Cc'ing list this time
----- Forwarded message from Duncan Roe <dunc@xxxxxxxxxxxxxxx> -----
Date: Wed, 15 Nov 2023 10:46:34 +1100
From: Duncan Roe <dunc@xxxxxxxxxxxxxxx>
To: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Subject: Re: [PATCH libnetfilter_queue] utils: Add example of setting socket buffer size
Hi Pablo,
On Tue, Nov 14, 2023 at 04:22:26PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Nov 10, 2023 at 03:16:04PM +1100, Duncan Roe wrote:
> > The libnetfilter_queue main HTML page mentions nfnl_rcvbufsiz() so the new
> > libmnl-only libnetfilter_queue will have to support it.
> >
> > The added call acts as a demo and a test case.
> >
> > Signed-off-by: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
> > ---
> > utils/nfqnl_test.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/utils/nfqnl_test.c b/utils/nfqnl_test.c
> > index 682f3d7..6d2305e 100644
> > --- a/utils/nfqnl_test.c
> > +++ b/utils/nfqnl_test.c
> > @@ -91,6 +91,7 @@ int main(int argc, char **argv)
> > int fd;
> > int rv;
> > uint32_t queue = 0;
> > + uint32_t ret;
> > char buf[4096] __attribute__ ((aligned));
> >
> > if (argc == 2) {
> > @@ -107,6 +108,10 @@ int main(int argc, char **argv)
> > fprintf(stderr, "error during nfq_open()\n");
> > exit(1);
> > }
> > + printf("setting socket buffer size to 2MB\n");
> > + ret = nfnl_rcvbufsiz(nfq_nfnlh(h), 1024 * 1024);
>
> libnfnetlink is deprecated.
Yes I know that, obviously:)
>
> maybe call setsockopt and use nfq_fd() instead if you would like that
> this shows in the example file.
>
> > + printf("Read buffer set to 0x%x bytes (%gMB)\n", ret,
> > + ret / 1024.0 / 1024);
> >
> > printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
> > if (nfq_unbind_pf(h, AF_INET) < 0) {
> > --
> > 2.35.8
> >
The point here is that nfnl_rcvbufsiz() has been advertised in the main page of
libnetfilter_queue HTML for a long time and there are likely a number of systems
out there that use it. When libnfnetlink is removed, libnetfilter_queue will
have to provide nfnl_rcvbufsiz() or those systems will start failing.
I have in mind that although libnetfilter_queue will provide nfnl_rcvbufsiz(),
there will be no documentation for it.
You will see in
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20231112065922.3414-2-duncan_roe@xxxxxxxxxxxxxxx/
I replaced the advice to use nfnl_rcvbufsiz() (in 2 places) with advice to use
setsocketopt(). I only mentioned that programs calling nfnl_rcvbufsiz() will
continue to run.
So I offered this patch as the only documentation of how to use
nfnl_rcvbufsiz(). I need it for my testing, but it's fine with me if you don't
want to take it.
I could add a setsockopt() example to nf-queue or nfqnl_test if you like.
Cheers ... Duncan.
----- End forwarded message -----
