Hi Pablo, On Thu, May 27, 2021 at 10:23:15PM +0200, Pablo Neira Ayuso wrote: > On Tue, May 18, 2021 at 01:08:48PM +1000, Duncan Roe wrote: > > To avoid a copy, the new code takes advantage of the fact that the netfilter > > netlink queue never returns multipart messages. [...] > > Interesting idea: let me get back to you with a proposal based on this > patch. > > Meanwhile, I have pushed out the __pktb_setup() function which is > going to be needed: > > http://git.netfilter.org/libnetfilter_queue/commit/?id=710f891c8a6116f520948f5cf448489947fb7d78 > > Thanks. It also occurred to me to wonder what is the benefit of having struct pkt_buff be opaque? It's never going to have a buffer tacked on the end of it any more, so can simply be declared to be sizeof(struct pkt_buff). Users could read the values of struct members directly rather than having to learn and use the current procedural interface. That would have to use less instructions to achieve, but I have yet to benchmark to see if the improvement is measureable. We could document when (if ever) the structure may be written to directly but even if developers break the rules, what damage can they do? This is a userspace program: they're not going to crash the kernel. I sidestepped this question in the code by passing down pktb_instance from local_cb(). Regardless of the above, do you think you might have a proposal for me some time soon? Cheers ... Duncan.
