Hi, I also wrote my program by using libnetfilter_queue's APIs but I realized that most of the mare marked as deprecated. So I rewrite my program so that it uses libmnl's APIs. It's true that the libmnl's examples are not sufficient so what I did was to read the libnetfilter_queue's source. libnetfilter_queue merely uses libmnl's API so you can use it as examples of libmnl. Hope this will help. Thanks. On 2019/01/25 3:33, dave madden wrote:
Hi, I'm writing a userspace program to handle packets queued from nftables. It appears that current best practice in userspace is to use libmnl (many of the libnetfilter_queue functions are marked DEPRECATED). Libmnl documentation is thin, but I have modified one of the example programs to do what I need. However, I'm not sure I'm accessing and processing the packet in the Right Way. When I retrieve a pointer to the packet payload, I appear to get a buffer containing a raw IP packet (no ethernet headers, packet starts with 0x45 [version 4, header length 5], subsequent bytes make sense). Is there a more-specific way of accessing the payload, or metadata about the packet? Or should I just not worry, be happy: if it _looks_ _like_ a valid IP packet, then accept it as if it _is_ a valid IP packet? Are there TCP/IP helper functions in libnetfilter_xxx that are preferred for packet analysis? Again, documentation is thin, and I'd rather use what everybody else is using, instead of choosing a doomed-to-deprecation branch of some library. Thanks!
-- /========================================/ 日本電信電話株式会社 ソフトウェアイノベーションセンタ 川谷宗之 TEL: 0422-59-4307(直通) MAIL: kawatani.muneyuki@xxxxxxxxxxxxx 東京都武蔵野市緑町3-9-11 /========================================/
