From 53f1b9fe868c492e1bf8bb62d9b5c82084d6e15d Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Sat, 23 Jan 2016 20:12:29 -0800 Subject: [PATCH] CHROMIUM: config: Enable multiple IPv6 routing tables For various security reasons, third party VPNs do not tunnel all system network traffic; they only tunnel traffic owned by the chronos user. chronos traffic is diverted to a separate routing table by firewalld using `ip rule` and iptables XT_MATCH_OWNER. Currently this is only enabled for IPv4 traffic. It should be enabled for both IPv4 and IPv6. The first step in making this happen is to enable kernel support for multiple IPv6 routing tables on all platforms. BUG=chromium:522003 TEST=manual Change-Id: Ia033eaa3ba15e89f2666ae08a6910a09f877439d Signed-off-by: Kevin Cernekee Reviewed-on: https://chromium-review.googlesource.com/323551 Reviewed-by: Filipe Brandenburger --- chromeos/config/arm64/chromiumos-arm64.flavour.config | 1 - chromeos/config/arm64/chromiumos-mediatek.flavour.config | 1 - chromeos/config/arm64/chromiumos-tegra64.flavour.config | 1 - chromeos/config/armel/chromiumos-arm.flavour.config | 1 - chromeos/config/armel/chromiumos-armada38x.flavour.config | 1 - chromeos/config/base.config | 1 + chromeos/config/i386/common.config | 1 - chromeos/config/mips/common.config | 1 - chromeos/config/x86_64/common.config | 1 - 9 files changed, 1 insertion(+), 8 deletions(-) diff --git a/chromeos/config/arm64/chromiumos-arm64.flavour.config b/chromeos/config/arm64/chromiumos-arm64.flavour.config index 4bd4f437ba5b3..9b4b0e8da4ae0 100644 --- a/chromeos/config/arm64/chromiumos-arm64.flavour.config +++ b/chromeos/config/arm64/chromiumos-arm64.flavour.config @@ -42,7 +42,6 @@ CONFIG_I2C_MT65XX=y # CONFIG_IIO_CROS_EC_SENSORS is not set # CONFIG_IIO_CROS_EC_SENSORS_CORE is not set # CONFIG_IIO_SYSFS_TRIGGER is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set CONFIG_KEYBOARD_CROS_EC=y CONFIG_MEDIATEK_WATCHDOG=y CONFIG_MEMORY_ISOLATION=y diff --git a/chromeos/config/arm64/chromiumos-mediatek.flavour.config b/chromeos/config/arm64/chromiumos-mediatek.flavour.config index ec5668fe05c17..170cb48b56977 100644 --- a/chromeos/config/arm64/chromiumos-mediatek.flavour.config +++ b/chromeos/config/arm64/chromiumos-mediatek.flavour.config @@ -44,7 +44,6 @@ CONFIG_I2C_MT65XX=y # CONFIG_IIO_CROS_EC_SENSORS is not set # CONFIG_IIO_CROS_EC_SENSORS_CORE is not set # CONFIG_IIO_SYSFS_TRIGGER is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set CONFIG_KEYBOARD_CROS_EC=y CONFIG_MEDIATEK_WATCHDOG=y CONFIG_MEMORY_ISOLATION=y diff --git a/chromeos/config/arm64/chromiumos-tegra64.flavour.config b/chromeos/config/arm64/chromiumos-tegra64.flavour.config index a70bddf0c6348..790ff877c5cca 100644 --- a/chromeos/config/arm64/chromiumos-tegra64.flavour.config +++ b/chromeos/config/arm64/chromiumos-tegra64.flavour.config @@ -212,7 +212,6 @@ CONFIG_IIO_SYSFS_TRIGGER=y CONFIG_IIO_TRIGGERED_BUFFER=y # CONFIG_INFINIBAND is not set # CONFIG_IP1000 is not set -CONFIG_IPV6_MULTIPLE_TABLES=y # CONFIG_IPV6_SUBTREES is not set # CONFIG_IPW2100 is not set # CONFIG_IPW2200 is not set diff --git a/chromeos/config/armel/chromiumos-arm.flavour.config b/chromeos/config/armel/chromiumos-arm.flavour.config index ad572bf9b2577..92e727bf56a64 100644 --- a/chromeos/config/armel/chromiumos-arm.flavour.config +++ b/chromeos/config/armel/chromiumos-arm.flavour.config @@ -248,7 +248,6 @@ CONFIG_IOMMU_API=y # CONFIG_IOMMU_IO_PGTABLE_LPAE is not set CONFIG_IOMMU_SUPPORT=y # CONFIG_IPV6_MROUTE is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_JOYSTICK_A3D is not set # CONFIG_JOYSTICK_ADI is not set # CONFIG_JOYSTICK_ANALOG is not set diff --git a/chromeos/config/armel/chromiumos-armada38x.flavour.config b/chromeos/config/armel/chromiumos-armada38x.flavour.config index 2f78a0ade64a3..a4057d66c6c98 100644 --- a/chromeos/config/armel/chromiumos-armada38x.flavour.config +++ b/chromeos/config/armel/chromiumos-armada38x.flavour.config @@ -180,7 +180,6 @@ CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 # CONFIG_IP1000 is not set CONFIG_IPV6_MROUTE=y # CONFIG_IPV6_MROUTE_MULTIPLE_TABLES is not set -CONFIG_IPV6_MULTIPLE_TABLES=y # CONFIG_IPV6_PIMSM_V2 is not set # CONFIG_IPV6_SUBTREES is not set # CONFIG_IPW2100 is not set diff --git a/chromeos/config/base.config b/chromeos/config/base.config index 0b5d6f943f164..6924173df6309 100644 --- a/chromeos/config/base.config +++ b/chromeos/config/base.config @@ -635,6 +635,7 @@ CONFIG_IPC_NS=y CONFIG_IPV6=y # CONFIG_IPV6_GRE is not set # CONFIG_IPV6_MIP6 is not set +CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_OPTIMISTIC_DAD is not set # CONFIG_IPV6_ROUTER_PREF is not set diff --git a/chromeos/config/i386/common.config b/chromeos/config/i386/common.config index 3ea87497efe1f..46877592c4344 100644 --- a/chromeos/config/i386/common.config +++ b/chromeos/config/i386/common.config @@ -787,7 +787,6 @@ CONFIG_IO_DELAY_TYPE_UDELAY=2 # CONFIG_IO_DELAY_UDELAY is not set # CONFIG_IP1000 is not set # CONFIG_IPV6_MROUTE is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set CONFIG_IRQ_DOMAIN=y # CONFIG_IRQ_DOMAIN_DEBUG is not set CONFIG_IRQ_FORCED_THREADING=y diff --git a/chromeos/config/mips/common.config b/chromeos/config/mips/common.config index 10611fed37052..39c82a5f14d17 100644 --- a/chromeos/config/mips/common.config +++ b/chromeos/config/mips/common.config @@ -209,7 +209,6 @@ CONFIG_INPUT_UINPUT=m # CONFIG_INPUT_YEALINK is not set # CONFIG_IOMMU_SUPPORT is not set # CONFIG_IPV6_MROUTE is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set CONFIG_IRQ_CPU=y CONFIG_IRQ_FORCED_THREADING=y CONFIG_ISA_DMA_API=y diff --git a/chromeos/config/x86_64/common.config b/chromeos/config/x86_64/common.config index d61cc5d48ab8c..abd6724b692e7 100644 --- a/chromeos/config/x86_64/common.config +++ b/chromeos/config/x86_64/common.config @@ -891,7 +891,6 @@ CONFIG_IO_DELAY_TYPE_UDELAY=2 # CONFIG_IO_DELAY_UDELAY is not set # CONFIG_IP1000 is not set # CONFIG_IPV6_MROUTE is not set -# CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPW2100 is not set # CONFIG_IPW2200 is not set CONFIG_IRQCHIP=y