On Tue, May 18, 2021 at 01:08:48PM +1000, Duncan Roe wrote: > To avoid a copy, the new code takes advantage of the fact that the netfilter > netlink queue never returns multipart messages. > This means that the buffer space following that callback data is available for > packet expansion when mangling. > > nfq_cb_run() is a new nfq-specific callback runqueue for netlink messages. > The principal function of nfq_cb_run() is to pass to the called function what is > the length of free space after the packet. > As a side benefit, nfq_cb_run() also gives the called functio a pointer to a > zeroised struct pkt_buff, avoiding the malloc / free that was previously needed. > > nfq_cb_t is a new typedef for the function called by nfq_cb_run() > [c.f. mnl_cb_t / mnl_cb_run]. Interesting idea: let me get back to you with a proposal based on this patch. Meanwhile, I have pushed out the __pktb_setup() function which is going to be needed: http://git.netfilter.org/libnetfilter_queue/commit/?id=710f891c8a6116f520948f5cf448489947fb7d78 Thanks.