On 26/03/2024 15:50, Joshua Lant wrote:
Hi,
This series of patches enables the use of the Wireguard VPN and all assocaited tools required for running wireguard-tools' test script. Wireguard's test script (netns.sh) runs to completion using purecap compiled:
wireguard-tools, iproute2, iputils (ping/ping6), iptables, nftables, libnftnl, libmnl, libelf, argp-standalone, musl-obstack, fts, libjansson.
Packages used in netns.sh currently not tested in purecap:
ncat, iperf3.
The bulk of the changes required are additions to the kernel config, with a fix for a bug found in iptables.
There is an alignment issue at the user/kernel boundary in xtables with capabilities, encountered in the macro XT_ALIGN, used in the function xt_check_target (with the resulting message indicating size of (kernel) and (user) not matching). This bug occurs when running certain iptables commands in the test script. e.g.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j SNAT --to 10.0.0.1
This is my first patch to the kernel so please forgive me if anything is drastically wrong. I have tried to follow the format of others on here...
Thank you for taking the time to put together these patches and post them on the list, this is very appreciated! The format is exactly as one would expect overall :) Just a small note, no need to add the [linux-morello] tag explicitly - it is automatically added by the list itself.
I will make further comments on each individual patch.
Kevin
Cheers,
Joshua Lant
Joshua Lant (2): morello: enable wireguard kernel config xtables: fix alignment issue
.../morello_transitional_pcuabi_defconfig | 23 +++++++++++++++++++ include/uapi/linux/netfilter/x_tables.h | 1 + 2 files changed, 24 insertions(+)