From 63973da8fe3efbe9108eb6f968c81e7c35c70605 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 21 Jun 2017 20:34:19 +0200 Subject: doc: extend the doxygen section about NFQA_CFG_F_GSO Signed-off-by: Florian Westphal --- src/libnetfilter_queue.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/libnetfilter_queue.c') diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 065d618..1702158 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -657,7 +657,16 @@ EXPORT_SYMBOL(nfq_set_mode); * * - NFQA_CFG_F_GSO (requires Linux kernel >= 3.10): the kernel will * not normalize offload packets, i.e. your application will need to - * be able to handle packets larger than the mtu (up to 64k). + * be able to handle packets larger than the mtu. + * + * Normalization is expensive, so this flag should always be set. + * Because attributes in netlink messages are limited to 65531 bytes, + * you also need to check the NFQA_CAP_LEN attribute, it contains the + * original size of the captured packet on the kernel side. + * If it is set and differs from the payload length, the packet was + * truncated. This also happens when limiting capture size + * with the NFQNL_COPY_PACKET setting, or when e.g. a local user + * sends a very large packet. * * If your application validates checksums (e.g., tcp checksum), * then you must also check if the NFQA_SKB_INFO attribute is present. @@ -671,6 +680,8 @@ EXPORT_SYMBOL(nfq_set_mode); \endverbatim * if this bit is set, the layer 3/4 checksums of the packet appear incorrect, * but are not (because they will be corrected later by the kernel). + * Please see example/nf-queue.c in the libnetfilter_queue source for more + * details. * * - NFQA_CFG_F_UID_GID: the kernel will dump UID and GID of the socket to * which each packet belongs. -- cgit v1.2.3