From: Randy MacLeod <[email protected]> Add an nft_test.scc file, which includes both nf_tables.cfg and a newly added nft_test.cfg file.
The nft_test.scc file include nftables.scc and also enables more nftables features. Previously some of the nftables ptests failed, due to missing kernel modules. It's impossible to know which nftables features will be used so add more configs in a new scc file to ensure that most nftables features used by nft work. The added features are: NF_CONNTRACK_TIMEOUT enables support for connection tracking timeout extension. This allows you to attach timeout policies to flow via the CT target. NFT_FLOW_OFFLOAD adds the "flow_offload" expression that you can use to choose what flows are placed into the hardware. NF_FLOW_TABLE adds the flow table core infrastructure. NF_FLOW_TABLE_INET adds the flow table mixed IPv4/IPv6 support. NF_FLOW_TABLE_IPV4 adds the flow table IPv4 support. NFT_NUMGEN adds the number generator expression used to perform incremental counting and random numbers bound to a upper limit. NFT_OSF allows matching packets from an specific OS. NFT_QUOTA adds the "quota" expression that you can use to match enforce bytes quotas. NFT_SYNPROXY The SYNPROXY expression allows you to intercept TCP connections and establish them using syncookies before they are passed on to the server. This allows to avoid conntrack and server resource usage during SYN-flood attacks. NFT_XFRM adds an expression that you can use to extract properties of a packets security association. These additions enable the nftables-1.0.2 ptest to all pass. Signed-off-by: Aryaman Gupta <[email protected]> Signed-off-by: Randy MacLeod <[email protected]> --- features/nf_tables/nft_test.cfg | 11 +++++++++++ features/nf_tables/nft_test.scc | 5 +++++ 2 files changed, 16 insertions(+) create mode 100644 features/nf_tables/nft_test.cfg create mode 100644 features/nf_tables/nft_test.scc diff --git a/features/nf_tables/nft_test.cfg b/features/nf_tables/nft_test.cfg new file mode 100644 index 00000000..5c5629c8 --- /dev/null +++ b/features/nf_tables/nft_test.cfg @@ -0,0 +1,11 @@ +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE_IPV4=m +CONFIG_NF_FLOW_TABLE=m +CONFIG_NFT_FLOW_OFFLOAD=m +CONFIG_NFT_NUMGEN=m +CONFIG_NFT_OSF=m +CONFIG_NFT_QUOTA=m +CONFIG_NFT_SYNPROXY=m +CONFIG_NFT_XFRM=m + diff --git a/features/nf_tables/nft_test.scc b/features/nf_tables/nft_test.scc new file mode 100644 index 00000000..8181c215 --- /dev/null +++ b/features/nf_tables/nft_test.scc @@ -0,0 +1,5 @@ +define KFEATURE_DESCRIPTION "Add extra nftables modules" +define KFEATURE_COMPATIBILITY all + +include nf_tables.cfg +include nft_test.cfg -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11547): https://lists.yoctoproject.org/g/linux-yocto/message/11547 Mute This Topic: https://lists.yoctoproject.org/mt/92901623/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
