From patchwork Thu Jun 14 18:48:49 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Montes, Julio" <julio.montes@intel.com>
X-Patchwork-Id: 931360
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=intel.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 418v7V6nLjz9s7T;
	Tue, 19 Jun 2018 13:48:06 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1fV7cY-000099-MJ; Tue, 19 Jun 2018 03:47:54 +0000
Received: from mga02.intel.com ([134.134.136.20])
	by huckleberry.canonical.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <julio.montes@intel.com>) id 1fTXJ1-000324-SJ
	for kernel-team@lists.ubuntu.com; Thu, 14 Jun 2018 18:49:12 +0000
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
	by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	14 Jun 2018 11:49:06 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.51,224,1526367600"; d="scan'208";a="208155586"
Received: from juliomon-mobl1.zpn.intel.com ([10.219.4.138])
	by orsmga004.jf.intel.com with ESMTP; 14 Jun 2018 11:49:05 -0700
From: Julio Montes <julio.montes@intel.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH] UBUNTU: kvm: [Config] Enable IP set and netfilter
Date: Thu, 14 Jun 2018 13:48:49 -0500
Message-Id: <20180614184849.27533-1-julio.montes@intel.com>
X-Mailer: git-send-email 2.13.6
X-Mailman-Approved-At: Tue, 19 Jun 2018 03:47:53 +0000
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: margaret.labrecque@intel.com, Julio Montes <julio.montes@intel.com>,
	rob.williams@canonical.com, pragyansri.pathi@intel.com,
	david.britton@canonical.com
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1761856

Enable IP set and netfilter netlink to let kata agent configure the network
inside the virtual machine.

Next configs are needed:
* CONFIG_IP_SET
* CONFIG_NETFILTER_NETLINK

Signed-off-by: Julio Montes <julio.montes@intel.com>
---
 debian.kvm/config/config.common.ubuntu | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index abb67e44bdb0..d27d549e2816 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -1163,7 +1163,24 @@ CONFIG_IP_ROUTE_CLASSID=y
 # CONFIG_IP_ROUTE_MULTIPATH is not set
 # CONFIG_IP_ROUTE_VERBOSE is not set
 # CONFIG_IP_SCTP is not set
-# CONFIG_IP_SET is not set
+CONFIG_IP_SET=y
+# CONFIG_IP_SET_BITMAP_IP is not set
+# CONFIG_IP_SET_BITMAP_IPMAC is not set
+# CONFIG_IP_SET_BITMAP_PORT is not set
+# CONFIG_IP_SET_HASH_IP is not set
+# CONFIG_IP_SET_HASH_IPMAC is not set
+# CONFIG_IP_SET_HASH_IPMARK is not set
+# CONFIG_IP_SET_HASH_IPPORT is not set
+# CONFIG_IP_SET_HASH_IPPORTIP is not set
+# CONFIG_IP_SET_HASH_IPPORTNET is not set
+# CONFIG_IP_SET_HASH_MAC is not set
+# CONFIG_IP_SET_HASH_NET is not set
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+# CONFIG_IP_SET_HASH_NETNET is not set
+# CONFIG_IP_SET_HASH_NETPORT is not set
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+# CONFIG_IP_SET_LIST_SET is not set
+CONFIG_IP_SET_MAX=256
 # CONFIG_IP_VS is not set
 CONFIG_IRQ_BYPASS_MANAGER=y
 CONFIG_IRQ_DOMAIN=y
@@ -1423,7 +1440,7 @@ CONFIG_NETDEVICES=y
 CONFIG_NETFILTER=y
 CONFIG_NETFILTER_ADVANCED=y
 CONFIG_NETFILTER_INGRESS=y
-CONFIG_NETFILTER_NETLINK=m
+CONFIG_NETFILTER_NETLINK=y
 CONFIG_NETFILTER_NETLINK_ACCT=m
 CONFIG_NETFILTER_NETLINK_GLUE_CT=y
 CONFIG_NETFILTER_NETLINK_LOG=m
@@ -1477,6 +1494,7 @@ CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
 CONFIG_NETFILTER_XT_MATCH_TIME=m
 CONFIG_NETFILTER_XT_MATCH_U32=m
 CONFIG_NETFILTER_XT_NAT=m
+# CONFIG_NETFILTER_XT_SET is not set
 # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m