On Sat, Dec 09, 2017 at 07:06:14PM -0700, Subash Abhinov Kasiviswanathan wrote: > >Would it work for you if this is specific via global modparam? I'm > >telling this because: > > > >1) This is changing the default behaviour, which is always tricky. > >2) This is already solved in nftables, so whatever solution that we > > apply, it should be iptables specific. > > > >If modparam is fine, just placing a line into > >/etc/modprobe.d/options.conf (or similar) should be good enough to > >store that you're requesting raw hook registration before defrag. > > > >Let me know, > >Thanks! > > Hi Pablo > > Can you explain a bit more about the /etc/modprobe.d/ option and how > it would be configured for this? /etc/modprobe.d/ doesnt exist on > Android based Linux systems so it might be a problem for me. > > Would it be an acceptable solution to create a kernel config for this > particular feature instead? I'm actually refering to module_param(), that is specified at modprobe time. Such parameter would set an alternative hook priority for the raw table, ie. before the defrag hook. I guess there must be a way to store these module parameters in Android, so whenever modprobe is invoked, either explicitly or via module autoload, this module parameter is passed to the iptable_raw module. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
