From 350bb6f1ac9484c9e741be166d672ab7fe61e215 Mon Sep 17 00:00:00 2001
From: Rafael Buchbinder <rafi@rbk.ms>
Date: Sun, 10 Sep 2017 10:44:53 +0300
Subject: UPSTREAM: extensions: libxt_bpf: fix missing __NR_bpf declaration

This include is needed to compile the bpf_obj_get function properly,
as it brings in the __NR_bpf declaration.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Chenbo Feng <fengc@google.com>

Clean cherry-pick, no conflict.
(cherry picked from commit 895ce096f857ddc85d22144ba84c78ac762e995d)

Bug: 72111305
Test: With BPF_H defined
      iptables -t raw -I bw_raw_PREROUTING -m bpf --object-pinned /sys/fs/bpf/xtbpf_prog
      should not return error about bpf header not find.

Change-Id: Ia1387e61c8415a9ae6d3532830fbf62414740855
(cherry picked from aosp commit ff75e02e65ef4c7b457e245b9d6c3df82aff1798)
---
 extensions/libxt_bpf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/extensions/libxt_bpf.c b/extensions/libxt_bpf.c
index 92c445e8..9510c190 100644
--- a/extensions/libxt_bpf.c
+++ b/extensions/libxt_bpf.c
@@ -22,6 +22,8 @@
 #include <linux/bpf.h>
 #endif
 
+#include <linux/unistd.h>
+
 #define BCODE_FILE_MAX_LEN_B	1024
 
 enum {
-- 
cgit v1.2.3


From 210d3211fe074a86459ca5cf5270de0e8c23b482 Mon Sep 17 00:00:00 2001
From: Chenbo Feng <fengc@google.com>
Date: Thu, 8 Mar 2018 19:18:14 +0900
Subject: Turn on xt_bpf module in userspace

The kernel will use xt_bpf module to collect per interface stats instead
of using xt_qtaguid in future. Turn on the userspace part of xt_bpf so
the related iptable rules and operations can be successfull.

Test: iptables -t raw -I bw_raw_PREROUTING -m bpf --object-pinned /sys/fs/bpf/xtbpf_prog
      It should not return error about bpf header not find.
Bug: 72111305

Change-Id: Ic08d73c990e3237478aae97fe2a702f272816265
(clean cherry picked from aosp commit
 2b00efe0f8147b53b13908519d1b3405009d6ac0)
---
 config.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config.h b/config.h
index 45a1adf2..7bff59c2 100644
--- a/config.h
+++ b/config.h
@@ -85,3 +85,6 @@
 
 /* Location of the iptables lock file */
 #define XT_LOCK_NAME "/system/etc/xtables.lock"
+
+/* Define to 1 if you have the <linux/bpf.h> header file. */
+#define HAVE_LINUX_BPF_H 1
-- 
cgit v1.2.3