diff options
Diffstat (limited to 'src/libnetfilter_queue.c')
-rw-r--r-- | src/libnetfilter_queue.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 065d618..1702158 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -657,7 +657,16 @@ EXPORT_SYMBOL(nfq_set_mode); * * - NFQA_CFG_F_GSO (requires Linux kernel >= 3.10): the kernel will * not normalize offload packets, i.e. your application will need to - * be able to handle packets larger than the mtu (up to 64k). + * be able to handle packets larger than the mtu. + * + * Normalization is expensive, so this flag should always be set. + * Because attributes in netlink messages are limited to 65531 bytes, + * you also need to check the NFQA_CAP_LEN attribute, it contains the + * original size of the captured packet on the kernel side. + * If it is set and differs from the payload length, the packet was + * truncated. This also happens when limiting capture size + * with the NFQNL_COPY_PACKET setting, or when e.g. a local user + * sends a very large packet. * * If your application validates checksums (e.g., tcp checksum), * then you must also check if the NFQA_SKB_INFO attribute is present. @@ -671,6 +680,8 @@ EXPORT_SYMBOL(nfq_set_mode); \endverbatim * if this bit is set, the layer 3/4 checksums of the packet appear incorrect, * but are not (because they will be corrected later by the kernel). + * Please see example/nf-queue.c in the libnetfilter_queue source for more + * details. * * - NFQA_CFG_F_UID_GID: the kernel will dump UID and GID of the socket to * which each packet belongs. |