Disable CONFIG_BPFILTER and CONFIG_BPFILTER_UMH

CONFIG_BPFILTER is aimed to provide a replacement for netfilter. When CONFIG_BPFILTER is enabled, the kernel tries to contact a user mode helper for each iptable rule update. However the implementation of this helper has not been upstreamed yet. The communication thus fails and the kernel then falls back to netfilter. As a result, the rule update takes more than ten times the duration of the netfilter implementation alone. This has been reported by Docker Desktop users for whom it can take minutes to start a container sharing a few hundred ports. https://github.com/for-mac/issues/5668 More details on the situation is described in https://lwn.net/Articles/822744/. Signed-off-by: Frederic Dalleau <frederic.dalleau@docker.com>
2025-07-24 11:25:40 +00:00 · 2021-06-25 11:56:15 +02:00 · 2021-06-25 11:56:15 +02:00 · 194a055d1c
commit 194a055d1c
parent ccece6a488
6 changed files with 6 additions and 18 deletions
--- a/kernel/config-5.10.x-aarch64
+++ b/kernel/config-5.10.x-aarch64
@ -213,7 +213,6 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
-CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
 # CONFIG_USERFAULTFD is not set
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
@ -1341,8 +1340,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y
 CONFIG_BRIDGE_EBT_SNAT=y
 CONFIG_BRIDGE_EBT_LOG=y
 CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BPFILTER=y
-CONFIG_BPFILTER_UMH=m
+# CONFIG_BPFILTER is not set
 # CONFIG_IP_DCCP is not set
 CONFIG_IP_SCTP=m
 # CONFIG_SCTP_DBG_OBJCNT is not set
--- a/kernel/config-5.10.x-s390x
+++ b/kernel/config-5.10.x-s390x
@ -203,7 +203,6 @@ CONFIG_KALLSYMS=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
-CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
 # CONFIG_USERFAULTFD is not set
 CONFIG_KCMP=y
@ -1102,8 +1101,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y
 CONFIG_BRIDGE_EBT_SNAT=y
 CONFIG_BRIDGE_EBT_LOG=y
 CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BPFILTER=y
-CONFIG_BPFILTER_UMH=m
+# CONFIG_BPFILTER is not set
 # CONFIG_IP_DCCP is not set
 CONFIG_IP_SCTP=m
 # CONFIG_SCTP_DBG_OBJCNT is not set
--- a/kernel/config-5.10.x-x86_64
+++ b/kernel/config-5.10.x-x86_64
@ -233,7 +233,6 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
-CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
 # CONFIG_USERFAULTFD is not set
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
@ -1393,8 +1392,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y
 CONFIG_BRIDGE_EBT_SNAT=y
 CONFIG_BRIDGE_EBT_LOG=y
 CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BPFILTER=y
-CONFIG_BPFILTER_UMH=m
+# CONFIG_BPFILTER is not set
 # CONFIG_IP_DCCP is not set
 CONFIG_IP_SCTP=m
 # CONFIG_SCTP_DBG_OBJCNT is not set
--- a/kernel/config-5.11.x-aarch64
+++ b/kernel/config-5.11.x-aarch64
@ -213,7 +213,6 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
-CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
 # CONFIG_USERFAULTFD is not set
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
@ -1345,8 +1344,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y
 CONFIG_BRIDGE_EBT_SNAT=y
 CONFIG_BRIDGE_EBT_LOG=y
 CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BPFILTER=y
-CONFIG_BPFILTER_UMH=m
+# CONFIG_BPFILTER is not set
 # CONFIG_IP_DCCP is not set
 CONFIG_IP_SCTP=m
 # CONFIG_SCTP_DBG_OBJCNT is not set
--- a/kernel/config-5.11.x-s390x
+++ b/kernel/config-5.11.x-s390x
@ -203,7 +203,6 @@ CONFIG_KALLSYMS=y
 CONFIG_KALLSYMS_BASE_RELATIVE=y
 CONFIG_BPF_SYSCALL=y
 CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
-CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
 # CONFIG_USERFAULTFD is not set
 CONFIG_KCMP=y
@ -1105,8 +1104,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y
 CONFIG_BRIDGE_EBT_SNAT=y
 CONFIG_BRIDGE_EBT_LOG=y
 CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BPFILTER=y
-CONFIG_BPFILTER_UMH=m
+# CONFIG_BPFILTER is not set
 # CONFIG_IP_DCCP is not set
 CONFIG_IP_SCTP=m
 # CONFIG_SCTP_DBG_OBJCNT is not set
--- a/kernel/config-5.11.x-x86_64
+++ b/kernel/config-5.11.x-x86_64
@ -233,7 +233,6 @@ CONFIG_BPF_SYSCALL=y
 CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
 CONFIG_BPF_JIT_ALWAYS_ON=y
 CONFIG_BPF_JIT_DEFAULT_ON=y
-CONFIG_USERMODE_DRIVER=y
 # CONFIG_BPF_PRELOAD is not set
 # CONFIG_USERFAULTFD is not set
 CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
@ -1399,8 +1398,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=y
 CONFIG_BRIDGE_EBT_SNAT=y
 CONFIG_BRIDGE_EBT_LOG=y
 CONFIG_BRIDGE_EBT_NFLOG=y
-CONFIG_BPFILTER=y
-CONFIG_BPFILTER_UMH=m
+# CONFIG_BPFILTER is not set
 # CONFIG_IP_DCCP is not set
 CONFIG_IP_SCTP=m
 # CONFIG_SCTP_DBG_OBJCNT is not set