On Sun 20/Aug/2023 23:41:43 +0200 Pablo Neira Ayuso wrote:
On Fri, Aug 18, 2023 at 12:56:38PM +0200, Alessandro Vesely wrote:
[...]
So, the first question: Can I keep using these functions? What is the alternative?
The alternative is the libmnl-based API which is the way to go for new
applications.
The nf-queue.c[*] example that illustrates libmnl is strange. It show a
function nfq_nlmsg_put() (libnetfilter-queue). I have two questions about it:
1) In the example it is called twice, the second time after setting attrs.
What purpose does the first call serve?
2) Is it fine to use a small buffer? My filter only looks at addresses, so it
should be enough to copy 40 bytes. Can it be on stack?
Second question: Is there a "mixed mode" parameter, besides PF_INET and
PF_INET6, that allows to capture both types? In that case, can a queue
receive either packet?
Using the 'inet' family in nftables, it should be possible to send
both IPv4 and IPv6 packets to one single queue in userspace.
Yes, or two calls to iptables and ip6tables. However, nfq_nlmsg_cfg_put_cmd()
takes a pf argument, AF_INET in the example. Is that argument used at all?
Thanks
Ale
--
[*] https://git.netfilter.org/libnetfilter_queue/tree/examples/nf-queue.c
