Browse code
Linux kernel IPV6 netfilter NAT masquerade, security support
Change-Id: Ibd06188155369fd721e7d95b06ae3298f93e1dfa
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/2992
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Divya Thaluru <dthaluru@vmware.com>
suezzelur authored on 2017/06/20 08:12:59Showing 2 changed files
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
# |
| 2 | 2 |
# Automatically generated file; DO NOT EDIT. |
| 3 |
-# Linux/x86 4.4.70 Kernel Configuration |
|
| 3 |
+# Linux/x86 4.4.71 Kernel Configuration |
|
| 4 | 4 |
# |
| 5 | 5 |
CONFIG_64BIT=y |
| 6 | 6 |
CONFIG_X86_64=y |
| ... | ... |
@@ -908,7 +908,24 @@ CONFIG_NF_NAT_SIP=m |
| 908 | 908 |
CONFIG_NF_NAT_TFTP=m |
| 909 | 909 |
CONFIG_NF_NAT_REDIRECT=m |
| 910 | 910 |
CONFIG_NETFILTER_SYNPROXY=m |
| 911 |
-# CONFIG_NF_TABLES is not set |
|
| 911 |
+CONFIG_NF_TABLES=m |
|
| 912 |
+CONFIG_NF_TABLES_INET=m |
|
| 913 |
+CONFIG_NF_TABLES_NETDEV=m |
|
| 914 |
+CONFIG_NFT_EXTHDR=m |
|
| 915 |
+CONFIG_NFT_META=m |
|
| 916 |
+CONFIG_NFT_CT=m |
|
| 917 |
+CONFIG_NFT_RBTREE=m |
|
| 918 |
+CONFIG_NFT_HASH=m |
|
| 919 |
+CONFIG_NFT_COUNTER=m |
|
| 920 |
+CONFIG_NFT_LOG=m |
|
| 921 |
+CONFIG_NFT_LIMIT=m |
|
| 922 |
+CONFIG_NFT_MASQ=m |
|
| 923 |
+CONFIG_NFT_REDIR=m |
|
| 924 |
+CONFIG_NFT_NAT=m |
|
| 925 |
+CONFIG_NFT_QUEUE=m |
|
| 926 |
+CONFIG_NFT_REJECT=m |
|
| 927 |
+CONFIG_NFT_REJECT_INET=m |
|
| 928 |
+# CONFIG_NFT_COMPAT is not set |
|
| 912 | 929 |
CONFIG_NETFILTER_XTABLES=y |
| 913 | 930 |
|
| 914 | 931 |
# |
| ... | ... |
@@ -1062,12 +1079,20 @@ CONFIG_IP_VS_PE_SIP=m |
| 1062 | 1062 |
CONFIG_NF_DEFRAG_IPV4=m |
| 1063 | 1063 |
CONFIG_NF_CONNTRACK_IPV4=m |
| 1064 | 1064 |
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set |
| 1065 |
+CONFIG_NF_TABLES_IPV4=m |
|
| 1066 |
+# CONFIG_NFT_CHAIN_ROUTE_IPV4 is not set |
|
| 1067 |
+CONFIG_NFT_REJECT_IPV4=m |
|
| 1068 |
+# CONFIG_NFT_DUP_IPV4 is not set |
|
| 1069 |
+# CONFIG_NF_TABLES_ARP is not set |
|
| 1065 | 1070 |
CONFIG_NF_DUP_IPV4=m |
| 1066 | 1071 |
# CONFIG_NF_LOG_ARP is not set |
| 1067 | 1072 |
CONFIG_NF_LOG_IPV4=m |
| 1068 | 1073 |
CONFIG_NF_REJECT_IPV4=m |
| 1069 | 1074 |
CONFIG_NF_NAT_IPV4=m |
| 1075 |
+# CONFIG_NFT_CHAIN_NAT_IPV4 is not set |
|
| 1070 | 1076 |
CONFIG_NF_NAT_MASQUERADE_IPV4=m |
| 1077 |
+# CONFIG_NFT_MASQ_IPV4 is not set |
|
| 1078 |
+# CONFIG_NFT_REDIR_IPV4 is not set |
|
| 1071 | 1079 |
CONFIG_NF_NAT_SNMP_BASIC=m |
| 1072 | 1080 |
CONFIG_NF_NAT_PROTO_GRE=m |
| 1073 | 1081 |
CONFIG_NF_NAT_PPTP=m |
| ... | ... |
@@ -1089,7 +1114,7 @@ CONFIG_IP_NF_TARGET_CLUSTERIP=m |
| 1089 | 1089 |
CONFIG_IP_NF_TARGET_ECN=m |
| 1090 | 1090 |
CONFIG_IP_NF_TARGET_TTL=m |
| 1091 | 1091 |
CONFIG_IP_NF_RAW=m |
| 1092 |
-# CONFIG_IP_NF_SECURITY is not set |
|
| 1092 |
+CONFIG_IP_NF_SECURITY=m |
|
| 1093 | 1093 |
CONFIG_IP_NF_ARPTABLES=m |
| 1094 | 1094 |
CONFIG_IP_NF_ARPFILTER=m |
| 1095 | 1095 |
CONFIG_IP_NF_ARP_MANGLE=m |
| ... | ... |
@@ -1099,11 +1124,18 @@ CONFIG_IP_NF_ARP_MANGLE=m |
| 1099 | 1099 |
# |
| 1100 | 1100 |
CONFIG_NF_DEFRAG_IPV6=m |
| 1101 | 1101 |
CONFIG_NF_CONNTRACK_IPV6=m |
| 1102 |
+CONFIG_NF_TABLES_IPV6=m |
|
| 1103 |
+CONFIG_NFT_CHAIN_ROUTE_IPV6=m |
|
| 1104 |
+CONFIG_NFT_REJECT_IPV6=m |
|
| 1105 |
+CONFIG_NFT_DUP_IPV6=m |
|
| 1102 | 1106 |
CONFIG_NF_DUP_IPV6=m |
| 1103 | 1107 |
CONFIG_NF_REJECT_IPV6=m |
| 1104 | 1108 |
CONFIG_NF_LOG_IPV6=m |
| 1105 | 1109 |
CONFIG_NF_NAT_IPV6=m |
| 1106 |
-# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set |
|
| 1110 |
+CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
| 1111 |
+CONFIG_NF_NAT_MASQUERADE_IPV6=m |
|
| 1112 |
+CONFIG_NFT_MASQ_IPV6=m |
|
| 1113 |
+CONFIG_NFT_REDIR_IPV6=m |
|
| 1107 | 1114 |
CONFIG_IP6_NF_IPTABLES=m |
| 1108 | 1115 |
CONFIG_IP6_NF_MATCH_AH=m |
| 1109 | 1116 |
CONFIG_IP6_NF_MATCH_EUI64=m |
| ... | ... |
@@ -1120,10 +1152,11 @@ CONFIG_IP6_NF_TARGET_REJECT=m |
| 1120 | 1120 |
CONFIG_IP6_NF_TARGET_SYNPROXY=m |
| 1121 | 1121 |
CONFIG_IP6_NF_MANGLE=m |
| 1122 | 1122 |
CONFIG_IP6_NF_RAW=m |
| 1123 |
-# CONFIG_IP6_NF_SECURITY is not set |
|
| 1123 |
+CONFIG_IP6_NF_SECURITY=m |
|
| 1124 | 1124 |
CONFIG_IP6_NF_NAT=m |
| 1125 |
-# CONFIG_IP6_NF_TARGET_MASQUERADE is not set |
|
| 1126 |
-# CONFIG_IP6_NF_TARGET_NPT is not set |
|
| 1125 |
+CONFIG_IP6_NF_TARGET_MASQUERADE=m |
|
| 1126 |
+CONFIG_IP6_NF_TARGET_NPT=m |
|
| 1127 |
+# CONFIG_NF_TABLES_BRIDGE is not set |
|
| 1127 | 1128 |
CONFIG_BRIDGE_NF_EBTABLES=m |
| 1128 | 1129 |
CONFIG_BRIDGE_EBT_BROUTE=m |
| 1129 | 1130 |
CONFIG_BRIDGE_EBT_T_FILTER=m |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 | 4 |
Version: 4.4.71 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| ... | ... |
@@ -274,6 +274,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 274 | 274 |
/usr/share/perf-core |
| 275 | 275 |
|
| 276 | 276 |
%changelog |
| 277 |
+* Mon Jun 19 2017 Anish Swaminathan <anishs@vmware.com> 4.4.71-2 |
|
| 278 |
+- [feature] IPV6 netfilter NAT masquerade, security support |
|
| 277 | 279 |
* Wed Jun 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.71-1 |
| 278 | 280 |
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
| 279 | 281 |
CVE-2017-9077 and CVE-2017-9242 |