Hi Pablo, Can we please sort out just what you want before I send nfq_nlmsg_put2 v4? And, where applicable, would you like the same changes made to nfq_nlmsg_put? On Wed, Nov 15, 2023 at 12:41:03PM +0100, Pablo Neira Ayuso wrote: > [...] > > + * nfq_nlmsg_put2 - Convert memory buffer into a Netlink buffer with > > + * user-specified flags > > This is setting up a netlink header in the memory buffer. propose > > + * nfq_nlmsg_put2 - Set up a netlink header with user-specified flags > > + * in a memory buffer > [...] > > + * \param flags additional (to NLM_F_REQUEST) flags to put in message header, > > + * commonly NLM_F_ACK > > remove NLM_F_REQUEST here. propose > > + * \param flags flags to put in message header, commonly NLM_F_ACK > [...] > > + * \returns Pointer to netlink message > > Pointer to netlink header propose > > + * \returns Pointer to netlink header > [...] > > + * Use NLM_F_ACK before performing an action that might fail, e.g. > > Failures are always reported. > > if you set NLM_F_ACK, then you always get an acknowledgment from the > kernel, either 0 to report success or negative to report failure. > > if you do not set NLM_F_ACK, then only failures are reported by the > kernel. > > > + * attempt to configure NFQA_CFG_F_SECCTX on a system not runnine SELinux. > > + * \n > > + * NLM_F_ACK instructs the kernel to send a message in response > > + * to a successful command. > > As I said above, this is not accurate. > > + * The kernel always sends a message in response to a failed command. I dispute that my description was inaccurate, but admit it could be clearer, maybe if I change the order and elaborate a bit. propose > > + * The kernel always sends a message in response to a failed command. > > + * NLM_F_ACK instructs the kernel to also send a message in response > > + * to a successful command. This ensures a following read() will not block. > [...] Cheers ... Duncan.
