1*a71a9546SAutomerger Merge WorkerThis target passes the packet to userspace using the 2*a71a9546SAutomerger Merge Worker\fBnfnetlink_queue\fP handler. The packet is put into the queue 3*a71a9546SAutomerger Merge Workeridentified by its 16-bit queue number. Userspace can inspect 4*a71a9546SAutomerger Merge Workerand modify the packet if desired. Userspace must then drop or 5*a71a9546SAutomerger Merge Workerreinject the packet into the kernel. Please see libnetfilter_queue 6*a71a9546SAutomerger Merge Workerfor details. 7*a71a9546SAutomerger Merge Worker.B 8*a71a9546SAutomerger Merge Workernfnetlink_queue 9*a71a9546SAutomerger Merge Workerwas added in Linux 2.6.14. The \fBqueue-balance\fP option was added in Linux 2.6.31, 10*a71a9546SAutomerger Merge Worker\fBqueue-bypass\fP in 2.6.39. 11*a71a9546SAutomerger Merge Worker.TP 12*a71a9546SAutomerger Merge Worker\fB\-\-queue\-num\fP \fIvalue\fP 13*a71a9546SAutomerger Merge WorkerThis specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0. 14*a71a9546SAutomerger Merge Worker.PP 15*a71a9546SAutomerger Merge Worker.TP 16*a71a9546SAutomerger Merge Worker\fB\-\-queue\-balance\fP \fIvalue\fP\fB:\fP\fIvalue\fP 17*a71a9546SAutomerger Merge WorkerThis specifies a range of queues to use. Packets are then balanced across the given queues. 18*a71a9546SAutomerger Merge WorkerThis is useful for multicore systems: start multiple instances of the userspace program on 19*a71a9546SAutomerger Merge Workerqueues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP". 20*a71a9546SAutomerger Merge WorkerPackets belonging to the same connection are put into the same nfqueue. 21*a71a9546SAutomerger Merge WorkerDue to implementation details, a lower range value of 0 limits the higher range 22*a71a9546SAutomerger Merge Workervalue to 65534, i.e. one can only balance between at most 65535 queues. 23*a71a9546SAutomerger Merge Worker.PP 24*a71a9546SAutomerger Merge Worker.TP 25*a71a9546SAutomerger Merge Worker\fB\-\-queue\-bypass\fP 26*a71a9546SAutomerger Merge WorkerBy default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued 27*a71a9546SAutomerger Merge Workerare dropped. When this option is used, the NFQUEUE rule behaves like ACCEPT instead, and the packet 28*a71a9546SAutomerger Merge Workerwill move on to the next table. 29*a71a9546SAutomerger Merge Worker.PP 30*a71a9546SAutomerger Merge Worker.TP 31*a71a9546SAutomerger Merge Worker\fB\-\-queue\-cpu-fanout\fP 32*a71a9546SAutomerger Merge WorkerAvailable starting Linux kernel 3.10. When used together with 33*a71a9546SAutomerger Merge Worker\fB--queue-balance\fP this will use the CPU ID as an index to map packets to 34*a71a9546SAutomerger Merge Workerthe queues. The idea is that you can improve performance if there's a queue 35*a71a9546SAutomerger Merge Workerper CPU. This requires \fB--queue-balance\fP to be specified. 36