Kindly review for kernel config changes


Kento Yoshida
 

Hi,

 

The security working group need to use "nftables", and it requires to add the below kernel configs to work.

Before merging to the master branch of "isar-cip-core", would you kindly review to add the below configs by this Friday, everyone?

 

--- a/recipes-kernel/linux/files/qemu-amd64_defconfig

+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig

@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y

# CONFIG_XZ_DEC_ARM is not set

# CONFIG_XZ_DEC_ARMTHUMB is not set

# CONFIG_XZ_DEC_SPARC is not set

+CONFIG_NF_TABLES=y

+CONFIG_NF_TABLES_INET=y

+CONFIG_NF_TABLES_NETDEV=y

+CONFIG_NFT_EXTHDR=y

+CONFIG_NFT_META=y

+CONFIG_NFT_CT=y

+CONFIG_NFT_RBTREE=y

+CONFIG_NFT_HASH=y

+CONFIG_NFT_COUNTER=y

+CONFIG_NFT_LOG=y

+CONFIG_NFT_LIMIT=y

+CONFIG_NFT_MASQ=y

+CONFIG_NFT_REDIR=y

+CONFIG_NFT_NAT=y

+CONFIG_NFT_QUEUE=y

+CONFIG_NFT_REJECT=y

+CONFIG_NFT_REJECT_INET=y

+CONFIG_NFT_COMPAT=y

+CONFIG_NFT_CHAIN_ROUTE_IPV4=y

+CONFIG_NFT_REJECT_IPV4=y

+CONFIG_NFT_CHAIN_NAT_IPV4=y

+CONFIG_NFT_MASQ_IPV4=y

+# CONFIG_NFT_REDIR_IPV4 is not set

+CONFIG_NFT_CHAIN_ROUTE_IPV6=y

+CONFIG_NFT_REJECT_IPV6=y

+CONFIG_NFT_CHAIN_NAT_IPV6=y

+CONFIG_NFT_MASQ_IPV6=y

+# CONFIG_NFT_REDIR_IPV6 is not set

+CONFIG_NFT_BRIDGE_META=y

+CONFIG_NFT_BRIDGE_REJECT=y

+CONFIG_NF_LOG_BRIDGE=y

 

BR, Kent

Join cip-dev@lists.cip-project.org to automatically receive all group messages.