configs: enable NETFILTER_XT_MATCH_BPF and NETFILTER_XT_MATCH_U32

kelsey-steele · chessturo · commit 0c5b2ca14c47 · 2025-10-20T13:15:39.000-07:00
NETFILTER_XT_MATCH_BPF=m NETFILTER_XT_MATCH_U32=m BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero. u32 allows you to extract quantities of up to 4 bytes from a packet, AND them with specified masks, shift them by specified amounts and test whether the results are in any of a set of specified ranges. The specification of what to extract is general enough to skip over headers with lengths stored in the packet, as in IP or TCP header lengths. Enabling these configs as modules to support Docker Swarm overlay encryption. Link: microsoft/WSL#10029 Signed-off-by: Kelsey Steele <kelseysteele@microsoft.com>
diff --git a/arch/arm64/configs/config-wsl-arm64 b/arch/arm64/configs/config-wsl-arm64
@@ -1092,7 +1092,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
 # Xtables matches
 #
 CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
-# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_BPF=m
 CONFIG_NETFILTER_XT_MATCH_CGROUP=y
 # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
@@ -1136,7 +1136,7 @@ CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
-# CONFIG_NETFILTER_XT_MATCH_U32 is not set
+CONFIG_NETFILTER_XT_MATCH_U32=m
 # end of Core Netfilter Configuration
 
 CONFIG_IP_SET=y
diff --git a/arch/x86/configs/config-wsl b/arch/x86/configs/config-wsl
@@ -1127,7 +1127,7 @@ CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
 # Xtables matches
 #
 CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
-# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+CONFIG_NETFILTER_XT_MATCH_BPF=m
 CONFIG_NETFILTER_XT_MATCH_CGROUP=y
 # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
@@ -1171,7 +1171,7 @@ CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
-# CONFIG_NETFILTER_XT_MATCH_U32 is not set
+CONFIG_NETFILTER_XT_MATCH_U32=m
 # end of Core Netfilter Configuration
 
 CONFIG_IP_SET=y
