On Mon, Aug 28, 2023 at 04:58:09AM +1000, Duncan Roe wrote: > On Sun, Aug 27, 2023 at 07:20:45PM +0200, Alessandro Vesely wrote: > > On Sun 27/Aug/2023 10:34:09 +0200 Duncan Roe wrote: > > > > It seems a buffer can contain several packets. Is that related with the > > > > queue maxlen? > > > > > > > man 7 netlink will tell you that netlink messages may be batched. > > > > > > Thanks for the pointer, I hadn't noticed it. > > > > > > > This is straightforward to observe in a libnetfilter_log program under gdb. > > > > However libnetfilter_queue programs never get batched netlink messages. So the > > > callback isn't strictly necessary but it would mean extra code to special-case > > > libnetfilter_queue (among all the other netfilter libraries) so it's been left > > > there. > > > > > > If you rely on this behaviour it might be prudent to check that bytes read == > > > *(struct nlmsghdr *)buf.nlmsg_len. > > > > > > > > You can obtain the packet payload length via: > > > > > > > > > > len = mnl_attr_get_payload_len(attr[NFQA_PAYLOAD]); > > > > > > > > And this should be the length specified with NFQNL_COPY_PACKET (or less), correct? > > > > > > > You can check for packet truncation by checking `len` above against what you > > > actually received. > > > > > > I'll try. However, I'd never know if my test conditions equal what can > > happen at runtime. As I only look at addresses, it's fine to truncate > > packets at that length. > > > > I just want to minimize memory footprint, but without hampering performance. > > You definitely want to use the new pktb_setup_raw() function then. git clone or > fork the repo at https://git.netfilter.org/libnetfilter_queue/ If Andrea would like to use the pkbuff infrastructure, then yes. Please note that such pktbuff infrastructure is entirely optional.
