Create config option to add nf_queue bypass feature. Signed-off-by: Karl Hiramoto <karl@xxxxxxxxxxxx> --- net/netfilter/Kconfig | 13 ++++++++++++- 1 files changed, 12 insertions(+), 1 deletions(-) diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 8593a77..4468365 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -11,7 +11,18 @@ config NETFILTER_NETLINK_QUEUE help If this option is enabled, the kernel will include support for queueing packets via NFNETLINK. - + +config NF_QUEUE_CONNBYTES_BYPASS + bool 'NF_QUEUE bypass support' + depends on NF_CONNTRACK + depends on NETFILTER_NETLINK_QUEUE + help + This option allows user-space to tell nfnetlink_queue so allow X bytes + to bypass the queue with the ACCEPT verdict. + In conditions where you know X bytes must be accepted, it avoid the + copy to user-space and can be over a 2X speed improvement. + + config NETFILTER_NETLINK_LOG tristate "Netfilter LOG over NFNETLINK interface" default m if NETFILTER_ADVANCED=n -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
