Re: IPChains NetLink Device

Paul Rusty Russell (Paul.Russell@rustcorp.com.au)
Wed, 12 May 1999 03:14:40 +0930

In message <19990511111012.A5763@itrade.net> you write:
> I am working on some code that reads packets from the netlink device
> (IP_FIREWALL_NETLINK) to do some specialized reporting about certain packets.
>
> I was looking at the sample code in fwinterface.c (libfw-0.2) and it looks
> like it reads 65535 bytes at a time (and always returns less).

Actually, it's sizeof(struct netdev { __u32 len; __u32 mark; char
interface[IFNAMSIZ]; }) + 65535, otherwise you may get an incomplete
packet.

> Questions:
> Are you guaranteed to only get one packet for one read or
> are there sometimes several?

Always one. One read, one packet; it's not a stream socket. Alexey
explained this to me in little words.

> Does a read always return the start of the packet or is there a
> possibility that you may start reading in the middle of a packet?

Always the start.

> If you don't read packets fast enough, are some discarded?

Since late in the 2.1 series, if the packet can't be queued for
netlink, it is dropped inside ip_fw.c. You also get an read() failure
and errno==ENOBUFS (IIRC), which can be ignored, but tells you that
packets were dropped. (In fact, there's a net_ratelimit'd printk as
well, which you can remove if it bothers you).

Hope that helps,
Rusty.
PS. The ipchains-dev list at rustcorp.com is good for furthur questions.

--
Tridge, Raster, DaveM, Cort, maddog... Where will you be 9-11 July 1999?
                http://www.linux.org.au/projects/calu


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/