From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Thu, 28 Mar 2024 18:43:02 +0000 (-0400)
Subject: linux-yocto/6.6: nftables: ptest and cleanup tweaks
X-Git-Tag: 2024-04-scarthgap~91
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee8e8b75fd9a3fb33de2c280f64ed0d38dd67cfb;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

linux-yocto/6.6: nftables: ptest and cleanup tweaks

Integrating the following commit(s) to linux-yocto/.:

1/2 [
    Author: William Lyu
    Email: William.Lyu@windriver.com
    Subject: features/nf_tables: nft_objref is now builtin
    Date: Wed, 27 Mar 2024 08:52:14 -0700

    Starting from kernel v6.2 (including all rc versions),
    CONFIG_NFT_OBJREF has become builtin and cannot be disabled [1]. So,
    this configure option is removed from nf_tables.cfg.

    References
    [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d037abc2414b4539401e0e6aa278bedc4628ad69

    Signed-off-by: William Lyu <William.Lyu@windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]

2/2 [
    Author: William Lyu
    Email: William.Lyu@windriver.com
    Subject: features/nf_tables: Add net_fib_* options for greater ptest coverage
    Date: Wed, 27 Mar 2024 08:52:15 -0700

    Several nftables ptest testcases failed due to missing features. The
    following kernel configuration options are added as part of the missing
    features:

    -   NFT_FIB_INET (tristate "Netfilter nf_tables fib inet support")
        This option allows using the FIB expression from the inet table.
        The lookup will be delegated to the IPv4 or IPv6 FIB depending
        on the protocol of the packet.

    -   NFT_FIB_IPV4 (tristate "nf_tables fib / ip route lookup support")
        This module enables IPv4 FIB lookups, e.g. for reverse path filtering.
        It also allows query of the FIB for the route type, e.g. local, unicast,
        multicast or blackhole.

    -   NFT_FIB_IPV6 (tristate "nf_tables fib / ipv6 route lookup support")
        This module enables IPv6 FIB lookups, e.g. for reverse path filtering.
        It also allows query of the FIB for the route type, e.g. local, unicast,
        multicast or blackhole.

    Adding those three kernel configuration options above pass the following
    ptest testcases:

    -   tests/shell/testcases/parsing/large_rule_pipe
        Previously failed due to using rule:
            meta nfproto ipv6 fib saddr . iif oif missing drop
    -   tests/shell/testcases/nft-f/sample-ruleset
        Previously failed due to using rules:
            fib saddr . iif oif eq 0 counter drop
            fib daddr type { broadcast, multicast, anycast } counter drop
            fib daddr type { broadcast, multicast, anycast } counter drop
            fib daddr type { broadcast, multicast, anycast } counter drop
    -   tests/shell/testcases/optimizations/ruleset
        Previously failed due to using rule:
            fib daddr type broadcast  drop

    Signed-off-by: William Lyu <William.Lyu@windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index e2e3c012855..50dff1c3ffc 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -15,7 +15,7 @@ python () {
 }
 
 SRCREV_machine ?= "1c3234ba160c59eb50739f23591a87daf09fac35"
-SRCREV_meta ?= "8daefb4bf68e9cbbecdb833dc3fc536f08f5d46a"
+SRCREV_meta ?= "70cabea69443e974db04d6dcbe73031d0d726bc1"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index f076aa45c78..d2304b1b49c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
-SRCREV_meta ?= "8daefb4bf68e9cbbecdb833dc3fc536f08f5d46a"
+SRCREV_meta ?= "70cabea69443e974db04d6dcbe73031d0d726bc1"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index a0218eb8760..764ea67cf13 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
 SRCREV_machine:qemux86-64 ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
 SRCREV_machine:qemumips64 ?= "6cb075269e42d03857c95ebc8b5f8e154f155add"
 SRCREV_machine ?= "ca83799fcbc094fdd52caec7c4dca64189acd842"
-SRCREV_meta ?= "8daefb4bf68e9cbbecdb833dc3fc536f08f5d46a"
+SRCREV_meta ?= "70cabea69443e974db04d6dcbe73031d0d726bc1"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same