Skip to content

Netfilter Queue Howto

Extensions

通过加载extensions可以获得specified options 例如tcp extensions:

–tcp-flags
–syn
–source-port
–sport
–destination-port
–dport
–tcp-option

Targets
iptables -A INPUT -j QUEUE
macth到的包都送去queue这个chain去比较

QUEUE is a special target, which queues the packet for userspace processing. For this to be useful, two further components are required:

  • a “queue handler”, which deals with the actual mechanics of passing packets between the kernel and userspace; and
  • a userspace application to receive, possibly manipulate, and issue verdicts on packets.

Posted in Multi-threaded L7-Filter. Tagged with , , .

By silwings
July 13, 2009

No comments

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

(required)

(required, but never shared)

or, reply to this post via trackback.