Kernel changes

This is a summary of the main changes in the kernel that diverge from mainline.

added net/netfilter/xt_qtaguid*
imported then modified net/netfilter/xt_quota2.c from xtables-addons project
fixes in net/netfilter/ip6_tables.c
modified ip*t_REJECT.c
modified net/netfilter/xt_socket.c

A few comments on the kernel configuration:

xt_qtaguid masquerades as xt_owner and relies on xt_socket and itself relies on the connection tracker.
Support for xt_qtaguid will be phased out starting in the Android 9 release. See eBPF traffic monitoring for more information.
The connection tracker can't handle large SIP packets, it must be disabled.
The modified xt_quota2 uses the NFLOG support to notify userspace.

Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.

Last updated 2024-11-01 UTC.