configs: enable NETFILTER_XT_MATCH_BPF and NETFILTER_XT_MATCH_U32

NETFILTER_XT_MATCH_BPF=m NETFILTER_XT_MATCH_U32=m BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero. u32 allows you to extract quantities of up to 4 bytes from a packet, AND them with specified masks, shift them by specified amounts and test whether the results are in any of a set of specified ranges. The specification of what to extract is general enough to skip over headers with lengths stored in the packet, as in IP or TCP header lengths. Enabling these configs as modules to support Docker Swarm overlay encryption. Link: microsoft/WSL#10029 Signed-off-by: Kelsey Steele <kelseysteele@microsoft.com>
sileshn · Jan 1, 2024 · 674cf00 · 674cf00
1 parent 55d228b
commit 674cf00
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/arch/arm64/configs/config-wsl-arm64 b/arch/arm64/configs/config-wsl-arm64
@@ -1120,7 +1120,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
 # Xtables matches
 #
 CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
-# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_BPF=m
 CONFIG_NETFILTER_XT_MATCH_CGROUP=y
 # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
@@ -1164,7 +1164,7 @@ CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
-# CONFIG_NETFILTER_XT_MATCH_U32 is not set
+CONFIG_NETFILTER_XT_MATCH_U32=m
 # end of Core Netfilter Configuration
 
 CONFIG_IP_SET=y

diff --git a/arch/x86/configs/config-wsl b/arch/x86/configs/config-wsl
@@ -1189,7 +1189,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
 # Xtables matches
 #
 CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
-# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_BPF=m
 CONFIG_NETFILTER_XT_MATCH_CGROUP=y
 # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
@@ -1233,7 +1233,7 @@ CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
-# CONFIG_NETFILTER_XT_MATCH_U32 is not set
+CONFIG_NETFILTER_XT_MATCH_U32=m
 # end of Core Netfilter Configuration
 
 CONFIG_IP_SET=y