On Tue, 2017-04-11 at 08:59 +0200, Pablo Neira Ayuso wrote: > CAP_ACK means: trim off the payload that the netlink error message > is embedding, just like ICMP error does. > > What is exactly your concern? If the user explicitly requests this > via socket option for this socket, then we're expecting they do the > right handling for what they're asking for. I think David's concern was that when you want to parse the ACK in a library (or application), you may not easily know if the application (or library) requested capping. I've addressed this by adding two new flags now, though the CAPPED flag can only be relied on when the TLVS flag is present, but that's the only case where you care anyway. I felt that we had enough space to spend two bits rather than one, in order to not have to rely on any length calculations to see if TLVs are present - as I'd suggested in my email last night. johannes
