source-git / iptables

Clone
Source Code
GIT

Blame bootstrap_ver/extensions/libxt_NFQUEUE.man

c8 c8s master
  1.   dd8e2bd7014ff0d97d7851c2ac646f58a69c1677
  2.   bootstrap_ver
  3.   extensions
  4.   libxt_NFQUEUE.man
Blob History Raw
Packit Service dd8e2b 
This target passes the packet to userspace using the
Packit Service dd8e2b 
\fBnfnetlink_queue\fP handler.  The packet is put into the queue
Packit Service dd8e2b 
identified by its 16-bit queue number.  Userspace can inspect
Packit Service dd8e2b 
and modify the packet if desired. Userspace must then drop or
Packit Service dd8e2b 
reinject the packet into the kernel.  Please see libnetfilter_queue
Packit Service dd8e2b 
for details.
Packit Service dd8e2b 
.B
Packit Service dd8e2b 
nfnetlink_queue
Packit Service dd8e2b 
was added in Linux 2.6.14. The \fBqueue-balance\fP option was added in Linux 2.6.31,
Packit Service dd8e2b 
\fBqueue-bypass\fP in 2.6.39.
Packit Service dd8e2b 
.TP
Packit Service dd8e2b 
\fB\-\-queue\-num\fP \fIvalue\fP
Packit Service dd8e2b 
This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0.
Packit Service dd8e2b 
.PP
Packit Service dd8e2b 
.TP
Packit Service dd8e2b 
\fB\-\-queue\-balance\fP \fIvalue\fP\fB:\fP\fIvalue\fP
Packit Service dd8e2b 
This specifies a range of queues to use. Packets are then balanced across the given queues.
Packit Service dd8e2b 
This is useful for multicore systems: start multiple instances of the userspace program on
Packit Service dd8e2b 
queues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP".
Packit Service dd8e2b 
Packets belonging to the same connection are put into the same nfqueue.
Packit Service dd8e2b 
.PP
Packit Service dd8e2b 
.TP
Packit Service dd8e2b 
\fB\-\-queue\-bypass\fP
Packit Service dd8e2b 
By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued
Packit Service dd8e2b 
are dropped.  When this option is used, the NFQUEUE rule behaves like ACCEPT instead, and the packet
Packit Service dd8e2b 
will move on to the next table.
Packit Service dd8e2b 
.PP
Packit Service dd8e2b 
.TP
Packit Service dd8e2b 
\fB\-\-queue\-cpu-fanout\fP
Packit Service dd8e2b 
Available starting Linux kernel 3.10. When used together with
Packit Service dd8e2b 
\fB--queue-balance\fP this will use the CPU ID as an index to map packets to
Packit Service dd8e2b 
the queues. The idea is that you can improve performance if there's a queue
Packit Service dd8e2b 
per CPU. This requires \fB--queue-balance\fP to be specified.

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation