From 028a8d421a25b8704ca3183f7a2899ca2db7458d Mon Sep 17 00:00:00 2001
From: Bjorn Neergaard <bjorn.neergaard@docker.com>
Date: Fri, 2 Jun 2023 18:40:45 -0600
Subject: [PATCH 1/2] contrib/check-config: check for xt_bpf

We omit xt_u32 as it's optional; since we will remove support for this
module in the future, it's simpler to check for xt_bpf, which will
become the new baseline.

Related issues:
* https://github.com/microsoft/WSL/issues/10029#issuecomment-1574440255
* https://github.com/docker/for-win/issues/13450#issuecomment-1574443139

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
(cherry picked from commit 1910fdde818e82b28136481a72cd74e4c67f0975)
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
---
 contrib/check-config.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 88f045b556..845472c0d6 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -220,6 +220,7 @@ check_flags \
 	VETH BRIDGE BRIDGE_NETFILTER \
 	IP_NF_FILTER IP_NF_TARGET_MASQUERADE \
 	NETFILTER_XT_MATCH_ADDRTYPE \
+	NETFILTER_XT_MATCH_BPF \
 	NETFILTER_XT_MATCH_CONNTRACK \
 	NETFILTER_XT_MATCH_IPVS \
 	NETFILTER_XT_MARK \

From 88049124e4d603e529e681cf23bd230c62407ba0 Mon Sep 17 00:00:00 2001
From: Bjorn Neergaard <bjorn.neergaard@docker.com>
Date: Sun, 4 Jun 2023 13:12:13 -0600
Subject: [PATCH 2/2] contrib/check-config: move xt_bpf check to overlay
 section

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
(cherry picked from commit 800ea039ec6f64261b709a579afcb31265014ccf)
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
---
 contrib/check-config.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 845472c0d6..c94556991b 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -220,7 +220,6 @@ check_flags \
 	VETH BRIDGE BRIDGE_NETFILTER \
 	IP_NF_FILTER IP_NF_TARGET_MASQUERADE \
 	NETFILTER_XT_MATCH_ADDRTYPE \
-	NETFILTER_XT_MATCH_BPF \
 	NETFILTER_XT_MATCH_CONNTRACK \
 	NETFILTER_XT_MATCH_IPVS \
 	NETFILTER_XT_MARK \
@@ -352,7 +351,7 @@ echo "  - \"$(wrap_color 'overlay' blue)\":"
 check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/    /'
 echo '      Optional (for encrypted networks):'
 check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \
-	XFRM XFRM_USER XFRM_ALGO INET_ESP | sed 's/^/      /'
+	XFRM XFRM_USER XFRM_ALGO INET_ESP NETFILTER_XT_MATCH_BPF | sed 's/^/      /'
 if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 3 ]; then
 	check_flags INET_XFRM_MODE_TRANSPORT | sed 's/^/      /'
 fi