From b37fd5b7a54e16578ef6c3bd67773f7a380a8331 Mon Sep 17 00:00:00 2001
From: Diego Sueiro <diego.sueiro@arm.com>
Date: Thu, 30 Jul 2020 16:52:16 +0100
Subject: [PATCH] arm-autonomy/linux-arm-autonomy: Extend netfilter config for
 host

To properly set the iptables rules to be applied when configuring the
network between the host and guest we need to have the netfilter.scc
kernel feature and following kernel extra kernel configs:
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m

Change-Id: I6f3ff9e8db5d359efba5fb3ead04703f4f2ec88b
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
 .../features/arm-autonomy/netfilter-extra.cfg            | 2 ++
 .../features/arm-autonomy/xen-host-iptables.scc          | 9 +++++++++
 .../recipes-kernel/linux/linux-arm-autonomy.inc          | 6 +++++-
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
 create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc

diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
new file mode 100644
index 00000000..1a57369d
--- /dev/null
+++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
@@ -0,0 +1,2 @@
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
new file mode 100644
index 00000000..8f8ba45a
--- /dev/null
+++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
@@ -0,0 +1,9 @@
+#
+# Not directly sourced via a kernel type but via an external bb
+#
+
+define KFEATURE_DESCRIPTION "Enable netfilter + conn tracking + extras"
+define KFEATURE_COMPATIBILITY all
+
+include features/netfilter/netfilter.scc
+kconf non-hardware netfilter-extra.cfg
diff --git a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
index 27634447..5f55d9b6 100644
--- a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
+++ b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
@@ -10,7 +10,11 @@ SRC_URI_append = " file://arm-autonomy-kmeta;type=kmeta;name=arm-autonomy-kmeta;
 
 # Add xen host drivers to kernel if arm-autonomy-host is activated
 KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
-        'arm-autonomy-host', 'features/arm-autonomy/xen-host.scc', '', d)}"
+        'arm-autonomy-host', \
+        'features/arm-autonomy/xen-host.scc \
+         features/arm-autonomy/xen-host-iptables.scc', \
+        '', d)}"
+
 
 # Add xen guest drivers to kernel if arm-autonomy-guest is activated
 KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \