2023-01-25 08:25 UTC+0530 ~ Chethan Suresh <chethan.suresh@xxxxxxxx> > We've experienced similar issues about bpfilter like below: > https://github.com/moby/moby/issues/43755 > https://lore.kernel.org/bpf/CAADnVQJ5MxGkq=ng214aYoH-NmZ1gjoS=ZTY1eU-Fag4RwZjdg@xxxxxxxxxxxxxx/ > > Considering the current development status of bpfilter, > disable bpfilter kernel config checks in bpftool feature. > For production system, we should disable both > CONFIG_BPFILTER and CONFIG_BPFILTER_UMH for now. > Or can be enabled as some tools depend on bpfilter. > > Signed-off-by: Chethan Suresh <chethan.suresh@xxxxxxxx> > Signed-off-by: Kenta Tada <Kenta.Tada@xxxxxxxx> > --- > tools/bpf/bpftool/feature.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c > index 36cf0f1517c9..c6087bbc6613 100644 > --- a/tools/bpf/bpftool/feature.c > +++ b/tools/bpf/bpftool/feature.c > @@ -426,10 +426,6 @@ static void probe_kernel_image_config(const char *define_prefix) > { "CONFIG_BPF_STREAM_PARSER", }, > /* xt_bpf module for passing BPF programs to netfilter */ > { "CONFIG_NETFILTER_XT_MATCH_BPF", }, > - /* bpfilter back-end for iptables */ > - { "CONFIG_BPFILTER", }, > - /* bpftilter module with "user mode helper" */ > - { "CONFIG_BPFILTER_UMH", }, > > /* test_bpf module for BPF tests */ > { "CONFIG_TEST_BPF", }, Hi, I don't understand. The feature probe simply looks for the kconfig option in the kconfig file. What are you hoping to achieve by removing this check? How is it going to help with your issues? Quentin
