On Sat, Aug 19, 2023 at 11:53:19AM +0200, Alessandro Vesely wrote:
> Hi Duncan, thank you for your reply.
>
[...]
>
> > 2 ...can a queue receive either packet?: Yes. utils/nfqnl_test.c works fine
> > with IPv6. nfq_bind_pf() really *is* obsolete - I'll explain:
> >
> > In libnetfilter_queue:
> > In libnetfilter_queue.c:
> > 493 int nfq_bind_pf(struct nfq_handle *h, uint16_t pf)
> > 494 {
> > 495 return __build_send_cfg_msg(h, NFQNL_CFG_CMD_PF_BIND, 0, pf);
> > 496 }
> >
> > In Linux kernel:
> > In net/netfilter/nfnetlink_queue.c
> > 1380 case NFQNL_CFG_CMD_PF_BIND:
> > 1381 case NFQNL_CFG_CMD_PF_UNBIND:
> > 1382 break;
> > 1383 default:
> > 1384 ret = -ENOTSUPP;
> > 1385 goto err_out_unlock;
>
>
> Heck, I see. In particular, the cmd->pf argument is never used. That means
> that the type of packet a filter receives only depends on what iptables of
> nft are shoving at its queue, irrespective of compile and runtime config.
> Correct?
>
Yes, correct.
>
> Best
> Ale
> --
>
Cheers ... Duncan.
