| Ashish Sharma | e0cec46 | 2012-02-28 17:43:58 -0800 | [diff] [blame] | 1 | <!-- |
| 2 | Copyright 2012 The Android Open Source Project |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | --> |
| 16 | |
| 17 | This is a summary of the main changes in the kernel that diverge from mainline. |
| 18 | |
| 19 | * added net/netfilter/xt_qtaguid* |
| 20 | * imported then modified net/netfilter/xt_quota2.c from xtables-addons project |
| 21 | * fixes in net/netfilter/ip6_tables.c |
| 22 | * modified ip*t_REJECT.c |
| 23 | * modified net/netfilter/xt_socket.c |
| 24 | |
| 25 | A few comments on the kernel configuration: |
| 26 | |
| 27 | * xt_qtaguid masquerades as xt_owner and relies on xt_socket and itself relies on the connection tracker. |
| 28 | * The connection tracker can't handle large SIP packets, it must be disabled. |
| 29 | * The modified xt_quota2 uses the NFLOG support to notify userspace. |