Hi, I'm writing a userspace program to handle packets queued from nftables. It appears that current best practice in userspace is to use libmnl (many of the libnetfilter_queue functions are marked DEPRECATED). Libmnl documentation is thin, but I have modified one of the example programs to do what I need. However, I'm not sure I'm accessing and processing the packet in the Right Way. When I retrieve a pointer to the packet payload, I appear to get a buffer containing a raw IP packet (no ethernet headers, packet starts with 0x45 [version 4, header length 5], subsequent bytes make sense). Is there a more-specific way of accessing the payload, or metadata about the packet? Or should I just not worry, be happy: if it _looks_ _like_ a valid IP packet, then accept it as if it _is_ a valid IP packet? Are there TCP/IP helper functions in libnetfilter_xxx that are preferred for packet analysis? Again, documentation is thin, and I'd rather use what everybody else is using, instead of choosing a doomed-to-deprecation branch of some library. Thanks!
