diff --git a/pmb/build/menuconfig.py b/pmb/build/menuconfig.py index 199d9d39..6263a085 100644 --- a/pmb/build/menuconfig.py +++ b/pmb/build/menuconfig.py @@ -152,4 +152,4 @@ def menuconfig(args, pkgname): # Check config pmb.parse.kconfig.check(args, apkbuild["_flavor"], force_anbox_check=False, - details=True) + force_nftables_check=False, details=True) diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py index 08a70b44..14101551 100644 --- a/pmb/config/__init__.py +++ b/pmb/config/__init__.py @@ -302,6 +302,26 @@ necessary_kconfig_options_anbox = { }, } +# Necessary nftables kernel config options +necessary_kconfig_options_nftables = { + ">=3.13.0": { # nftables support introduced here + "all": { # all arches + "NETFILTER": True, + "NF_TABLES": True, + "NFT_CT": True, + "NFT_COUNTER": True, + "NFT_LOG": True, + "NFT_LIMIT": True, + "NFT_MASQ": True, + "NFT_NAT": True, + "NF_TABLES_IPV4": True, + "NF_REJECT_IPV4": True, + "NF_TABLES_IPV6": True, + "NF_REJECT_IPV6": True, + } + }, +} + # # PARSE # @@ -369,6 +389,7 @@ apkbuild_custom_valid_options = [ "!pmb:crossdirect", "!pmb:kconfig-check", "pmb:kconfigcheck-anbox", + "pmb:kconfigcheck-nftables", "pmb:cross-native", "pmb:strict", ] diff --git a/pmb/helpers/frontend.py b/pmb/helpers/frontend.py index a1ce1956..fa674712 100644 --- a/pmb/helpers/frontend.py +++ b/pmb/helpers/frontend.py @@ -375,6 +375,7 @@ def kconfig(args): if args.file: if pmb.parse.kconfig.check_file(args, args.package, anbox=args.anbox, + nftables=args.nftables, details=True): logging.info("kconfig check succeeded!") return @@ -404,6 +405,7 @@ def kconfig(args): continue if not pmb.parse.kconfig.check(args, package, force_anbox_check=args.anbox, + force_nftables_check=args.nftables, details=True): error = True diff --git a/pmb/parse/arguments.py b/pmb/parse/arguments.py index 598268f9..e902be99 100644 --- a/pmb/parse/arguments.py +++ b/pmb/parse/arguments.py @@ -435,6 +435,8 @@ def arguments_kconfig(subparser): " directly instead of a config in a package") check.add_argument("--anbox", action="store_true", help="check" " options needed for anbox too") + check.add_argument("--nftables", action="store_true", help="check" + " options needed for nftables too") check_package = check.add_argument("package", default="", nargs='?') if argcomplete: check_package.completer = kernel_completer diff --git a/pmb/parse/kconfig.py b/pmb/parse/kconfig.py index 9ae48908..c3e284b1 100644 --- a/pmb/parse/kconfig.py +++ b/pmb/parse/kconfig.py @@ -65,7 +65,7 @@ def check_option(component, details, config, config_path_pretty, option, def check_config(config_path, config_path_pretty, config_arch, pkgver, - anbox=False, details=False): + anbox=False, nftables=False, details=False): logging.debug("Check kconfig: " + config_path) with open(config_path) as handle: config = handle.read() @@ -73,6 +73,9 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver, if anbox: options = pmb.config.necessary_kconfig_options_anbox component = "anbox" + elif nftables: + options = pmb.config.necessary_kconfig_options_nftables + component = "nftables" else: options = pmb.config.necessary_kconfig_options component = "postmarketOS" @@ -103,7 +106,8 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver, return ret -def check(args, pkgname, force_anbox_check=False, details=False): +def check(args, pkgname, force_anbox_check=False, force_nftables_check=False, + details=False): """ Check for necessary kernel config options in a package. @@ -124,6 +128,8 @@ def check(args, pkgname, force_anbox_check=False, details=False): pkgver = apkbuild["pkgver"] check_anbox = force_anbox_check or ( "pmb:kconfigcheck-anbox" in apkbuild["options"]) + check_nftables = force_nftables_check or ( + "pmb:kconfigcheck-nftables" in apkbuild["options"]) for config_path in glob.glob(aport + "/config-*"): # The architecture of the config is in the name, so it just needs to be # extracted @@ -134,6 +140,9 @@ def check(args, pkgname, force_anbox_check=False, details=False): if check_anbox: ret &= check_config(config_path, config_path_pretty, config_arch, pkgver, anbox=True, details=details) + if check_nftables: + ret &= check_config(config_path, config_path_pretty, config_arch, + pkgver, nftables=True, details=details) return ret @@ -169,7 +178,8 @@ def extract_version(config_file): return "unknown" -def check_file(args, config_file, anbox=False, details=False): +def check_file(args, config_file, anbox=False, nftables=False, + details=False): """ Check for necessary kernel config options in a kconfig file. @@ -184,4 +194,7 @@ def check_file(args, config_file, anbox=False, details=False): if anbox: ret &= check_config(config_file, config_file, arch, version, anbox=True, details=details) + if nftables: + ret &= check_config(config_file, config_file, arch, version, + nftables=True, details=details) return ret diff --git a/test/test_kconfig_check.py b/test/test_kconfig_check.py index 6d6dc722..da53aff2 100644 --- a/test/test_kconfig_check.py +++ b/test/test_kconfig_check.py @@ -32,10 +32,15 @@ def test_kconfig_check(args): assert not pmb.parse.kconfig.check_file(args, dir + "bad-array-missing-some-options", anbox=True) + assert pmb.parse.kconfig.check_file(args, dir + "good-nftables", + nftables=True) + assert not pmb.parse.kconfig.check_file(args, dir + "bad-nftables", + nftables=True) # tests on real devices - # it's a postmarketOS device, it will have the required options + # it's a postmarketOS device, it will have the required options, and + # supports nftables (with pmb:kconfigcheck-nftables) assert pmb.parse.kconfig.check(args, "nokia-n900") # supports Anbox (with pmb:kconfigcheck-anbox) diff --git a/test/testdata/kconfig_check/bad-nftables b/test/testdata/kconfig_check/bad-nftables new file mode 100644 index 00000000..c04e1f49 --- /dev/null +++ b/test/testdata/kconfig_check/bad-nftables @@ -0,0 +1,101 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/arm64 5.11.6 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="aarch64-alpine-linux-musl-gcc (Alpine 10.2.1_git20210318) 10.2.1 20210318" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=100201 +CONFIG_LD_VERSION=235020000 +CONFIG_CLANG_VERSION=0 +CONFIG_LLD_VERSION=0 +CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +CONFIG_BLK_DEV_INITRD=y +CONFIG_CGROUPS=y +CONFIG_DEVTMPFS=y +CONFIG_DM_CRYPT=y +CONFIG_SYSVIPC=y +CONFIG_VT=y +CONFIG_UEVENT_HELPER=y +CONFIG_LBDAF=y +CONFIG_CRYPTO_XTS=y +CONFIG_TMPFS_POSIX_ACL=y + +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_NET_IPGRE_DEMUX=m +CONFIG_NET_IP_TUNNEL=m +CONFIG_SYN_COOKIES=y +CONFIG_NET_IPVTI=m +CONFIG_NET_UDP_TUNNEL=m +CONFIG_INET_ESP=m +CONFIG_INET_TUNNEL=m +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +CONFIG_INET_UDP_DIAG=m +CONFIG_INET_RAW_DIAG=m +CONFIG_INET_DIAG_DESTROY=y +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_IPV6=m +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_ROUTE_INFO=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_ESP=m +CONFIG_INET6_IPCOMP=m +CONFIG_IPV6_MIP6=m +CONFIG_INET6_XFRM_TUNNEL=m +CONFIG_INET6_TUNNEL=m +CONFIG_IPV6_VTI=m +CONFIG_IPV6_SIT=m +CONFIG_IPV6_NDISC_NODETYPE=y +CONFIG_IPV6_TUNNEL=m +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y + +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_NETLINK_QUEUE=m +CONFIG_NETFILTER_NETLINK_LOG=m +CONFIG_NETFILTER_NETLINK_OSF=m +CONFIG_NF_CONNTRACK=m +CONFIG_NF_LOG_COMMON=m +CONFIG_NF_LOG_NETDEV=m +CONFIG_NETFILTER_CONNCOUNT=m +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CONNTRACK_AMANDA=m +CONFIG_NF_CONNTRACK_FTP=m +CONFIG_NF_CONNTRACK_H323=m +CONFIG_NF_CONNTRACK_IRC=m +CONFIG_NF_CONNTRACK_BROADCAST=m +CONFIG_NF_CONNTRACK_NETBIOS_NS=m +CONFIG_NF_CONNTRACK_PPTP=m +CONFIG_NF_CONNTRACK_SANE=m +CONFIG_NF_CONNTRACK_TFTP=m +CONFIG_NF_CT_NETLINK=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_TFTP=m +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=y diff --git a/test/testdata/kconfig_check/good-nftables b/test/testdata/kconfig_check/good-nftables new file mode 100644 index 00000000..d058900a --- /dev/null +++ b/test/testdata/kconfig_check/good-nftables @@ -0,0 +1,307 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/arm64 5.11.6 Kernel Configuration +# + +# the required options +CONFIG_BLK_DEV_INITRD=y +CONFIG_CGROUPS=y +CONFIG_DEVTMPFS=y +CONFIG_DM_CRYPT=y +CONFIG_SYSVIPC=y +CONFIG_VT=y +CONFIG_UEVENT_HELPER=y +CONFIG_LBDAF=y +CONFIG_CRYPTO_XTS=y +CONFIG_TMPFS_POSIX_ACL=y +### here's one explicitely disabled: +# ANDROID_PARANOID_NETWORK is not set +### here's one set to module: +CONFIG_EXT4_FS=m +### here's a line set to no: +CONFIG_KINETO_GAN=n + +# a bit of random stuff +CONFIG_LOCALVERSION="-purism-librem5" +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_LZMA is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SWAP=y +# needed for bubblewrap +CONFIG_USER_NS=y + +CONFIG_NET=y +CONFIG_COMPAT_NETLINK_MESSAGES=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_SKB_EXTENSIONS=y + +CONFIG_PACKET=y +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_TLS=m +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=m +CONFIG_XFRM_USER=m +CONFIG_XFRM_INTERFACE=m +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_ESP=m +CONFIG_XFRM_IPCOMP=m +CONFIG_NET_KEY=m +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_NET_IPGRE_DEMUX=m +CONFIG_NET_IP_TUNNEL=m +CONFIG_SYN_COOKIES=y +CONFIG_NET_IPVTI=m +CONFIG_NET_UDP_TUNNEL=m +CONFIG_INET_ESP=m +CONFIG_INET_TUNNEL=m +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +CONFIG_INET_UDP_DIAG=m +CONFIG_INET_RAW_DIAG=m +CONFIG_INET_DIAG_DESTROY=y +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_IPV6=m +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_ROUTE_INFO=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_ESP=m +CONFIG_INET6_IPCOMP=m +CONFIG_IPV6_MIP6=m +CONFIG_INET6_XFRM_TUNNEL=m +CONFIG_INET6_TUNNEL=m +CONFIG_IPV6_VTI=m +CONFIG_IPV6_SIT=m +CONFIG_IPV6_NDISC_NODETYPE=y +CONFIG_IPV6_TUNNEL=m +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y + +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_NETLINK_QUEUE=m +CONFIG_NETFILTER_NETLINK_LOG=m +CONFIG_NETFILTER_NETLINK_OSF=m +CONFIG_NF_CONNTRACK=m +CONFIG_NF_LOG_COMMON=m +CONFIG_NF_LOG_NETDEV=m +CONFIG_NETFILTER_CONNCOUNT=m +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CONNTRACK_AMANDA=m +CONFIG_NF_CONNTRACK_FTP=m +CONFIG_NF_CONNTRACK_H323=m +CONFIG_NF_CONNTRACK_IRC=m +CONFIG_NF_CONNTRACK_BROADCAST=m +CONFIG_NF_CONNTRACK_NETBIOS_NS=m +CONFIG_NF_CONNTRACK_PPTP=m +CONFIG_NF_CONNTRACK_SANE=m +CONFIG_NF_CONNTRACK_TFTP=m +CONFIG_NF_CT_NETLINK=m +CONFIG_NF_NAT=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_TFTP=m +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_NUMGEN=m +CONFIG_NFT_CT=m +CONFIG_NFT_COUNTER=m +CONFIG_NFT_CONNLIMIT=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_MASQ=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m +CONFIG_NFT_TUNNEL=m +CONFIG_NFT_OBJREF=m +CONFIG_NFT_QUEUE=m +CONFIG_NFT_QUOTA=m +CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m +CONFIG_NFT_COMPAT=m +CONFIG_NFT_HASH=m +CONFIG_NFT_XFRM=m +CONFIG_NFT_SOCKET=m +CONFIG_NFT_OSF=m +CONFIG_NFT_TPROXY=m +CONFIG_NFT_SYNPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_REJECT_NETDEV=m +CONFIG_NETFILTER_XTABLES=m + +CONFIG_NETFILTER_XT_MARK=m +CONFIG_NETFILTER_XT_CONNMARK=m + +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m +CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m +CONFIG_NETFILTER_XT_TARGET_CT=m +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m +CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_MARK=m +CONFIG_NETFILTER_XT_NAT=m +CONFIG_NETFILTER_XT_TARGET_NETMAP=m +CONFIG_NETFILTER_XT_TARGET_NFLOG=m +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m +CONFIG_NETFILTER_XT_TARGET_TPROXY=m +CONFIG_NETFILTER_XT_TARGET_TRACE=m +CONFIG_NETFILTER_XT_TARGET_SECMARK=m +CONFIG_NETFILTER_XT_TARGET_TCPMSS=m + +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_BPF=m +CONFIG_NETFILTER_XT_MATCH_COMMENT=m +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m +CONFIG_NETFILTER_XT_MATCH_CONNMARK=m +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m +CONFIG_NETFILTER_XT_MATCH_ECN=m +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m +CONFIG_NETFILTER_XT_MATCH_HELPER=m +CONFIG_NETFILTER_XT_MATCH_HL=m +CONFIG_NETFILTER_XT_MATCH_IPRANGE=m +CONFIG_NETFILTER_XT_MATCH_IPVS=m +CONFIG_NETFILTER_XT_MATCH_LENGTH=m +CONFIG_NETFILTER_XT_MATCH_LIMIT=m +CONFIG_NETFILTER_XT_MATCH_MAC=m +CONFIG_NETFILTER_XT_MATCH_MARK=m +CONFIG_NETFILTER_XT_MATCH_OSF=m +CONFIG_NETFILTER_XT_MATCH_OWNER=m +CONFIG_NETFILTER_XT_MATCH_POLICY=m +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m +CONFIG_NETFILTER_XT_MATCH_QUOTA=m +CONFIG_NETFILTER_XT_MATCH_SOCKET=m +CONFIG_NETFILTER_XT_MATCH_STATE=m +CONFIG_NETFILTER_XT_MATCH_STATISTIC=m +CONFIG_NETFILTER_XT_MATCH_STRING=m +CONFIG_NETFILTER_XT_MATCH_TIME=m +CONFIG_NETFILTER_XT_MATCH_U32=m + +CONFIG_IP_VS=m +CONFIG_IP_VS_TAB_BITS=12 + +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y + +CONFIG_IP_VS_RR=m + +CONFIG_IP_VS_SH_TAB_BITS=8 + +CONFIG_IP_VS_MH_TAB_INDEX=12 + +CONFIG_IP_VS_NFCT=y + +CONFIG_NF_DEFRAG_IPV4=m +CONFIG_NF_SOCKET_IPV4=m +CONFIG_NF_TPROXY_IPV4=m +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_LOG_IPV4=m +CONFIG_NF_REJECT_IPV4=m +CONFIG_NF_NAT_PPTP=m +CONFIG_NF_NAT_H323=m +CONFIG_IP_NF_IPTABLES=m +CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_TTL=m +CONFIG_IP_NF_FILTER=m +CONFIG_IP_NF_TARGET_REJECT=m +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_TARGET_NETMAP=m +CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_MANGLE=m +CONFIG_IP_NF_RAW=m +CONFIG_IP_NF_SECURITY=m +CONFIG_IP_NF_ARPTABLES=m +CONFIG_IP_NF_ARPFILTER=m +CONFIG_IP_NF_ARP_MANGLE=m + +CONFIG_NF_SOCKET_IPV6=m +CONFIG_NF_TPROXY_IPV6=m +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NF_REJECT_IPV6=m +CONFIG_NF_LOG_IPV6=m +CONFIG_IP6_NF_IPTABLES=m +CONFIG_IP6_NF_MATCH_RPFILTER=m +CONFIG_IP6_NF_MATCH_SRH=m +CONFIG_IP6_NF_FILTER=m +CONFIG_IP6_NF_TARGET_REJECT=m +CONFIG_IP6_NF_MANGLE=m +CONFIG_IP6_NF_RAW=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m + +CONFIG_NF_DEFRAG_IPV6=m +CONFIG_NF_TABLES_BRIDGE=m +CONFIG_L2TP=m +CONFIG_STP=m +CONFIG_GARP=m +CONFIG_MRP=m +CONFIG_BRIDGE=m +CONFIG_BRIDGE_IGMP_SNOOPING=y +CONFIG_BRIDGE_VLAN_FILTERING=y +CONFIG_HAVE_NET_DSA=y +CONFIG_VLAN_8021Q=m +CONFIG_VLAN_8021Q_GVRP=y +CONFIG_VLAN_8021Q_MVRP=y +CONFIG_LLC=y +CONFIG_LLC2=y +CONFIG_NET_SCHED=y + +CONFIG_NET_SCH_HTB=m +CONFIG_NET_SCH_INGRESS=m + +CONFIG_NET_CLS=y +CONFIG_NET_CLS_U32=m +CONFIG_NET_CLS_CGROUP=m +CONFIG_NET_CLS_BPF=m +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +CONFIG_NET_EMATCH_U32=m +CONFIG_NET_CLS_ACT=y +CONFIG_NET_SCH_FIFO=y +CONFIG_DNS_RESOLVER=y +CONFIG_OPENVSWITCH=m +CONFIG_OPENVSWITCH_VXLAN=m +CONFIG_MPLS=y +CONFIG_NET_MPLS_GSO=m +CONFIG_NET_NSH=m +CONFIG_NET_L3_MASTER_DEV=y +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +CONFIG_BPF_JIT=y +CONFIG_NET_FLOW_LIMIT=y