From 6924b4987d88fbe383bec4da4cf331cc466c245e Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 20 Jan 2011 11:27:42 +0100 Subject: extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal Signed-off-by: Patrick McHardy --- extensions/libxt_NFQUEUE.man | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'extensions/libxt_NFQUEUE.man') diff --git a/extensions/libxt_NFQUEUE.man b/extensions/libxt_NFQUEUE.man index 59eddfcb..910e3863 100644 --- a/extensions/libxt_NFQUEUE.man +++ b/extensions/libxt_NFQUEUE.man @@ -5,7 +5,8 @@ It can only be used with Kernel versions 2.6.14 or later, since it requires the .B nfnetlink_queue -kernel support. The \fBqueue-balance\fP option was added in Linux 2.6.31. +kernel support. The \fBqueue-balance\fP option was added in Linux 2.6.31, +\fBqueue-bypass\fP in 2.6.39. .TP \fB\-\-queue\-num\fP \fIvalue\fP This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0. @@ -16,3 +17,9 @@ This specifies a range of queues to use. Packets are then balanced across the gi This is useful for multicore systems: start multiple instances of the userspace program on queues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP". Packets belonging to the same connection are put into the same nfqueue. +.PP +.TP +\fB\-\-queue\-bypass\fP +By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued +are dropped. When this option is used, the NFQUEUE rule is silently bypassed instead. The packet +will move on to the next rule. -- cgit v1.2.3