| <html devsite> |
| <head> |
| <title>Kernel Changes</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| |
| <p>This is a summary of the main changes in the kernel that diverge from mainline.</p> |
| <ul> |
| <li>added net/netfilter/xt_qtaguid*</li> |
| <li>imported then modified net/netfilter/xt_quota2.c from xtables-addons project</li> |
| <li>fixes in net/netfilter/ip6_tables.c</li> |
| <li>modified ip*t_REJECT.c</li> |
| <li>modified net/netfilter/xt_socket.c</li> |
| </ul> |
| <p>A few comments on the kernel configuration:</p> |
| <ul> |
| <li>xt_qtaguid masquerades as xt_owner and relies on xt_socket and itself relies on the connection tracker.</li> |
| <li>The connection tracker can't handle large SIP packets, it must be disabled.</li> |
| <li>The modified xt_quota2 uses the NFLOG support to notify userspace.</li> |
| </ul> |
| |
| </body> |
| </html> |
