On Sun 27/Aug/2023 10:34:09 +0200 Duncan Roe wrote:
It seems a buffer can contain several packets. Is that related with the
queue maxlen?
man 7 netlink will tell you that netlink messages may be batched.
Thanks for the pointer, I hadn't noticed it.
This is straightforward to observe in a libnetfilter_log program under gdb. >
However libnetfilter_queue programs never get batched netlink messages. So the
callback isn't strictly necessary but it would mean extra code to special-case
libnetfilter_queue (among all the other netfilter libraries) so it's been left
there.
If you rely on this behaviour it might be prudent to check that bytes read ==
*(struct nlmsghdr *)buf.nlmsg_len.
You can obtain the packet payload length via:
len = mnl_attr_get_payload_len(attr[NFQA_PAYLOAD]);
And this should be the length specified with NFQNL_COPY_PACKET (or less), correct?
You can check for packet truncation by checking `len` above against what you
actually received.
I'll try. However, I'd never know if my test conditions equal what can happen
at runtime. As I only look at addresses, it's fine to truncate packets at that
length.
I just want to minimize memory footprint, but without hampering performance.
Thanks
Ale
--
