Android kernel netfilter upstreaming
Covers upstreaming changes to the netfilter code from the Android driver
Blueprint information
- Status:
- Started
- Approver:
- John Stultz
- Priority:
- Low
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- dmitry pervushin
- Definition:
- Approved
- Series goal:
- Accepted for kernel-merge-window
- Implementation:
-
Started
- Milestone target:
-
backlog
- Started by
- John Stultz
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Meta:
Roadmap id: KWG-MAINTENANCE
Headline: Android netfilter upstreamed
Acceptance: TODO
At kernel summit, upstream netfilter developers were curious as to what changes Android made to the netfilter code.
I plucked those changes (about ~11 patches) and sent them on. They said the first few looked fine, but the rest might need more discussion.
This blueprint is to just to leverage the community interest in order to try to get these patches reviewed and merged, or if not merged, better fleshed out what is needed to integrate this functionality
Currently the patches can be found here:
http://
netfilter: xt_IDLETIMER: Rename INTERFACE to LABEL...
netfilter: xt_qtaguid: start tracking iface rx/tx at...
netfilter: xt_IDLETIMER: Add new netlink msg type
netfilter: xt_qtaguid: fix ipv6 protocol lookup
netfilter: qtaguid: initialize a local var to keep...
netfilter: fixup the quota2, and enable.
netfilter: adding the original quota2 from xtables...
netfilter: add xt_qtaguid matching module
nf: xt_socket: export the fancy sock finder code
security: Add AID_NET_RAW and AID_NET_ADMIN capability...
Add android_aid.h
There are three chunks of functionality in the netfilter patches:
1) The xt_quota2 code from xtables_extras
2) The new xt_qtaguid code
3) The xt_IDLETIMER patches
The xt_quota2 code is taken from an external project (authored by Jan Engelhardt <email address hidden>), the other two are Google authored.
I contacted Jan and apparently the xtables_extras has had some difficulty getting upstreamed, so it may be hard to push that work.
The xt_qtaguid got some complex feedback when I RFCed it, so it may take some effort reworking the patch. Some proposed using a combination of existing netfilters to do the same, but I don't know if the Android devs are interested in that.
xt_IDLETIMER changes are likely the easiest to get upstream.
Public discussion on lkml about these patches from Sept 21st:
http://
Started to submit IDLETIMER patches:
http://
http://
http://
http://
idletimer test submitted for internal review (will be in external/
04/28/13: Feedback is available https:/
https:/
Work Items
Work items for 12.09:
Send patches to Pete Waskiewicz Jr for initial review(Sep 20): DONE
Send out patches as RFC to netdev and lkml(Sep 21): DONE
Work items for 13.03:
Review patch set and get familiar with the changes & requested modifications from lkml discussion above: DONE
Discuss feedback from initial submission with netfilter devs: DONE
Work items for 13.04:
Ping JP about using nfacct instead of qtaguid: DONE
Resend v2 of patches to lkml: DONE
Get quick internal review: DONE
Work items for 13.05:
Integrate feedback from maintainers into patches: INPROGRESS
Resend v3 of the patches to lkml: TODO
Dependency tree
* Blueprints in grey have been implemented.
