[PATCH nf-next] nfqueue: enable to get skb->priority

[PATCH nf-next] nfqueue: enable to get skb->priority

[Nicolas Dichtel]

This info could be useful to improve traffic analysis.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 include/uapi/linux/netfilter/nfnetlink_queue.h | 1 +
 net/netfilter/nfnetlink_queue.c                | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index aed90c4df0c8..ef7c97f21a15 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -61,6 +61,7 @@ enum nfqnl_attr_type {
 	NFQA_SECCTX,			/* security context string */
 	NFQA_VLAN,			/* nested attribute: packet vlan info */
 	NFQA_L2HDR,			/* full L2 header */
+	NFQA_PRIORITY,			/* skb->priority */
 
 	__NFQA_MAX
 };
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index ea2d9c2a44cf..48d7a59c6482 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -402,6 +402,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 		+ nla_total_size(sizeof(u_int32_t))	/* ifindex */
 #endif
 		+ nla_total_size(sizeof(u_int32_t))	/* mark */
+		+ nla_total_size(sizeof(u_int32_t))	/* priority */
 		+ nla_total_size(sizeof(struct nfqnl_msg_packet_hw))
 		+ nla_total_size(sizeof(u_int32_t))	/* skbinfo */
 		+ nla_total_size(sizeof(u_int32_t));	/* cap_len */
@@ -559,6 +560,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	    nla_put_be32(skb, NFQA_MARK, htonl(entskb->mark)))
 		goto nla_put_failure;
 
+	if (entskb->priority &&
+	    nla_put_be32(skb, NFQA_PRIORITY, htonl(entskb->priority)))
+		goto nla_put_failure;
+
 	if (indev && entskb->dev &&
 	    skb_mac_header_was_set(entskb) &&
 	    skb_mac_header_len(entskb) != 0) {
-- 
2.33.0

Re: [PATCH nf-next] nfqueue: enable to get skb->priority

[Florian Westphal]

Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
> This info could be useful to improve traffic analysis.

Acked-by: Florian Westphal <fw@strlen.de>

Re: [PATCH nf-next] nfqueue: enable to get skb->priority

[Pablo Neira Ayuso]

On Mon, Jan 17, 2022 at 09:56:13PM +0100, Nicolas Dichtel wrote:
> This info could be useful to improve traffic analysis.

Applied.

Re: [PATCH nf-next] nfqueue: enable to get skb->priority

[Pablo Neira Ayuso]

On Fri, Feb 04, 2022 at 06:15:20AM +0100, Pablo Neira Ayuso wrote:
> On Mon, Jan 17, 2022 at 09:56:13PM +0100, Nicolas Dichtel wrote:
> > This info could be useful to improve traffic analysis.
> 
> Applied.

Maybe allow to update this skbuff field from the verdict path too?
I don't remember any read-only field like this in nfqueue.

[PATCH nf-next] nfqueue: enable to set skb->priority

[Nicolas Dichtel]

This is a follow up of the previous patch that enables to get
skb->priority. It's now posssible to set it also.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 net/netfilter/nfnetlink_queue.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 48d7a59c6482..8c15978d9258 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -1019,11 +1019,13 @@ static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = {
 	[NFQA_CT]		= { .type = NLA_UNSPEC },
 	[NFQA_EXP]		= { .type = NLA_UNSPEC },
 	[NFQA_VLAN]		= { .type = NLA_NESTED },
+	[NFQA_PRIORITY]		= { .type = NLA_U32 },
 };
 
 static const struct nla_policy nfqa_verdict_batch_policy[NFQA_MAX+1] = {
 	[NFQA_VERDICT_HDR]	= { .len = sizeof(struct nfqnl_msg_verdict_hdr) },
 	[NFQA_MARK]		= { .type = NLA_U32 },
+	[NFQA_PRIORITY]		= { .type = NLA_U32 },
 };
 
 static struct nfqnl_instance *
@@ -1104,6 +1106,9 @@ static int nfqnl_recv_verdict_batch(struct sk_buff *skb,
 		if (nfqa[NFQA_MARK])
 			entry->skb->mark = ntohl(nla_get_be32(nfqa[NFQA_MARK]));
 
+		if (nfqa[NFQA_PRIORITY])
+			entry->skb->priority = ntohl(nla_get_be32(nfqa[NFQA_PRIORITY]));
+
 		nfqnl_reinject(entry, verdict);
 	}
 	return 0;
@@ -1230,6 +1235,9 @@ static int nfqnl_recv_verdict(struct sk_buff *skb, const struct nfnl_info *info,
 	if (nfqa[NFQA_MARK])
 		entry->skb->mark = ntohl(nla_get_be32(nfqa[NFQA_MARK]));
 
+	if (nfqa[NFQA_PRIORITY])
+		entry->skb->priority = ntohl(nla_get_be32(nfqa[NFQA_PRIORITY]));
+
 	nfqnl_reinject(entry, verdict);
 	return 0;
 }
-- 
2.33.0

[PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Nicolas Dichtel]

Available since linux v5.18.

Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 .../libnetfilter_queue/libnetfilter_queue.h   |  3 +++
 include/linux/netfilter/nfnetlink_queue.h     | 16 +++++++++++++-
 src/libnetfilter_queue.c                      | 21 ++++++++++++++++++-
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index a19122f10ec6..8a191dfdfeaf 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -96,6 +96,8 @@ extern struct nfqnl_msg_packet_hdr *
 
 extern uint32_t nfq_get_nfmark(struct nfq_data *nfad);
 
+extern uint32_t nfq_get_priority(struct nfq_data *nfad);
+
 extern int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv);
 
 /* return 0 if not set */
@@ -132,6 +134,7 @@ enum {
 	NFQ_XML_UID	= (1 << 6),
 	NFQ_XML_GID	= (1 << 7),
 	NFQ_XML_SECCTX  = (1 << 8),
+	NFQ_XML_PRIORITY= (1 << 9),
 	NFQ_XML_ALL	= ~0U,
 };
 
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 8e2e4697ffb0..ef7c97f21a15 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
 #ifndef _NFNETLINK_QUEUE_H
 #define _NFNETLINK_QUEUE_H
 
@@ -30,6 +31,14 @@ struct nfqnl_msg_packet_timestamp {
 	__aligned_be64	usec;
 };
 
+enum nfqnl_vlan_attr {
+	NFQA_VLAN_UNSPEC,
+	NFQA_VLAN_PROTO,		/* __be16 skb vlan_proto */
+	NFQA_VLAN_TCI,			/* __be16 skb htons(vlan_tci) */
+	__NFQA_VLAN_MAX,
+};
+#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1)
+
 enum nfqnl_attr_type {
 	NFQA_UNSPEC,
 	NFQA_PACKET_HDR,
@@ -49,7 +58,10 @@ enum nfqnl_attr_type {
 	NFQA_EXP,			/* nfnetlink_conntrack.h */
 	NFQA_UID,			/* __u32 sk uid */
 	NFQA_GID,			/* __u32 sk gid */
-	NFQA_SECCTX,
+	NFQA_SECCTX,			/* security context string */
+	NFQA_VLAN,			/* nested attribute: packet vlan info */
+	NFQA_L2HDR,			/* full L2 header */
+	NFQA_PRIORITY,			/* skb->priority */
 
 	__NFQA_MAX
 };
@@ -111,5 +123,7 @@ enum nfqnl_attr_config {
 #define NFQA_SKB_CSUMNOTREADY (1 << 0)
 /* packet is GSO (i.e., exceeds device mtu) */
 #define NFQA_SKB_GSO (1 << 1)
+/* csum not validated (incoming device doesn't support hw checksum, etc.) */
+#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
 
 #endif /* _NFNETLINK_QUEUE_H */
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index a1701431d5d9..b5a3b399f5ea 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -1017,6 +1017,18 @@ uint32_t nfq_get_nfmark(struct nfq_data *nfad)
 	return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t));
 }
 
+/**
+ * nfq_get_priority - get the packet priority
+ * \param nfad Netlink packet data handle passed to callback function
+ *
+ * \return the packet priority currently assigned to the given queued packet.
+ */
+EXPORT_SYMBOL
+uint32_t nfq_get_priority(struct nfq_data *nfad)
+{
+	return ntohl(nfnl_get_data(nfad->data, NFQA_PRIORITY, uint32_t));
+}
+
 /**
  * nfq_get_timestamp - get the packet timestamp
  * \param nfad Netlink packet data handle passed to callback function
@@ -1403,6 +1415,7 @@ do {								\
  *	- NFQ_XML_PHYSDEV: include the physical device information
  *	- NFQ_XML_PAYLOAD: include the payload (in hexadecimal)
  *	- NFQ_XML_TIME: include the timestamp
+ *	- NFQ_XML_PRIORITY: include the packet priority
  *	- NFQ_XML_ALL: include all the logging information (all flags set)
  *
  * You can combine this flags with an binary OR.
@@ -1416,7 +1429,7 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
 {
 	struct nfqnl_msg_packet_hdr *ph;
 	struct nfqnl_msg_packet_hw *hwph;
-	uint32_t mark, ifi;
+	uint32_t mark, ifi, priority;
 	uint32_t uid, gid;
 	int size, offset = 0, len = 0, ret;
 	unsigned char *data;
@@ -1507,6 +1520,12 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
 		SNPRINTF_FAILURE(size, rem, offset, len);
 	}
 
+	priority = nfq_get_priority(tb);
+	if (priority && (flags & NFQ_XML_PRIORITY)) {
+		size = snprintf(buf + offset, rem, "<priority>%u</priority>", priority);
+		SNPRINTF_FAILURE(size, rem, offset, len);
+	}
+
 	ifi = nfq_get_indev(tb);
 	if (ifi && (flags & NFQ_XML_DEV)) {
 		size = snprintf(buf + offset, rem, "<indev>%u</indev>", ifi);
-- 
2.33.0

Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Nicolas Dichtel]

Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit :
> Available since linux v5.18.
> 
> Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> ---

Should I send another patch for the 'set' part?
In this case, a nfq_set_verdict3(). The name is a bit ugly ;-)
Any suggestions?

Re: [PATCH nf-next] nfqueue: enable to set skb->priority

[Florian Westphal]

Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
> This is a follow up of the previous patch that enables to get
> skb->priority. It's now posssible to set it also.

Seems reasonable.

Acked-by: Florian Westphal <fw@strlen.de>

Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Florian Westphal]

Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
> 
> Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit :
> > Available since linux v5.18.
> > 
> > Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
> > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> > ---
> 
> Should I send another patch for the 'set' part?
> In this case, a nfq_set_verdict3(). The name is a bit ugly ;-)
> Any suggestions?

I think we should just let the old api die and tell users
to use the mnl interface, that allows to add the new attribute
as soon as its available.

Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Pablo Neira Ayuso]

On Fri, Feb 04, 2022 at 01:01:26PM +0100, Florian Westphal wrote:
> Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
> > 
> > Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit :
> > > Available since linux v5.18.
> > > 
> > > Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
> > > Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> > > ---
> > 
> > Should I send another patch for the 'set' part?
> > In this case, a nfq_set_verdict3(). The name is a bit ugly ;-)
> > Any suggestions?
> 
> I think we should just let the old api die and tell users
> to use the mnl interface, that allows to add the new attribute
> as soon as its available.

We have to provide a simple API based on mnl which ressembles the
existing old API.

Feedback in these years is that there are a users that do not need to
know about netlink details / advanced handling.

Re: [PATCH nf-next] nfqueue: enable to set skb->priority

[kernel test robot]

Hi Nicolas,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-rhel-8.3 (https://download.01.org/0day-ci/archive/20220205/202202050128.hIk17NxG-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/6a71b6ea544796cb9976502dfd64361abb745cc5
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222
        git checkout 6a71b6ea544796cb9976502dfd64361abb745cc5
        # save the config file to linux build tree
        mkdir build_dir
        make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/kvm/ net/netfilter/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> net/netfilter/nfnetlink_queue.c:1017:3: error: 'NFQA_PRIORITY' undeclared here (not in a function); did you mean 'FRA_PRIORITY'?
    1017 |  [NFQA_PRIORITY]  = { .type = NLA_U32 },
         |   ^~~~~~~~~~~~~
         |   FRA_PRIORITY
>> net/netfilter/nfnetlink_queue.c:1017:3: error: array index in initializer not of integer type
   net/netfilter/nfnetlink_queue.c:1017:3: note: (near initialization for 'nfqa_verdict_policy')
   net/netfilter/nfnetlink_queue.c:1023:3: error: array index in initializer not of integer type
    1023 |  [NFQA_PRIORITY]  = { .type = NLA_U32 },
         |   ^~~~~~~~~~~~~
   net/netfilter/nfnetlink_queue.c:1023:3: note: (near initialization for 'nfqa_verdict_batch_policy')


vim +1017 net/netfilter/nfnetlink_queue.c

  1009	
  1010	static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = {
  1011		[NFQA_VERDICT_HDR]	= { .len = sizeof(struct nfqnl_msg_verdict_hdr) },
  1012		[NFQA_MARK]		= { .type = NLA_U32 },
  1013		[NFQA_PAYLOAD]		= { .type = NLA_UNSPEC },
  1014		[NFQA_CT]		= { .type = NLA_UNSPEC },
  1015		[NFQA_EXP]		= { .type = NLA_UNSPEC },
  1016		[NFQA_VLAN]		= { .type = NLA_NESTED },
> 1017		[NFQA_PRIORITY]		= { .type = NLA_U32 },
  1018	};
  1019	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Re: [PATCH nf-next] nfqueue: enable to set skb->priority

[kernel test robot]

[-- Attachment #1: Type: text/plain, Size: 2519 bytes --]

Hi Nicolas,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-rhel-8.3 (https://download.01.org/0day-ci/archive/20220205/202202050128.hIk17NxG-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
        # https://github.com/0day-ci/linux/commit/6a71b6ea544796cb9976502dfd64361abb745cc5
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Nicolas-Dichtel/nfqueue-enable-to-set-skb-priority/20220204-182222
        git checkout 6a71b6ea544796cb9976502dfd64361abb745cc5
        # save the config file to linux build tree
        mkdir build_dir
        make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/kvm/ net/netfilter/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

>> net/netfilter/nfnetlink_queue.c:1017:3: error: 'NFQA_PRIORITY' undeclared here (not in a function); did you mean 'FRA_PRIORITY'?
    1017 |  [NFQA_PRIORITY]  = { .type = NLA_U32 },
         |   ^~~~~~~~~~~~~
         |   FRA_PRIORITY
>> net/netfilter/nfnetlink_queue.c:1017:3: error: array index in initializer not of integer type
   net/netfilter/nfnetlink_queue.c:1017:3: note: (near initialization for 'nfqa_verdict_policy')
   net/netfilter/nfnetlink_queue.c:1023:3: error: array index in initializer not of integer type
    1023 |  [NFQA_PRIORITY]  = { .type = NLA_U32 },
         |   ^~~~~~~~~~~~~
   net/netfilter/nfnetlink_queue.c:1023:3: note: (near initialization for 'nfqa_verdict_batch_policy')


vim +1017 net/netfilter/nfnetlink_queue.c

  1009	
  1010	static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = {
  1011		[NFQA_VERDICT_HDR]	= { .len = sizeof(struct nfqnl_msg_verdict_hdr) },
  1012		[NFQA_MARK]		= { .type = NLA_U32 },
  1013		[NFQA_PAYLOAD]		= { .type = NLA_UNSPEC },
  1014		[NFQA_CT]		= { .type = NLA_UNSPEC },
  1015		[NFQA_EXP]		= { .type = NLA_UNSPEC },
  1016		[NFQA_VLAN]		= { .type = NLA_NESTED },
> 1017		[NFQA_PRIORITY]		= { .type = NLA_U32 },
  1018	};
  1019	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

Re: [PATCH nf-next] nfqueue: enable to set skb->priority

[Pablo Neira Ayuso]

On Fri, Feb 04, 2022 at 11:21:43AM +0100, Nicolas Dichtel wrote:
> This is a follow up of the previous patch that enables to get
> skb->priority. It's now posssible to set it also.

Applied.

Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Nicolas Dichtel]

Le 04/02/2022 à 15:20, Pablo Neira Ayuso a écrit :
> On Fri, Feb 04, 2022 at 01:01:26PM +0100, Florian Westphal wrote:
>> Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
>>>
>>> Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit :
>>>> Available since linux v5.18.
>>>>
>>>> Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
>>>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
>>>> ---
>>>
>>> Should I send another patch for the 'set' part?
>>> In this case, a nfq_set_verdict3(). The name is a bit ugly ;-)
>>> Any suggestions?
>>
>> I think we should just let the old api die and tell users
>> to use the mnl interface, that allows to add the new attribute
>> as soon as its available.
> 
> We have to provide a simple API based on mnl which ressembles the
> existing old API.
> 
> Feedback in these years is that there are a users that do not need to
> know about netlink details / advanced handling.
If I understand well, libnetfilter_queue is deprecated?
If this is right, maybe it could be advertised on the project page:
https://netfilter.org/projects/libnetfilter_queue/index.html


Regards,
Nicolas

Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Pablo Neira Ayuso]

On Wed, Feb 23, 2022 at 10:01:48AM +0100, Nicolas Dichtel wrote:
> 
> Le 04/02/2022 à 15:20, Pablo Neira Ayuso a écrit :
> > On Fri, Feb 04, 2022 at 01:01:26PM +0100, Florian Westphal wrote:
> >> Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
> >>>
> >>> Le 04/02/2022 à 11:26, Nicolas Dichtel a écrit :
> >>>> Available since linux v5.18.
> >>>>
> >>>> Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
> >>>> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
> >>>> ---
> >>>
> >>> Should I send another patch for the 'set' part?
> >>> In this case, a nfq_set_verdict3(). The name is a bit ugly ;-)
> >>> Any suggestions?
> >>
> >> I think we should just let the old api die and tell users
> >> to use the mnl interface, that allows to add the new attribute
> >> as soon as its available.
> > 
> > We have to provide a simple API based on mnl which ressembles the
> > existing old API.
> > 
> > Feedback in these years is that there are a users that do not need to
> > know about netlink details / advanced handling.
>
> If I understand well, libnetfilter_queue is deprecated?

This library is not deprecated.

> If this is right, maybe it could be advertised on the project page:
> https://netfilter.org/projects/libnetfilter_queue/index.html

Documentation already mentions this:

https://netfilter.org/projects/libnetfilter_queue/doxygen/html/

Re: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority

[Nicolas Dichtel]

Le 23/02/2022 à 11:24, Pablo Neira Ayuso a écrit :
[snip]
>> If I understand well, libnetfilter_queue is deprecated?
> 
> This library is not deprecated.
Oh ok, sorry for my misunderstanding.
So my patch is relevant?