From fce4a47d78420a68a3a3c4fcc890a7dbd56a5df5 Mon Sep 17 00:00:00 2001
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Thu, 28 Mar 2024 14:43:02 -0400
Subject: linux-yocto/6.6: nftables: ptest and cleanup tweaks

Integrating the following commit(s) to linux-yocto/.:

1/2 [
    Author: William Lyu
    Email: William.Lyu@windriver.com
    Subject: features/nf_tables: nft_objref is now builtin
    Date: Wed, 27 Mar 2024 08:52:14 -0700

    Starting from kernel v6.2 (including all rc versions),
    CONFIG_NFT_OBJREF has become builtin and cannot be disabled [1]. So,
    this configure option is removed from nf_tables.cfg.

    References
    [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d037abc2414b4539401e0e6aa278bedc4628ad69

    Signed-off-by: William Lyu <William.Lyu@windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]

2/2 [
    Author: William Lyu
    Email: William.Lyu@windriver.com
    Subject: features/nf_tables: Add net_fib_* options for greater ptest coverage
    Date: Wed, 27 Mar 2024 08:52:15 -0700

    Several nftables ptest testcases failed due to missing features. The
    following kernel configuration options are added as part of the missing
    features:

    -   NFT_FIB_INET (tristate "Netfilter nf_tables fib inet support")
        This option allows using the FIB expression from the inet table.
        The lookup will be delegated to the IPv4 or IPv6 FIB depending
        on the protocol of the packet.

    -   NFT_FIB_IPV4 (tristate "nf_tables fib / ip route lookup support")
        This module enables IPv4 FIB lookups, e.g. for reverse path filtering.
        It also allows query of the FIB for the route type, e.g. local, unicast,
        multicast or blackhole.

    -   NFT_FIB_IPV6 (tristate "nf_tables fib / ipv6 route lookup support")
        This module enables IPv6 FIB lookups, e.g. for reverse path filtering.
        It also allows query of the FIB for the route type, e.g. local, unicast,
        multicast or blackhole.

    Adding those three kernel configuration options above pass the following
    ptest testcases:

    -   tests/shell/testcases/parsing/large_rule_pipe
        Previously failed due to using rule:
            meta nfproto ipv6 fib saddr . iif oif missing drop
    -   tests/shell/testcases/nft-f/sample-ruleset
        Previously failed due to using rules:
            fib saddr . iif oif eq 0 counter drop
            fib daddr type { broadcast, multicast, anycast } counter drop
            fib daddr type { broadcast, multicast, anycast } counter drop
            fib daddr type { broadcast, multicast, anycast } counter drop
    -   tests/shell/testcases/optimizations/ruleset
        Previously failed due to using rule:
            fib daddr type broadcast  drop

    Signed-off-by: William Lyu <William.Lyu@windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]

(From OE-Core rev: ee8e8b75fd9a3fb33de2c280f64ed0d38dd67cfb)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'meta/recipes-kernel')

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index e2e3c01285..50dff1c3ff 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -15,7 +15,7 @@ python () {
 }
 
 SRCREV_machine ?= "1c3234ba160c59eb50739f23591a87daf09fac35"
-SRCREV_meta ?= "8daefb4bf68e9cbbecdb833dc3fc536f08f5d46a"
+SRCREV_meta ?= "70cabea69443e974db04d6dcbe73031d0d726bc1"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index f076aa45c7..d2304b1b49 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
-SRCREV_meta ?= "8daefb4bf68e9cbbecdb833dc3fc536f08f5d46a"
+SRCREV_meta ?= "70cabea69443e974db04d6dcbe73031d0d726bc1"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index a0218eb876..764ea67cf1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
 SRCREV_machine:qemux86-64 ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
 SRCREV_machine:qemumips64 ?= "6cb075269e42d03857c95ebc8b5f8e154f155add"
 SRCREV_machine ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
-SRCREV_meta ?= "8daefb4bf68e9cbbecdb833dc3fc536f08f5d46a"
+SRCREV_meta ?= "70cabea69443e974db04d6dcbe73031d0d726bc1"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
-- 
cgit v1.2.3-54-g00ecf