fast Start, H.245 Tunnelling, Call
-	  Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
-	  whiteboard, file transfer, etc. For more information, please
-	  visit http://nath323.sourceforge.net/.
-
-config ADK_KPACKAGE_KMOD_IP_NF_SIP
-	tristate 'SIP protocol support (EXPERIMENTAL)'
-	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
-	help
-	  SIP is an application-layer control protocol that can establish,
-	  modify, and terminate multimedia sessions (conferences) such as
-	  Internet telephony calls. With the ip_conntrack_sip and
-	  the ip_nat_sip modules you can support the protocol on a connection
-	  tracking/NATing firewall.
-
 
 config ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
 	tristate 'IP tables support (required for filtering/masq/NAT)'