CHROMEOS: config: Enable addrtype iptables match

This enables the "addrtype" matches to iptables.  This will allow
iptables rules to match the type of source and destination addresses
that should be matched.  This allows us to classify incoming packets
as "unicast" (intended directly for us) which will allow us to
restrict the types of packets sent to userspace for multicast-reply
classification.  See CL
https://gerrit.chromium.org/gerrit/#/c/43447/3/iptables.conf for an
example of how this will be used.

Signed-off-by: Paul Stewart <pstew@chromium.org>
BUG=chromium-os:38605
TEST=Compile kernel, ensure iptables works correctly with "-m addrtype" rule

Change-Id: I5cb191453b9458f9014a6494574ccdc151d99d75
Reviewed-on: https://gerrit.chromium.org/gerrit/43426
Reviewed-by: mukesh agrawal <quiche@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
Commit-Queue: Paul Stewart <pstew@chromium.org>

diff --git a/chromeos/config/base.config b/chromeos/config/base.config
index 29d9488..1e85ac1 100644 (file)
--- a/chromeos/config/base.config
+++ b/chromeos/config/base.config
@@ -1025,7 +1025,7 @@ CONFIG_NETFILTER_NETLINK_QUEUE=y
 CONFIG_NETFILTER_XTABLES=y
 # CONFIG_NETFILTER_XT_CONNMARK is not set
 CONFIG_NETFILTER_XT_MARK=m
-# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
 # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
 # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
 # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set