You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.5 KiB
34 lines
1.5 KiB
This target passes the packet to userspace using the
|
|
\fBnfnetlink_queue\fP handler. The packet is put into the queue
|
|
identified by its 16-bit queue number. Userspace can inspect
|
|
and modify the packet if desired. Userspace must then drop or
|
|
reinject the packet into the kernel. Please see libnetfilter_queue
|
|
for details.
|
|
.B
|
|
nfnetlink_queue
|
|
was added in Linux 2.6.14. The \fBqueue-balance\fP option was added in Linux 2.6.31,
|
|
\fBqueue-bypass\fP in 2.6.39.
|
|
.TP
|
|
\fB\-\-queue\-num\fP \fIvalue\fP
|
|
This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0.
|
|
.PP
|
|
.TP
|
|
\fB\-\-queue\-balance\fP \fIvalue\fP\fB:\fP\fIvalue\fP
|
|
This specifies a range of queues to use. Packets are then balanced across the given queues.
|
|
This is useful for multicore systems: start multiple instances of the userspace program on
|
|
queues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP".
|
|
Packets belonging to the same connection are put into the same nfqueue.
|
|
.PP
|
|
.TP
|
|
\fB\-\-queue\-bypass\fP
|
|
By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued
|
|
are dropped. When this option is used, the NFQUEUE rule behaves like ACCEPT instead, and the packet
|
|
will move on to the next table.
|
|
.PP
|
|
.TP
|
|
\fB\-\-queue\-cpu-fanout\fP
|
|
Available starting Linux kernel 3.10. When used together with
|
|
\fB--queue-balance\fP this will use the CPU ID as an index to map packets to
|
|
the queues. The idea is that you can improve performance if there's a queue
|
|
per CPU. This requires \fB--queue-balance\fP to be specified.
|