Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
configs: enable NETFILTER_XT_MATCH_BPF and NETFILTER_XT_MATCH_U32
NETFILTER_XT_MATCH_BPF=m NETFILTER_XT_MATCH_U32=m BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero. u32 allows you to extract quantities of up to 4 bytes from a packet, AND them with specified masks, shift them by specified amounts and test whether the results are in any of a set of specified ranges. The specification of what to extract is general enough to skip over headers with lengths stored in the packet, as in IP or TCP header lengths. Enabling these configs as modules to support Docker Swarm overlay encryption. Link: microsoft/WSL#10029 Signed-off-by: Kelsey Steele <kelseysteele@microsoft.com>
- Loading branch information