| <html devsite><head> |
| <title>内核变化</title> |
| <meta name="project_path" value="/_project.yaml"/> |
| <meta name="book_path" value="/_book.yaml"/> |
| </head> |
| <body> |
| |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <p>以下内容简要介绍了从主线内核中分离出的内核分支的主要变化。</p> |
| <ul> |
| <li>新增了 net/netfilter/xt_qtaguid*</li> |
| <li>从 xtables-addons 项目导入了 net/netfilter/xt_quota2.c,且随后对其进行了修改</li> |
| <li>修正了 net/netfilter/ip6_tables.c 的相关错误</li> |
| <li>对 ip*t_REJECT.c 进行了修改</li> |
| <li>对 net/netfilter/xt_socket.c 进行了修改</li> |
| </ul> |
| <p>关于内核配置的几条注释:</p> |
| <ul> |
| <li>xt_qtaguid 伪装成 xt_owner 并依赖于 xt_socket,而它本身则依赖于连接跟踪器。</li> |
| <li>我们将从 Android 9 版本开始逐步取消对 xt_qtaguid 的支持。有关详情,请参阅 <a href="ebpf-traffic-monitor">eBPF 流量监控</a>。 |
| </li><li>连接跟踪器无法处理大型 SIP 数据包,因此必须停用。</li> |
| <li>经过修改的 xt_quota2 使用 NFLOG 支持来通知用户空间。</li> |
| </ul> |
| |
| </body></html> |
