[meta-arm,2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host

Submitted by Diego Sueiro on July 30, 2020, 3:52 p.m. | Patch ID: 174906

Details

Message ID 1596124338-106961-2-git-send-email-diego.sueiro@arm.com
State New
Headers show

Commit Message

Diego Sueiro July 30, 2020, 3:52 p.m.
To properly set the iptables rules to be applied when configuring the
network between the host and guest we need to have the netfilter.scc
kernel feature and following kernel extra kernel configs:
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m

Change-Id: I6f3ff9e8db5d359efba5fb3ead04703f4f2ec88b
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
 .../arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg | 2 ++
 .../features/arm-autonomy/xen-host-iptables.scc                  | 9 +++++++++
 meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc    | 6 +++++-
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
 create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc

Patch hide | download patch | download mbox

diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
new file mode 100644
index 0000000..1a57369
--- /dev/null
+++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
@@ -0,0 +1,2 @@ 
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
new file mode 100644
index 0000000..8f8ba45
--- /dev/null
+++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
@@ -0,0 +1,9 @@ 
+#
+# Not directly sourced via a kernel type but via an external bb
+#
+
+define KFEATURE_DESCRIPTION "Enable netfilter + conn tracking + extras"
+define KFEATURE_COMPATIBILITY all
+
+include features/netfilter/netfilter.scc
+kconf non-hardware netfilter-extra.cfg
diff --git a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
index 2763444..5f55d9b 100644
--- a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
+++ b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
@@ -10,7 +10,11 @@  SRC_URI_append = " file://arm-autonomy-kmeta;type=kmeta;name=arm-autonomy-kmeta;
 
 # Add xen host drivers to kernel if arm-autonomy-host is activated
 KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
-        'arm-autonomy-host', 'features/arm-autonomy/xen-host.scc', '', d)}"
+        'arm-autonomy-host', \
+        'features/arm-autonomy/xen-host.scc \
+         features/arm-autonomy/xen-host-iptables.scc', \
+        '', d)}"
+
 
 # Add xen guest drivers to kernel if arm-autonomy-guest is activated
 KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \

Comments

Bertrand Marquis July 30, 2020, 3:55 p.m.
> On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
> 
> To properly set the iptables rules to be applied when configuring the
> network between the host and guest we need to have the netfilter.scc
> kernel feature and following kernel extra kernel configs:
> CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
> CONFIG_NETFILTER_XT_MATCH_COMMENT=m
> 
> Change-Id: I6f3ff9e8db5d359efba5fb3ead04703f4f2ec88b
> Issue-Id: SCM-1019
> Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>

> ---
> .../arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg | 2 ++
> .../features/arm-autonomy/xen-host-iptables.scc                  | 9 +++++++++
> meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc    | 6 +++++-
> 3 files changed, 16 insertions(+), 1 deletion(-)
> create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
> create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
> 
> diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
> new file mode 100644
> index 0000000..1a57369
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
> @@ -0,0 +1,2 @@
> +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
> +CONFIG_NETFILTER_XT_MATCH_COMMENT=m
> diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
> new file mode 100644
> index 0000000..8f8ba45
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
> @@ -0,0 +1,9 @@
> +#
> +# Not directly sourced via a kernel type but via an external bb
> +#
> +
> +define KFEATURE_DESCRIPTION "Enable netfilter + conn tracking + extras"
> +define KFEATURE_COMPATIBILITY all
> +
> +include features/netfilter/netfilter.scc
> +kconf non-hardware netfilter-extra.cfg
> diff --git a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
> index 2763444..5f55d9b 100644
> --- a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
> +++ b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
> @@ -10,7 +10,11 @@ SRC_URI_append = " file://arm-autonomy-kmeta;type=kmeta;name=arm-autonomy-kmeta;
> 
> # Add xen host drivers to kernel if arm-autonomy-host is activated
> KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
> -        'arm-autonomy-host', 'features/arm-autonomy/xen-host.scc', '', d)}"
> +        'arm-autonomy-host', \
> +        'features/arm-autonomy/xen-host.scc \
> +         features/arm-autonomy/xen-host-iptables.scc', \
> +        '', d)}"
> +
> 
> # Add xen guest drivers to kernel if arm-autonomy-guest is activated
> KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
> -- 
> 2.7.4
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#927): https://lists.yoctoproject.org/g/meta-arm/message/927
Mute This Topic: https://lists.yoctoproject.org/mt/75888986/3617530
Group Owner: meta-arm+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-