Hi Pablo, On Tue, May 05, 2020 at 02:30:34PM +0200, Pablo Neira Ayuso wrote: [...] > > And we tell users to dimension buf to NFQ_BUFFER_SIZE. We don't even need to > > expose pktb_head_size(). On second thoughts, maybe document in a Note the actual formula for how big the buffer needs to be. And keep pktb_head_size(). > > NFQ_BUFFER_SIZE tells what is the maximum netlink message size coming > from the kernel. That netlink message contains metadata and the actual > payload data. I meant NFQ_BUFFER_SIZE (or some better name) to be a new macro expanding to '0xffff + (MNL_SOCKET_BUFFER_SIZE/2)' as you suggested in https://www.spinics.net/lists/netfilter-devel/msg66938.html. Is that only just large enough for largest possible packet? Or is there room for struct pkt_buff as well? Cheers ... Duncan.
