On Sun, Aug 27, 2023 at 07:20:45PM +0200, Alessandro Vesely wrote: > On Sun 27/Aug/2023 10:34:09 +0200 Duncan Roe wrote: > > > It seems a buffer can contain several packets. Is that related with the > > > queue maxlen? > > > > > man 7 netlink will tell you that netlink messages may be batched. > > > Thanks for the pointer, I hadn't noticed it. > > > > This is straightforward to observe in a libnetfilter_log program under gdb. > > > However libnetfilter_queue programs never get batched netlink messages. So the > > callback isn't strictly necessary but it would mean extra code to special-case > > libnetfilter_queue (among all the other netfilter libraries) so it's been left > > there. > > > > If you rely on this behaviour it might be prudent to check that bytes read == > > *(struct nlmsghdr *)buf.nlmsg_len. > > > > > > You can obtain the packet payload length via: > > > > > > > > len = mnl_attr_get_payload_len(attr[NFQA_PAYLOAD]); > > > > > > And this should be the length specified with NFQNL_COPY_PACKET (or less), correct? > > > > > You can check for packet truncation by checking `len` above against what you > > actually received. > > > I'll try. However, I'd never know if my test conditions equal what can > happen at runtime. As I only look at addresses, it's fine to truncate > packets at that length. > > I just want to minimize memory footprint, but without hampering performance. > You definitely want to use the new pktb_setup_raw() function then. git clone or fork the repo at https://git.netfilter.org/libnetfilter_queue/ Cheers ... Duncan. > > Thanks > Ale
