Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for xt_bpf kernel module #12277

Open
cowwoc opened this issue Nov 15, 2024 · 3 comments
Open

Add support for xt_bpf kernel module #12277

cowwoc opened this issue Nov 15, 2024 · 3 comments
Labels

Comments

@cowwoc
Copy link

cowwoc commented Nov 15, 2024

Is your feature request related to a problem? Please describe.
Docker Desktop for Windows needs the xt_bpf kernel module, for security reasons: #10029 (comment)

Describe the solution you'd like
Add support for the xt_bpf kernel module

Describe alternatives you've considered
Use unencrypted networks, but this is a security risk.

Additional context
Please prevent the stalebot from closing this issue.

@cowwoc cowwoc added the feature label Nov 15, 2024
Copy link

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

@cowwoc
Copy link
Author

cowwoc commented Nov 15, 2024

Logs are not relevant for this feature request.

@sirredbeard
Copy link
Contributor

It appears from commit history of WSL kernel developers that xt_u32 and xt_bpf are in the works as loadable modules in the 6.x WSL kernel series, but they have not yet been committed to the main 6.x WSL kernel branches.

I would recommend, in the interim, to build a custom 6.x kernel, with those modules.

There is an official guide using Ubuntu here.

I also publish a distro-agnostic guide for building the WSL kernel, not specific for 6, but if you grab the 6.6.y release in lieu of the command that grabs the most recent stable release (still 5.x), it will work.

In my guide, instead of the command: curl -k -s https://api.github.com/repos/microsoft/WSL2-Linux-Kernel/releases/latest ... install git and use git clone https://github.com/microsoft/WSL2-Linux-Kernel.git --depth=1 -b linux-msft-wsl-6.6.y.

You will need to modify the wsl-config with:

CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_NETFILTER_XT_MATCH_U32=m

either manually or using the kernel config TUI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants