From 2ab3cc65de73bae1566114aca45993ca91a429b3 Mon Sep 17 00:00:00 2001 From: Martin Schmiedel Date: Mon, 4 Nov 2024 10:18:35 +0100 Subject: [PATCH] tqma-current.config: update and add configs for nftables - enable configs needed for nftables basic rules Signed-off-by: Martin Schmiedel --- config/kernel/linux-tqma-current.config | 115 +++++++++++++++++++----- 1 file changed, 93 insertions(+), 22 deletions(-) diff --git a/config/kernel/linux-tqma-current.config b/config/kernel/linux-tqma-current.config index d4dec9432d83..f07840b878bf 100644 --- a/config/kernel/linux-tqma-current.config +++ b/config/kernel/linux-tqma-current.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.11.5 Kernel Configuration +# Linux/arm64 6.11.6 Kernel Configuration # CONFIG_CC_VERSION_TEXT="aarch64-linux-gnu-gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0" CONFIG_CC_IS_GCC=y @@ -1043,13 +1043,26 @@ CONFIG_UNIX=y CONFIG_AF_UNIX_OOB=y # CONFIG_UNIX_DIAG is not set # CONFIG_TLS is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=m # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set +CONFIG_XFRM_AH=m +CONFIG_XFRM_ESP=m +CONFIG_XFRM_IPCOMP=m # CONFIG_NET_KEY is not set # CONFIG_XDP_SOCKETS is not set CONFIG_NET_HANDSHAKE=y CONFIG_INET=y CONFIG_IP_MULTICAST=y -# CONFIG_IP_ADVANCED_ROUTER is not set +CONFIG_IP_ADVANCED_ROUTER=y +# CONFIG_IP_FIB_TRIE_STATS is not set +CONFIG_IP_MULTIPLE_TABLES=y +# CONFIG_IP_ROUTE_MULTIPATH is not set +# CONFIG_IP_ROUTE_VERBOSE is not set CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y CONFIG_IP_PNP_BOOTP=y @@ -1058,14 +1071,17 @@ CONFIG_IP_PNP_BOOTP=y # CONFIG_NET_IPGRE_DEMUX is not set CONFIG_NET_IP_TUNNEL=m # CONFIG_IP_MROUTE is not set -# CONFIG_SYN_COOKIES is not set +CONFIG_SYN_COOKIES=y # CONFIG_NET_IPVTI is not set # CONFIG_NET_FOU is not set # CONFIG_NET_FOU_IP_TUNNELS is not set -# CONFIG_INET_AH is not set -# CONFIG_INET_ESP is not set -# CONFIG_INET_IPCOMP is not set +CONFIG_INET_AH=m +CONFIG_INET_ESP=m +# CONFIG_INET_ESP_OFFLOAD is not set +# CONFIG_INET_ESPINTCP is not set +CONFIG_INET_IPCOMP=m CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m CONFIG_INET_DIAG=y CONFIG_INET_TCP_DIAG=y @@ -1080,16 +1096,21 @@ CONFIG_IPV6=m # CONFIG_IPV6_ROUTER_PREF is not set # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_INET6_AH is not set -# CONFIG_INET6_ESP is not set -# CONFIG_INET6_IPCOMP is not set +CONFIG_INET6_ESP=m +# CONFIG_INET6_ESP_OFFLOAD is not set +# CONFIG_INET6_ESPINTCP is not set +CONFIG_INET6_IPCOMP=m # CONFIG_IPV6_MIP6 is not set # CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=m +CONFIG_INET6_TUNNEL=m # CONFIG_IPV6_VTI is not set CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +# CONFIG_IPV6_SUBTREES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set # CONFIG_IPV6_SEG6_HMAC is not set @@ -1110,14 +1131,18 @@ CONFIG_BRIDGE_NETFILTER=m CONFIG_NETFILTER_INGRESS=y CONFIG_NETFILTER_EGRESS=y CONFIG_NETFILTER_SKIP_EGRESS=y +CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y CONFIG_NETFILTER_BPF_LINK=y -# CONFIG_NETFILTER_NETLINK_ACCT is not set -# CONFIG_NETFILTER_NETLINK_QUEUE is not set -# CONFIG_NETFILTER_NETLINK_LOG is not set -# CONFIG_NETFILTER_NETLINK_OSF is not set +# CONFIG_NETFILTER_NETLINK_HOOK is not set +CONFIG_NETFILTER_NETLINK_ACCT=m +CONFIG_NETFILTER_NETLINK_QUEUE=m +CONFIG_NETFILTER_NETLINK_LOG=m +CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_SYSLOG=m +CONFIG_NETFILTER_CONNCOUNT=m # CONFIG_NF_CONNTRACK_MARK is not set # CONFIG_NF_CONNTRACK_ZONES is not set # CONFIG_NF_CONNTRACK_PROCFS is not set @@ -1140,8 +1165,37 @@ CONFIG_NF_CT_PROTO_UDPLITE=y # CONFIG_NF_CONNTRACK_TFTP is not set # CONFIG_NF_CT_NETLINK is not set CONFIG_NF_NAT=m +CONFIG_NF_NAT_REDIRECT=y CONFIG_NF_NAT_MASQUERADE=y -# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_NUMGEN=m +CONFIG_NFT_CT=m +CONFIG_NFT_CONNLIMIT=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_MASQ=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m +CONFIG_NFT_TUNNEL=m +CONFIG_NFT_QUEUE=m +CONFIG_NFT_QUOTA=m +CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m +CONFIG_NFT_COMPAT=m +CONFIG_NFT_HASH=m +CONFIG_NFT_XFRM=m +CONFIG_NFT_SOCKET=m +CONFIG_NFT_OSF=m +CONFIG_NFT_TPROXY=m +CONFIG_NFT_SYNPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_REJECT_NETDEV=m +# CONFIG_NF_FLOW_TABLE is not set CONFIG_NETFILTER_XTABLES=m CONFIG_NETFILTER_XTABLES_COMPAT=y @@ -1158,6 +1212,7 @@ CONFIG_NETFILTER_XT_MARK=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set +# CONFIG_NETFILTER_XT_TARGET_CT is not set # CONFIG_NETFILTER_XT_TARGET_DSCP is not set # CONFIG_NETFILTER_XT_TARGET_HL is not set # CONFIG_NETFILTER_XT_TARGET_HMARK is not set @@ -1211,6 +1266,7 @@ CONFIG_NETFILTER_XT_MATCH_IPVS=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set # CONFIG_NETFILTER_XT_MATCH_OWNER is not set +CONFIG_NETFILTER_XT_MATCH_POLICY=m # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set @@ -1280,8 +1336,13 @@ CONFIG_IP_VS_MH_TAB_INDEX=12 # CONFIG_NF_DEFRAG_IPV4=m CONFIG_IP_NF_IPTABLES_LEGACY=m -# CONFIG_NF_SOCKET_IPV4 is not set -# CONFIG_NF_TPROXY_IPV4 is not set +CONFIG_NF_SOCKET_IPV4=m +CONFIG_NF_TPROXY_IPV4=m +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +# CONFIG_NFT_DUP_IPV4 is not set +# CONFIG_NFT_FIB_IPV4 is not set +CONFIG_NF_TABLES_ARP=y # CONFIG_NF_DUP_IPV4 is not set # CONFIG_NF_LOG_ARP is not set # CONFIG_NF_LOG_IPV4 is not set @@ -1293,7 +1354,7 @@ CONFIG_IP_NF_IPTABLES=m # CONFIG_IP_NF_MATCH_TTL is not set CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m -# CONFIG_IP_NF_TARGET_SYNPROXY is not set +CONFIG_IP_NF_TARGET_SYNPROXY=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_TARGET_MASQUERADE=m # CONFIG_IP_NF_TARGET_NETMAP is not set @@ -1303,15 +1364,21 @@ CONFIG_IP_NF_MANGLE=m # CONFIG_IP_NF_TARGET_TTL is not set # CONFIG_IP_NF_RAW is not set # CONFIG_IP_NF_SECURITY is not set +CONFIG_NFT_COMPAT_ARP=m # CONFIG_IP_NF_ARPFILTER is not set +# CONFIG_IP_NF_ARP_MANGLE is not set # end of IP: Netfilter Configuration # # IPv6: Netfilter Configuration # CONFIG_IP6_NF_IPTABLES_LEGACY=m -# CONFIG_NF_SOCKET_IPV6 is not set -# CONFIG_NF_TPROXY_IPV6 is not set +CONFIG_NF_SOCKET_IPV6=m +CONFIG_NF_TPROXY_IPV6=m +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +# CONFIG_NFT_DUP_IPV6 is not set +# CONFIG_NFT_FIB_IPV6 is not set # CONFIG_NF_DUP_IPV6 is not set CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1329,7 +1396,7 @@ CONFIG_IP6_NF_IPTABLES=m # CONFIG_IP6_NF_TARGET_HL is not set CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m -# CONFIG_IP6_NF_TARGET_SYNPROXY is not set +CONFIG_IP6_NF_TARGET_SYNPROXY=m CONFIG_IP6_NF_MANGLE=m # CONFIG_IP6_NF_RAW is not set # CONFIG_IP6_NF_SECURITY is not set @@ -1339,6 +1406,9 @@ CONFIG_IP6_NF_TARGET_MASQUERADE=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m +CONFIG_NF_TABLES_BRIDGE=m +# CONFIG_NFT_BRIDGE_META is not set +# CONFIG_NFT_BRIDGE_REJECT is not set # CONFIG_NF_CONNTRACK_BRIDGE is not set # CONFIG_BRIDGE_NF_EBTABLES is not set # CONFIG_IP_DCCP is not set @@ -1562,6 +1632,7 @@ CONFIG_BT_NXPUART=m # CONFIG_AF_RXRPC is not set # CONFIG_AF_KCM is not set # CONFIG_MCTP is not set +CONFIG_FIB_RULES=y CONFIG_WIRELESS=y CONFIG_CFG80211=m # CONFIG_NL80211_TESTMODE is not set @@ -8459,7 +8530,7 @@ CONFIG_CRYPTO_XTS=m CONFIG_CRYPTO_CCM=m CONFIG_CRYPTO_GCM=m CONFIG_CRYPTO_GENIV=y -# CONFIG_CRYPTO_SEQIV is not set +CONFIG_CRYPTO_SEQIV=m CONFIG_CRYPTO_ECHAINIV=y # CONFIG_CRYPTO_ESSIV is not set # end of AEAD (authenticated encryption with associated data) ciphers @@ -8686,7 +8757,7 @@ CONFIG_CRC32_SLICEBY8=y CONFIG_CRC64=y # CONFIG_CRC4 is not set CONFIG_CRC7=y -CONFIG_LIBCRC32C=m +CONFIG_LIBCRC32C=y CONFIG_CRC8=y CONFIG_XXHASH=y CONFIG_AUDIT_GENERIC=y