From 674cf00811518a74a54117d02ec14f52c59ce615 Mon Sep 17 00:00:00 2001 From: Kelsey Steele Date: Thu, 2 Nov 2023 14:19:50 -0700 Subject: [PATCH] configs: enable NETFILTER_XT_MATCH_BPF and NETFILTER_XT_MATCH_U32 NETFILTER_XT_MATCH_BPF=m NETFILTER_XT_MATCH_U32=m BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero. u32 allows you to extract quantities of up to 4 bytes from a packet, AND them with specified masks, shift them by specified amounts and test whether the results are in any of a set of specified ranges. The specification of what to extract is general enough to skip over headers with lengths stored in the packet, as in IP or TCP header lengths. Enabling these configs as modules to support Docker Swarm overlay encryption. Link: https://github.com/microsoft/WSL/issues/10029 Signed-off-by: Kelsey Steele --- arch/arm64/configs/config-wsl-arm64 | 4 ++-- arch/x86/configs/config-wsl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/configs/config-wsl-arm64 b/arch/arm64/configs/config-wsl-arm64 index f7f34c7753791..f530be273b9da 100755 --- a/arch/arm64/configs/config-wsl-arm64 +++ b/arch/arm64/configs/config-wsl-arm64 @@ -1120,7 +1120,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # Xtables matches # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y -# CONFIG_NETFILTER_XT_MATCH_BPF is not set +CONFIG_NETFILTER_XT_MATCH_BPF=m CONFIG_NETFILTER_XT_MATCH_CGROUP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y @@ -1164,7 +1164,7 @@ CONFIG_NETFILTER_XT_MATCH_STATISTIC=y # CONFIG_NETFILTER_XT_MATCH_STRING is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set +CONFIG_NETFILTER_XT_MATCH_U32=m # end of Core Netfilter Configuration CONFIG_IP_SET=y diff --git a/arch/x86/configs/config-wsl b/arch/x86/configs/config-wsl index 56020171672c6..8193a5118e2dd 100644 --- a/arch/x86/configs/config-wsl +++ b/arch/x86/configs/config-wsl @@ -1189,7 +1189,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y # Xtables matches # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y -# CONFIG_NETFILTER_XT_MATCH_BPF is not set +CONFIG_NETFILTER_XT_MATCH_BPF=m CONFIG_NETFILTER_XT_MATCH_CGROUP=y # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set CONFIG_NETFILTER_XT_MATCH_COMMENT=y @@ -1233,7 +1233,7 @@ CONFIG_NETFILTER_XT_MATCH_STATISTIC=y # CONFIG_NETFILTER_XT_MATCH_STRING is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set -# CONFIG_NETFILTER_XT_MATCH_U32 is not set +CONFIG_NETFILTER_XT_MATCH_U32=m # end of Core Netfilter Configuration CONFIG_IP_SET=y