diff options
author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2024-03-28 14:43:02 -0400 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-03-30 22:22:19 +0000 |
commit | fce4a47d78420a68a3a3c4fcc890a7dbd56a5df5 (patch) | |
tree | 2b7b9f93e055436f35d2700852818e789c9a1cb4 /scripts/esdk-tools/runqemu | |
parent | 47389891e59048a2102715284142f1907685b27a (diff) | |
download | poky-fce4a47d78420a68a3a3c4fcc890a7dbd56a5df5.tar.gz |
linux-yocto/6.6: nftables: ptest and cleanup tweaks
Integrating the following commit(s) to linux-yocto/.:
1/2 [
Author: William Lyu
Email: William.Lyu@windriver.com
Subject: features/nf_tables: nft_objref is now builtin
Date: Wed, 27 Mar 2024 08:52:14 -0700
Starting from kernel v6.2 (including all rc versions),
CONFIG_NFT_OBJREF has become builtin and cannot be disabled [1]. So,
this configure option is removed from nf_tables.cfg.
References
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d037abc2414b4539401e0e6aa278bedc4628ad69
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
2/2 [
Author: William Lyu
Email: William.Lyu@windriver.com
Subject: features/nf_tables: Add net_fib_* options for greater ptest coverage
Date: Wed, 27 Mar 2024 08:52:15 -0700
Several nftables ptest testcases failed due to missing features. The
following kernel configuration options are added as part of the missing
features:
- NFT_FIB_INET (tristate "Netfilter nf_tables fib inet support")
This option allows using the FIB expression from the inet table.
The lookup will be delegated to the IPv4 or IPv6 FIB depending
on the protocol of the packet.
- NFT_FIB_IPV4 (tristate "nf_tables fib / ip route lookup support")
This module enables IPv4 FIB lookups, e.g. for reverse path filtering.
It also allows query of the FIB for the route type, e.g. local, unicast,
multicast or blackhole.
- NFT_FIB_IPV6 (tristate "nf_tables fib / ipv6 route lookup support")
This module enables IPv6 FIB lookups, e.g. for reverse path filtering.
It also allows query of the FIB for the route type, e.g. local, unicast,
multicast or blackhole.
Adding those three kernel configuration options above pass the following
ptest testcases:
- tests/shell/testcases/parsing/large_rule_pipe
Previously failed due to using rule:
meta nfproto ipv6 fib saddr . iif oif missing drop
- tests/shell/testcases/nft-f/sample-ruleset
Previously failed due to using rules:
fib saddr . iif oif eq 0 counter drop
fib daddr type { broadcast, multicast, anycast } counter drop
fib daddr type { broadcast, multicast, anycast } counter drop
fib daddr type { broadcast, multicast, anycast } counter drop
- tests/shell/testcases/optimizations/ruleset
Previously failed due to using rule:
fib daddr type broadcast drop
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: ee8e8b75fd9a3fb33de2c280f64ed0d38dd67cfb)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/esdk-tools/runqemu')
0 files changed, 0 insertions, 0 deletions