Merge pull request #79 from jcvenegas/build-kernel

kernel: Add script to setup, build and install a kernel for Kata.
2025-07-06 20:09:44 +00:00 · 2018-07-24 08:17:13 -07:00 · 2018-07-24 08:17:13 -07:00 · 66e165a2f9
commit 66e165a2f9
parent a9fde8201e ea00f29133
10 changed files with 727 additions and 54 deletions
--- a/.ci/lib.sh
+++ b/.ci/lib.sh
@ -11,18 +11,19 @@ die(){
 	exit 1
 }

-# Check that kata_confing_version file is updated
-# when there is any change in the kernel directory.
-# If there is a change in the directory, but the config
-# version is not updated, return error.
-check_kata_kernel_version(){
-	kernel_version_file="kernel/kata_config_version"
-	modified_files=$(git diff --name-only master..)
-	if echo "$modified_files" | grep "kernel/"; then
-		echo "$modified_files" | grep "$kernel_version_file" || \
-		die "Please bump version in $kernel_version_file"
+export tests_repo="${tests_repo:-github.com/kata-containers/tests}"
+export tests_repo_dir="$GOPATH/src/$tests_repo"
+
+clone_tests_repo()
+{
+	# KATA_CI_NO_NETWORK is (has to be) ignored if there is
+	# no existing clone.
+	if [ -d "${tests_repo_dir}" ]  && [ -n "${KATA_CI_NO_NETWORK:-}" ]
+	then
+		return
 	fi

+	go get -d -u "$tests_repo" || true
 }

 install_yq() {
--- a/.ci/run.sh
+++ b/.ci/run.sh
@ -14,9 +14,6 @@ source "${cidir}/lib.sh"
 source /etc/os-release

 # This script will execute packaging tests suite
-# TODO: Add steps needed to build packages
-
-check_kata_kernel_version

 if [ "$ID" == ubuntu ];then
 	echo  "Building snap image"
--- a/.ci/setup.sh
+++ b/.ci/setup.sh
@ -14,5 +14,9 @@ source /etc/os-release
 echo  "Setup script for packaging"

 if [ "$ID" == ubuntu ];then
+	echo "Install snap dependencies"
 	sudo apt-get install -y snapd snapcraft
+
+	echo "Install kernel dependencies"
+	sudo -E apt install -y libelf-dev bc gcc
 fi
--- a/.ci/test.sh
+++ b/.ci/test.sh
@ -9,7 +9,7 @@ set -o nounset
 set -o pipefail

 CI=${CI:-}
-script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 readonly toplevel_mk="${script_dir}/../Makefile"
 source "${script_dir}/lib.sh"

@ -17,20 +17,53 @@ make_target() {
 	target=$1
 	dir=$2

-	if [ -n "${CI}" ] && [ "${target}" == "test-packaging-tools" ];then
-		echo "skip $target see https://github.com/kata-containers/packaging/issues/72"
-		return
-	fi
-	pushd "${script_dir}/.." >> /dev/null
-	if [ -n "${CI}" ] &&  ! git whatchanged  origin/master..HEAD  "${dir}" | grep "${dir}" >> /dev/null; then
+	pushd "${script_dir}/.." >>/dev/null
+
+	if [ -n "${CI}" ] && ! git whatchanged origin/master..HEAD "${dir}" | grep "${dir}" >>/dev/null; then
 		echo "Not changes in ${dir}"
 		return
 	fi
-	popd >> /dev/null
-	echo "Changes found in $dir"
+	case "${target}" in
+	test-packaging-tools)
+		skip_msg="skip $target see https://github.com/kata-containers/packaging/issues/72"
+		[ -n "${CI}" ] && echo "${skip_msg}" && return
+		;;
+
+	test-build-kernel)
+		[ -n "${CI}" ] && check_kata_kernel_version
+		# Setup testing script to test Kata with new kernel changes.
+		[ -n "${CI}" ] && clone_tests_repo &&
+			pushd "${tests_repo_dir}" &&
+			.ci/setup.sh &&
+			popd
+		;;
+	esac
+
+	popd >>/dev/null
+	echo "Changes found in ${dir}"
 	make -f "${toplevel_mk}" "${target}"
 }

+# Check that kata_confing_version file is updated
+# when there is any change in the kernel directory.
+# If there is a change in the directory, but the config
+# version is not updated, return error.
+check_kata_kernel_version() {
+	kernel_version_file="kernel/kata_config_version"
+	modified_files=$(git diff --name-only origin/master..HEAD)
+	echo "Check Changes in kernel"
+	git diff origin/master..HEAD ${kernel_version_file}
+	git diff --name-only origin/master..HEAD
+	if git whatchanged origin/master..HEAD "kernel/" | grep "kernel/" >>/dev/null; then
+		echo "Kernel directory has changes check $kernel_version_file changed"
+		echo "$modified_files" | grep "$kernel_version_file" ||
+			die "Please bump version in $kernel_version_file"
+	fi
+	echo "OK - config version file was updated"
+
+}
+
 make_target test-release-tools "release/"
 make_target test-packaging-tools "obs-packaging/"
 make_target test-static-build "static-build/"
+make_target test-build-kernel "kernel/"
--- a/3
+++ b/3
@ -32,6 +32,9 @@ test-static-build:
 test-packaging-tools:
 	@$(MK_DIR)/obs-packaging/build_from_docker.sh

+test-build-kernel:
+	@$(MK_DIR)/kernel/build-kernel_test.sh
+
 $(YQ):
 	@bash -c "source .ci/lib.sh; install_yq $${MK_DIR}"

--- a/kernel/README.md
+++ b/kernel/README.md
@ -0,0 +1,38 @@
+# Build Kata Containers Kernel
+
+This document explains the steps to build a compatible kernel with Kata
+Containers. To do this use build-kernel.sh, this script automates the
+process to build a kernel for Kata Containers. 
+
+## Setup kernel source code
+
+```bash
+./build-kernel.sh setup
+```
+
+The script `./build-kernel.sh` tries to apply the patches from
+`${GOPATH}/src/github.com/kata-containers/packaging/kernel/patches/` when it
+sets up a kernel. If you want to add a source modification, add a patch on this
+directory.
+
+The script also adds a kernel config file from
+`${GOPATH}/src/github.com/kata-containers/packaging/kernel/configs/` to .config
+in the kernel source code. You can modify it as needed.
+
+# Build the kernel
+
+After the kernel source code is ready it is possible to build the kernel.
+
+```bash
+./build-kernel.sh build
+```
+
+
+## Install the Kernel in the default path for Kata
+
+Kata Containers uses some default path to search a kernel to boot. To install
+on this path, the following command will install it to the default Kata
+containers path.
+```bash
+./build-kernel.sh install
+```
--- a/kernel/build-kernel.sh
+++ b/kernel/build-kernel.sh
@ -0,0 +1,308 @@
+#!/bin/bash
+#
+# Copyright (c) 2018 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+
+description="
+Description: This script is the *ONLY* to build a kernel for development.
+"
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+readonly script_name="$(basename "${BASH_SOURCE[0]}")"
+readonly script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+#project_name
+readonly project_name="kata-containers"
+[ -n "${GOPATH:-}" ] || GOPATH="${HOME}/go"
+# Fetch the first element from GOPATH as working directory
+# as go get only works against the first item in the GOPATH
+GOPATH="${GOPATH%%:*}"
+# Kernel version to be used
+kernel_version=""
+# Flag know if need to download the kernel source
+download_kernel=false
+# The repository where kernel configuration lives
+runtime_repository="github.com/${project_name}/runtime"
+# The repository where kernel configuration lives
+readonly kernel_config_repo="github.com/${project_name}/packaging"
+readonly patches_repo="github.com/${project_name}/packaging"
+readonly patches_repo_dir="${GOPATH}/src/${patches_repo}"
+# Default path to search patches to apply to kernel
+readonly default_patches_dir="${patches_repo_dir}/kernel/patches/"
+# Default path to search config for kata
+readonly default_kernel_config_dir="${GOPATH}/src/${kernel_config_repo}/kernel/configs/"
+#Path to kernel directory
+kernel_path=""
+#
+patches_path=""
+#
+hypervisor_target=""
+#
+arch_target=""
+#
+kernel_config_path=""
+# destdir
+DESTDIR="${DESTDIR:-/}"
+#PREFIX=
+PREFIX="${PREFIX:-/usr}"
+
+source "${script_dir}/../scripts/lib.sh"
+
+usage() {
+	cat <<EOT
+Overview:
+
+	Build a kernel for Kata Containers
+	${description}
+
+Usage:
+
+	$script_name [options] <command> <argument>
+
+Commands:
+
+- setup
+
+- build
+
+- install
+
+Options:
+
+	-c <path>: Path to config file to build a the kernel
+	-h       : Display this help.
+	-k <path>: Path to kernel to build
+	-p <path>: Path to a directory with patches to apply to kernel.
+	-v       : Kernel version to use if kernel path not provided.
+EOT
+}
+
+# Convert architecture to the name used by the Linux kernel build system
+arch_to_kernel() {
+	local -r arch="$1"
+
+	case "$arch" in
+	aarch64) echo "arm64" ;;
+	ppc64le) echo "powerpc" ;;
+	x86_64) echo "$arch" ;;
+	*) die "unsupported architecture: $arch" ;;
+	esac
+}
+
+get_kernel() {
+	local version="${1:-}"
+	#Remove extra 'v'
+	version=${version#v}
+
+	local kernel_path=${2:-}
+	[ -n "${kernel_path}" ] || die "kernel_path not provided"
+	[ ! -d "${kernel_path}" ] || die "kernel_path already exist"
+
+	major_version=$(echo "${version}" | cut -d. -f1)
+	kernel_tarball="linux-${version}.tar.xz"
+
+	curl --fail -OL "https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/sha256sums.asc"
+	grep "${kernel_tarball}" sha256sums.asc >"${kernel_tarball}.sha256"
+
+	if [ -f "${kernel_tarball}" ] && ! sha256sum -c "${kernel_tarball}.sha256"; then
+		info "invalid kernel tarball ${kernel_tarball} removing "
+		rm -f "${kernel_tarball}"
+	fi
+	if [ ! -f "${kernel_tarball}" ]; then
+		info "Download kernel version ${version}"
+		info "Download kernel"
+		curl --fail -OL "https://www.kernel.org/pub/linux/kernel/v${major_version}.x/${kernel_tarball}"
+	else
+		info "kernel tarball already downloaded"
+	fi
+
+	sha256sum -c "${kernel_tarball}.sha256"
+
+	tar xf ${kernel_tarball}
+
+	mv "linux-${version}" "${kernel_path}"
+}
+
+get_default_kernel_config() {
+	local version="${1}"
+
+	local hypervisor="$2"
+	local kernel_arch="$3"
+
+	[ -n "${version}" ] || die "kernel version not provided"
+	[ -n "${hypervisor}" ] || die "hypervisor not provided"
+	[ -n "${kernel_arch}" ] || die "kernel arch not provided"
+
+	major_version=$(echo "${version}" | cut -d. -f1)
+	minor_version=$(echo "${version}" | cut -d. -f2)
+	config="${default_kernel_config_dir}/${kernel_arch}_kata_${hypervisor}_${major_version}.${minor_version}.x"
+	[ -f "${config}" ] || die "failed to find default config ${config}"
+	echo "${config}"
+}
+
+get_config_version() {
+	config_version_file="${default_patches_dir}/../kata_config_version"
+	if [ -f "${config_version_file}" ]; then
+		cat "${config_version_file}"
+	else
+		echo "unknown"
+	fi
+}
+
+setup_kernel() {
+	local kernel_path=${1:-}
+	[ -n "${kernel_path}" ] || die "kernel_path not provided"
+	if [ -d "$kernel_path" ]; then
+		info "${kernel_path} already exist"
+		return
+	fi
+
+	info "kernel path does not exist, will download kernel"
+	download_kernel="true"
+	[ -n "$kernel_version" ] || die "failed to get kernel version: Kernel version is emtpy"
+
+	if [[ "${download_kernel}" == "true" ]]; then
+		get_kernel "${kernel_version}" "${kernel_path}"
+	fi
+
+	[ -n "$kernel_path" ] || die "failed to find kernel source path"
+
+	if [ -z "${patches_path}" ]; then
+		patches_path="${default_patches_dir}"
+		[ -d "${patches_path}" ] || git clone "https://${patches_repo}.git" "${patches_repo_dir}"
+	fi
+
+	[ -d "${patches_path}" ] || die " patches path '${patches_path}' does not exist"
+
+	kernel_patches=$(find "${patches_path}" -name '*.patch' -type f)
+
+	pushd "${kernel_path}" >>/dev/null
+	for p in ${kernel_patches}; do
+		info "Applying patch $p"
+		patch -p1 <"$p"
+	done
+
+	[ -n "${hypervisor_target}" ] || hypervisor_target="kvm"
+	[ -n "${arch_target}" ] || arch_target="$(uname -m)"
+	[ -n "${kernel_config_path}" ] || kernel_config_path=$(get_default_kernel_config "${kernel_version}" "${hypervisor_target}" "${arch_target}")
+
+	cp "${kernel_config_path}" ./.config
+	make oldconfig
+}
+
+build_kernel() {
+	local kernel_path=${1:-}
+	[ -n "${kernel_path}" ] || die "kernel_path not provided"
+	[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
+	[ -n "${arch_target}" ] || arch_target="$(arch)"
+	arch_target=$(arch_to_kernel "${arch_target}")
+	pushd "${kernel_path}" >>/dev/null
+	make -j $(nproc) ARCH="${arch_target}"
+	[ -e "arch/${arch_target}/boot/bzImage" ] || [ -e "arch/${arch_target}/boot/Image.gz" ]
+	[ -e "vmlinux" ]
+	popd >>/dev/null
+}
+
+install_kata() {
+	local kernel_path=${1:-}
+	[ -n "${kernel_path}" ] || die "kernel_path not provided"
+	[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
+	pushd "${kernel_path}" >>/dev/null
+	config_version=$(get_config_version)
+	[ -n "${config_version}" ] || die "failed to get config version"
+	install_path=$(readlink -m "${DESTDIR}/${PREFIX}/share/${project_name}")
+	vmlinuz="vmlinuz-${kernel_version}-${config_version}"
+	vmlinux="vmlinux-${kernel_version}-${config_version}"
+
+	if [ -e "arch/${arch_target}/boot/bzImage" ]; then
+		bzImage="arch/${arch_target}/boot/bzImage"
+	elif [ -e "arch/${arch_target}/boot/Image.gz" ]; then
+		bzImage="arch/${arch_target}/boot/Image.gz"
+	else
+		die "failed to find bzImage"
+	fi
+
+	install --mode 0644 -D "${bzImage}" "${install_path}/${vmlinuz}"
+	install --mode 0644 -D "vmlinux" "${install_path}/${vmlinux}"
+	install --mode 0644 -D ./.config "${install_path}/config-${kernel_version}"
+	ln -sf "${vmlinuz}" "${install_path}/vmlinuz.container"
+	ln -sf "${vmlinux}" "${install_path}/vmlinux.container"
+	ls -la "${install_path}/vmlinux.container"
+	ls -la "${install_path}/vmlinuz.container"
+	popd >>/dev/null
+}
+
+main() {
+	while getopts "a:c:hk:p:t:v:" opt; do
+		case "$opt" in
+		a)
+			arch_target="${OPTARG}"
+			;;
+		c)
+			kernel_config_path="${OPTARG}"
+			;;
+
+		h)
+			usage
+			exit 0
+			;;
+
+		k)
+			kernel_path="${OPTARG}"
+			;;
+
+		t)
+			hypervisor_target="${OPTARG}"
+			;;
+		p)
+			patches_path="${OPTARG}"
+			;;
+		v)
+			kernel_version="${OPTARG}"
+			;;
+		esac
+	done
+
+	shift $(($OPTIND - 1))
+
+	subcmd="${1:-}"
+
+	[ -z "${subcmd}" ] && usage 1
+
+	# If not kernel version take it from versions.yaml
+	if [ -z "$kernel_version" ]; then
+		kernel_version=$(get_from_kata_deps "assets.kernel.version")
+		#Remove extra 'v'
+		kernel_version="${kernel_version#v}"
+	fi
+
+	if [ -z "${kernel_path}" ]; then
+		config_version=$(get_config_version)
+		kernel_path="${PWD}/kata-linux-${kernel_version}-${config_version}"
+	fi
+
+	case "${subcmd}" in
+	build)
+		build_kernel "${kernel_path}"
+		;;
+	install)
+		build_kernel "${kernel_path}"
+		install_kata "${kernel_path}"
+		;;
+	setup)
+		setup_kernel "${kernel_path}"
+		[ -d "${kernel_path}" ] || die "${kernel_path} does not exist"
+		echo "Kernel source ready: ${kernel_path} "
+		;;
+	*)
+		usage 1
+		;;
+
+	esac
+}
+
+main $@
--- a/kernel/build-kernel_test.sh
+++ b/kernel/build-kernel_test.sh
@ -0,0 +1,95 @@
+#!/bin/bash
+#Copyright (c) 2018 Intel Corporation
+#
+#SPDX-License-Identifier: Apache-2.0
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+readonly script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly build_kernel_sh="${script_dir}/build-kernel.sh"
+readonly tmp_dir=$(mktemp -d -t build-kernel-tmp.XXXXXXXXXX)
+
+exit_handler() {
+	rm -rf "$tmp_dir"
+}
+trap exit_handler EXIT
+
+OK() {
+	echo "OK"
+}
+
+FAIL() {
+	echo "FAIL: $*"
+	exit -1
+}
+
+export GOPATH=${GOPATH:-$HOME/go}
+
+source "${script_dir}/../scripts/lib.sh"
+
+kata_kernel_version=$(get_from_kata_deps "assets.kernel.version")
+kata_kernel_version=${kata_kernel_version/v/}
+kernel_dir="kata-linux-${kata_kernel_version}-$(cat ${script_dir}/kata_config_version)"
+
+check_help() {
+	echo "Check help works"
+	out=$(${build_kernel_sh} -h)
+	[[ ${out} == *"Usage"* ]]
+	OK
+}
+
+build_kernel() {
+	echo "Setup a default kernel"
+	out=$(${build_kernel_sh} setup 2>&1)
+	[ -f "linux-${kata_kernel_version}.tar.xz" ] || FAIL "tarball does not exist"
+	[ -d "${kernel_dir}" ] || FAIL "kernel directory does not exist"
+	OK
+
+	echo "Setup a default again wont download again the kernel"
+	new_kernel_dir="${PWD}/kernel-kata2"
+	out=$(${build_kernel_sh} -k "${new_kernel_dir}" setup 2>&1)
+	[[ ${out} == *"kernel tarball already downloaded"* ]]
+	[ -f "linux-${kata_kernel_version}.tar.xz" ] || FAIL "tarball does not exist"
+	[ -d "${new_kernel_dir}" ] || FAIL "kernel directory does not exist"
+	OK
+
+	echo "Build default kernel"
+	out=$(${build_kernel_sh} build 2>&1)
+	[ -e "${kernel_dir}/arch/$(uname -m)/boot/bzImage" ] || FAIL "bzImage not found"
+	[ -e "${kernel_dir}/vmlinux" ] || FAIL "vmlinux not found"
+	OK
+
+	echo "Install kernel"
+	export DESTDIR="${tmp_dir}/kernel-install-path"
+	out=$(${build_kernel_sh} install 2>&1)
+	[ -e "${DESTDIR}/usr/share/kata-containers/vmlinux.container" ]
+	[ -e "${DESTDIR}/usr/share/kata-containers/vmlinuz.container" ]
+	unset DESTDIR
+	OK
+}
+
+test_kata() {
+	local cidir="${script_dir}/../.ci/"
+	echo "test kata with new kernel config"
+	[ -z "${CI:-}" ] && echo "skip: Not in CI" && return
+	echo "Setup kernel source"
+	${build_kernel_sh} setup
+	echo "Build kernel"
+	${build_kernel_sh} build
+	echo "Install kernel"
+	sudo -E PATH="$PATH" "${build_kernel_sh}" install
+
+	source "${cidir}/lib.sh"
+	pushd "${tests_repo_dir:-no-defined}"
+	.ci/run.sh
+	popd
+}
+
+pushd "${tmp_dir}"
+check_help
+build_kernel
+test_kata
+popd
--- a/kernel/configs/x86_64_kata_kvm_4.14.x
+++ b/kernel/configs/x86_64_kata_kvm_4.14.x
@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 4.14.22 Kernel Configuration
+# Linux/x86 4.14.49 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@ -758,6 +758,7 @@ CONFIG_XFRM_STATISTICS=y
 CONFIG_INET=y
 CONFIG_IP_MULTICAST=y
 # CONFIG_IP_ADVANCED_ROUTER is not set
+CONFIG_IP_ROUTE_CLASSID=y
 CONFIG_IP_PNP=y
 CONFIG_IP_PNP_DHCP=y
 # CONFIG_IP_PNP_BOOTP is not set
@ -766,7 +767,7 @@ CONFIG_IP_PNP_DHCP=y
 # CONFIG_NET_IPGRE_DEMUX is not set
 CONFIG_NET_IP_TUNNEL=y
 # CONFIG_IP_MROUTE is not set
-# CONFIG_SYN_COOKIES is not set
+CONFIG_SYN_COOKIES=y
 # CONFIG_NET_UDP_TUNNEL is not set
 # CONFIG_NET_FOU is not set
 # CONFIG_NET_FOU_IP_TUNNELS is not set
@ -838,54 +839,243 @@ CONFIG_NETFILTER_ADVANCED=y
 #
 CONFIG_NETFILTER_INGRESS=y
 CONFIG_NETFILTER_NETLINK=y
-# CONFIG_NETFILTER_NETLINK_ACCT is not set
-# CONFIG_NETFILTER_NETLINK_QUEUE is not set
-# CONFIG_NETFILTER_NETLINK_LOG is not set
-# CONFIG_NF_CONNTRACK is not set
+CONFIG_NETFILTER_NETLINK_ACCT=y
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_COMMON=y
 # CONFIG_NF_LOG_NETDEV is not set
+CONFIG_NF_CONNTRACK_MARK=y
+CONFIG_NF_CONNTRACK_ZONES=y
+# CONFIG_NF_CONNTRACK_PROCFS is not set
+CONFIG_NF_CONNTRACK_EVENTS=y
+CONFIG_NF_CONNTRACK_TIMEOUT=y
+CONFIG_NF_CONNTRACK_TIMESTAMP=y
+CONFIG_NF_CONNTRACK_LABELS=y
+CONFIG_NF_CT_PROTO_DCCP=y
+CONFIG_NF_CT_PROTO_GRE=y
+CONFIG_NF_CT_PROTO_SCTP=y
+CONFIG_NF_CT_PROTO_UDPLITE=y
+CONFIG_NF_CONNTRACK_AMANDA=y
+CONFIG_NF_CONNTRACK_FTP=y
+CONFIG_NF_CONNTRACK_H323=y
+CONFIG_NF_CONNTRACK_IRC=y
+CONFIG_NF_CONNTRACK_BROADCAST=y
+CONFIG_NF_CONNTRACK_NETBIOS_NS=y
+CONFIG_NF_CONNTRACK_SNMP=y
+CONFIG_NF_CONNTRACK_PPTP=y
+CONFIG_NF_CONNTRACK_SANE=y
+CONFIG_NF_CONNTRACK_SIP=y
+CONFIG_NF_CONNTRACK_TFTP=y
+CONFIG_NF_CT_NETLINK=y
+CONFIG_NF_CT_NETLINK_TIMEOUT=y
+CONFIG_NF_CT_NETLINK_HELPER=y
+CONFIG_NETFILTER_NETLINK_GLUE_CT=y
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_DCCP=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+CONFIG_NF_NAT_PROTO_SCTP=y
+CONFIG_NF_NAT_AMANDA=y
+CONFIG_NF_NAT_FTP=y
+CONFIG_NF_NAT_IRC=y
+CONFIG_NF_NAT_SIP=y
+CONFIG_NF_NAT_TFTP=y
+CONFIG_NF_NAT_REDIRECT=y
+CONFIG_NETFILTER_SYNPROXY=y
 # CONFIG_NF_TABLES is not set
-# CONFIG_NETFILTER_XTABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+CONFIG_NETFILTER_XT_TARGET_HMARK=y
+CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_NAT=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
+CONFIG_NETFILTER_XT_TARGET_RATEEST=y
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+CONFIG_NETFILTER_XT_TARGET_TEE=y
+CONFIG_NETFILTER_XT_TARGET_TPROXY=y
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+CONFIG_NETFILTER_XT_MATCH_BPF=y
+CONFIG_NETFILTER_XT_MATCH_CGROUP=y
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+CONFIG_NETFILTER_XT_MATCH_CPU=y
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+CONFIG_NETFILTER_XT_MATCH_IPCOMP=y
+CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
+CONFIG_NETFILTER_XT_MATCH_IPVS=y
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_NETFILTER_XT_MATCH_NFACCT=y
+CONFIG_NETFILTER_XT_MATCH_OSF=y
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+CONFIG_NETFILTER_XT_MATCH_RATEEST=y
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+CONFIG_NETFILTER_XT_MATCH_RECENT=y
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+CONFIG_NETFILTER_XT_MATCH_TIME=y
+CONFIG_NETFILTER_XT_MATCH_U32=y
 CONFIG_IP_SET=y
 CONFIG_IP_SET_MAX=256
-# CONFIG_IP_SET_BITMAP_IP is not set
-# CONFIG_IP_SET_BITMAP_IPMAC is not set
-# CONFIG_IP_SET_BITMAP_PORT is not set
-# CONFIG_IP_SET_HASH_IP is not set
-# CONFIG_IP_SET_HASH_IPMARK is not set
-# CONFIG_IP_SET_HASH_IPPORT is not set
-# CONFIG_IP_SET_HASH_IPPORTIP is not set
-# CONFIG_IP_SET_HASH_IPPORTNET is not set
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+CONFIG_IP_SET_HASH_IPMARK=y
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
 # CONFIG_IP_SET_HASH_IPMAC is not set
-# CONFIG_IP_SET_HASH_MAC is not set
-# CONFIG_IP_SET_HASH_NETPORTNET is not set
-# CONFIG_IP_SET_HASH_NET is not set
-# CONFIG_IP_SET_HASH_NETNET is not set
-# CONFIG_IP_SET_HASH_NETPORT is not set
-# CONFIG_IP_SET_HASH_NETIFACE is not set
-# CONFIG_IP_SET_LIST_SET is not set
-# CONFIG_IP_VS is not set
+CONFIG_IP_SET_HASH_MAC=y
+CONFIG_IP_SET_HASH_NETPORTNET=y
+CONFIG_IP_SET_HASH_NET=y
+CONFIG_IP_SET_HASH_NETNET=y
+CONFIG_IP_SET_HASH_NETPORT=y
+CONFIG_IP_SET_HASH_NETIFACE=y
+CONFIG_IP_SET_LIST_SET=y
+CONFIG_IP_VS=y
+# CONFIG_IP_VS_IPV6 is not set
+# CONFIG_IP_VS_DEBUG is not set
+CONFIG_IP_VS_TAB_BITS=12
+
+#
+# IPVS transport protocol load balancing support
+#
+CONFIG_IP_VS_PROTO_TCP=y
+CONFIG_IP_VS_PROTO_UDP=y
+CONFIG_IP_VS_PROTO_AH_ESP=y
+CONFIG_IP_VS_PROTO_ESP=y
+CONFIG_IP_VS_PROTO_AH=y
+CONFIG_IP_VS_PROTO_SCTP=y
+
+#
+# IPVS scheduler
+#
+CONFIG_IP_VS_RR=y
+CONFIG_IP_VS_WRR=y
+CONFIG_IP_VS_LC=y
+CONFIG_IP_VS_WLC=y
+CONFIG_IP_VS_FO=y
+CONFIG_IP_VS_OVF=y
+CONFIG_IP_VS_LBLC=y
+CONFIG_IP_VS_LBLCR=y
+CONFIG_IP_VS_DH=y
+CONFIG_IP_VS_SH=y
+CONFIG_IP_VS_SED=y
+CONFIG_IP_VS_NQ=y
+
+#
+# IPVS SH scheduler
+#
+CONFIG_IP_VS_SH_TAB_BITS=8
+
+#
+# IPVS application helper
+#
+CONFIG_IP_VS_FTP=y
+CONFIG_IP_VS_NFCT=y
+CONFIG_IP_VS_PE_SIP=y

 #
 # IP: Netfilter Configuration
 #
-# CONFIG_NF_DEFRAG_IPV4 is not set
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
 # CONFIG_NF_SOCKET_IPV4 is not set
-# CONFIG_NF_DUP_IPV4 is not set
+CONFIG_NF_DUP_IPV4=y
 # CONFIG_NF_LOG_ARP is not set
-# CONFIG_NF_LOG_IPV4 is not set
-# CONFIG_NF_REJECT_IPV4 is not set
-# CONFIG_IP_NF_IPTABLES is not set
-# CONFIG_IP_NF_ARPTABLES is not set
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_REJECT_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+CONFIG_NF_NAT_SNMP_BASIC=y
+CONFIG_NF_NAT_PROTO_GRE=y
+CONFIG_NF_NAT_PPTP=y
+CONFIG_NF_NAT_H323=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+CONFIG_IP_NF_MATCH_RPFILTER=y
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_IP_NF_TARGET_SYNPROXY=y
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_SECURITY=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y

 #
 # IPv6: Netfilter Configuration
 #
 # CONFIG_NF_DEFRAG_IPV6 is not set
+# CONFIG_NF_CONNTRACK_IPV6 is not set
 # CONFIG_NF_SOCKET_IPV6 is not set
-# CONFIG_NF_DUP_IPV6 is not set
+CONFIG_NF_DUP_IPV6=y
 # CONFIG_NF_REJECT_IPV6 is not set
-# CONFIG_NF_LOG_IPV6 is not set
+CONFIG_NF_LOG_IPV6=y
 # CONFIG_IP6_NF_IPTABLES is not set
+# CONFIG_BRIDGE_NF_EBTABLES is not set
 # CONFIG_IP_DCCP is not set
 # CONFIG_IP_SCTP is not set
 # CONFIG_RDS is not set
@ -2595,6 +2785,10 @@ CONFIG_XZ_DEC_X86=y
 CONFIG_XZ_DEC_BCJ=y
 # CONFIG_XZ_DEC_TEST is not set
 CONFIG_DECOMPRESS_GZIP=y
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
 CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_HAS_IOMEM=y
 CONFIG_HAS_IOPORT_MAP=y
--- a/kernel/kata_config_version
+++ b/kernel/kata_config_version
@ -1 +1 @@
-1
+2