| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Jun 2007 23:46:46 +0200 (MEST)
From: Jan Engelhardt <jengelh@...ux01.gwdg.de>
To: Netfilter Mailing List <netfilter@...ts.netfilter.org>,
Netfilter Developer Mailing List
<netfilter-devel@...ts.netfilter.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [PATCH 0/2] xt_u32 - match arbitrary bits and bytes of a packet
Hello!
along comes xt_u32, a revamped ipt_u32,
* added ipv6 support since that seemed dead simple, given u32's
task. I would have even liked to unlock u32 for _all_ protocols,
but .family = AF_UNSPEC does not do the right thing right now,
but that's not so much a showstopper.
And arptables seems miles away from using iptables modules. So
AF_INET and AF_INET6 it is for now.
* Reduced the buffer size to 17 KB. I think that is quite ok since
I added an overflow check, SHOULD THERE BE ANY device with an
MTU larger than our loopback masterpiece (16436 bytes).
Are there such devices that support Megasuperjumboframes?
The previous buffer size of 64 KB was probably the cutting edge,
as a single IPv4 fragment/packet does not support more than that
anyway.
Questions, comments, blame, praise, please.
I'd like to get this merged so I do not have to maintain it out-of-tree.
Jan
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists