netfilter: nf_tables: add packet duplication to the netdev family

You can use this to duplicate packets and inject them at the egress path of the specified interface. This duplication allows you to inspect traffic from the dummy or any other interface dedicated to this purpose. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-01-03 23:02:18 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-01-03 23:04:23 +0300
commit: 502061f81d3eb4518d2e72178e494a8547788ad0 (patch)
tree: ed6697361ecf824620c428b0ad5cc221bd67351b /net/netfilter/Kconfig
parent: c7862a5f0de5f521c545f3436f0aa190964342dd (diff)
download: linux-502061f81d3eb4518d2e72178e494a8547788ad0.tar.xz
1 files changed, 16 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 4692782b5280..8514cc4b22a8 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -563,6 +563,22 @@ config NFT_COMPAT
 	  x_tables match/target extensions over the nf_tables
 	  framework.
 
+if NF_TABLES_NETDEV
+
+config NF_DUP_NETDEV
+	tristate "Netfilter packet duplication support"
+	help
+	  This option enables the generic packet duplication infrastructure
+	  for Netfilter.
+
+config NFT_DUP_NETDEV
+	tristate "Netfilter nf_tables netdev packet duplication support"
+	select NF_DUP_NETDEV
+	help
+	  This option enables packet duplication for the "netdev" family.
+
+endif # NF_TABLES_NETDEV
+
 endif # NF_TABLES
 
 config NETFILTER_XTABLES
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-01-03 23:02:18 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-01-03 23:04:23 +0300
commit	502061f81d3eb4518d2e72178e494a8547788ad0 (patch)
tree	ed6697361ecf824620c428b0ad5cc221bd67351b /net/netfilter/Kconfig
parent	c7862a5f0de5f521c545f3436f0aa190964342dd (diff)
download	linux-502061f81d3eb4518d2e72178e494a8547788ad0.tar.xz