Enable "quota, tag, owner" match and stats support in netfilter

requested by NetworkStats.

BZ: 20622

Change-Id: I7cb2a4d682741593b8dab4c93891813d18d57fa9
Signed-off-by: Philippe Skowronski <philippe.skowronski@intel.com>
Reviewed-on: http://android.intel.com:8080/32511
Reviewed-by: Chotard, Celine <celine.chotard@intel.com>
Tested-by: Chotard, Celine <celine.chotard@intel.com>
Reviewed-by: buildbot <buildbot@intel.com>
Tested-by: buildbot <buildbot@intel.com>

diff --git a/arch/x86/configs/i386_mfld_defconfig b/arch/x86/configs/i386_mfld_defconfig
index d3f9021..4db7841 100644 (file)
--- a/arch/x86/configs/i386_mfld_defconfig
+++ b/arch/x86/configs/i386_mfld_defconfig
@@ -640,6 +640,7 @@ CONFIG_NF_CONNTRACK_EVENTS=y
 # CONFIG_NF_CONNTRACK_SIP is not set
 # CONFIG_NF_CONNTRACK_TFTP is not set
 # CONFIG_NF_CT_NETLINK is not set
+CONFIG_NETFILTER_TPROXY=y
 CONFIG_NETFILTER_XTABLES=y
 
 #
@@ -652,15 +653,20 @@ CONFIG_NETFILTER_XT_CONNMARK=y
 #
 # Xtables targets
 #
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
 # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
+# CONFIG_NETFILTER_XT_TARGET_HL is not set
 # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
 # CONFIG_NETFILTER_XT_TARGET_MARK is not set
 # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
 # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
 
 #
 # Xtables matches
@@ -690,12 +696,14 @@ CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
 # CONFIG_NETFILTER_XT_MATCH_OWNER is not set
 # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
 # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
+CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
 # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
 # CONFIG_NETFILTER_XT_MATCH_QUOTA2 is not set
 # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
 # CONFIG_NETFILTER_XT_MATCH_REALM is not set
 # CONFIG_NETFILTER_XT_MATCH_RECENT is not set
 # CONFIG_NETFILTER_XT_MATCH_SCTP is not set
+CONFIG_NETFILTER_XT_MATCH_SOCKET=y
 CONFIG_NETFILTER_XT_MATCH_STATE=y
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
@@ -744,7 +752,10 @@ CONFIG_IP_NF_TARGET_REDIRECT=y
 # CONFIG_NF_NAT_PPTP is not set
 # CONFIG_NF_NAT_H323 is not set
 # CONFIG_NF_NAT_SIP is not set
-# CONFIG_IP_NF_MANGLE is not set
+CONFIG_IP_NF_MANGLE=y
+# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
+# CONFIG_IP_NF_TARGET_ECN is not set
+# CONFIG_IP_NF_TARGET_TTL is not set
 # CONFIG_IP_NF_RAW is not set
 # CONFIG_IP_NF_ARPTABLES is not set
 

diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index 08086d6..b15d3d3 100644 (file)
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -1509,9 +1509,11 @@ static struct sock *qtaguid_find_sk(const struct sk_buff *skb,
                return NULL;
 
        switch (par->family) {
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
        case NFPROTO_IPV6:
                sk = xt_socket_get6_sk(skb, par);
                break;
+#endif
        case NFPROTO_IPV4:
                sk = xt_socket_get4_sk(skb, par);
                break;