[netfilter-cvslog] r4160 - in trunk/iptables: . extensions

laforge at netfilter.org laforge at netfilter.org
Thu Jul 28 17:24:03 CEST 2005


Author: laforge at netfilter.org
Date: 2005-07-28 17:24:02 +0200 (Thu, 28 Jul 2005)
New Revision: 4160

Added:
   trunk/iptables/extensions/libip6t_NFQUEUE.man
   trunk/iptables/extensions/libipt_NFQUEUE.man
Modified:
   trunk/iptables/ip6tables.8.in
   trunk/iptables/iptables.8.in
Log:
update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes


Added: trunk/iptables/extensions/libip6t_NFQUEUE.man
===================================================================
--- trunk/iptables/extensions/libip6t_NFQUEUE.man	2005-07-27 19:35:41 UTC (rev 4159)
+++ trunk/iptables/extensions/libip6t_NFQUEUE.man	2005-07-28 15:24:02 UTC (rev 4160)
@@ -0,0 +1,9 @@
+This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
+you to put a packet into any specific queue, identified by its 16-bit queue
+number.  
+.TP
+It can only be used with Kernel versions 2.6.14 or later, since it requires
+the
+.B
+nfnetlink_queue
+kernel support.

Added: trunk/iptables/extensions/libipt_NFQUEUE.man
===================================================================
--- trunk/iptables/extensions/libipt_NFQUEUE.man	2005-07-27 19:35:41 UTC (rev 4159)
+++ trunk/iptables/extensions/libipt_NFQUEUE.man	2005-07-28 15:24:02 UTC (rev 4160)
@@ -0,0 +1,9 @@
+This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
+you to put a packet into any specific queue, identified by its 16-bit queue
+number.  
+.TP
+It can only be used with Kernel versions 2.6.14 or later, since it requires
+the
+.B
+nfnetlink_queue
+kernel support.

Modified: trunk/iptables/ip6tables.8.in
===================================================================
--- trunk/iptables/ip6tables.8.in	2005-07-27 19:35:41 UTC (rev 4159)
+++ trunk/iptables/ip6tables.8.in	2005-07-28 15:24:02 UTC (rev 4160)
@@ -73,7 +73,19 @@
 .I DROP
 means to drop the packet on the floor.
 .I QUEUE
-means to pass the packet to userspace (if supported by the kernel).
+means to pass the packet to userspace.  (How the packet can be received
+by a userspace process differs by the particular queue handler.  2.4.x
+and 2.6.x kernels up to 2.6.13 include the 
+.B
+ip_queue
+queue handler.  Kernels 2.6.14 and later additionally include the 
+.B
+nfnetlink_queue
+queue handler.  Packets with a target of QUEUE will be sent to queue number '0'
+in this case. Please also see the
+.B
+NFQUEUE
+target as described later in this man page.)
 .I RETURN
 means stop traversing this chain and resume at the next rule in the
 previous (calling) chain.  If the end of a built-in chain is reached
@@ -426,7 +438,8 @@
 .BR ip6tables-restore(8),
 .BR iptables (8),
 .BR iptables-save (8),
-.BR iptables-restore (8).
+.BR iptables-restore (8),
+.BR libipq (3).
 .P
 The packet-filtering-HOWTO details iptables usage for
 packet filtering, the NAT-HOWTO details NAT,
@@ -448,7 +461,7 @@
 .PP
 Jozsef Kadlecsik wrote the REJECT target.
 .PP
-Harald Welte wrote the ULOG target, TTL match+target and libipulog.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, aswell as TTL match+target and libipulog.
 .PP
 The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef Kadlecsik,
 James Morris, Harald Welte and Rusty Russell.

Modified: trunk/iptables/iptables.8.in
===================================================================
--- trunk/iptables/iptables.8.in	2005-07-27 19:35:41 UTC (rev 4159)
+++ trunk/iptables/iptables.8.in	2005-07-28 15:24:02 UTC (rev 4160)
@@ -71,7 +71,19 @@
 .I DROP
 means to drop the packet on the floor.
 .I QUEUE
-means to pass the packet to userspace (if supported by the kernel).
+means to pass the packet to userspace.  (How the packet can be received
+by a userspace process differs by the particular queue handler.  2.4.x
+and 2.6.x kernels up to 2.6.13 include the 
+.B
+ip_queue
+queue handler.  Kernels 2.6.14 and later additionally include the 
+.B
+nfnetlink_queue
+queue handler.  Packets with a target of QUEUE will be sent to queue number '0'
+in this case. Please also see the
+.B
+NFQUEUE
+target as described later in this man page.)
 .I RETURN
 means stop traversing this chain and resume at the next rule in the
 previous (calling) chain.  If the end of a built-in chain is reached
@@ -440,7 +452,8 @@
 .BR iptables-restore (8),
 .BR ip6tables (8),
 .BR ip6tables-save (8),
-.BR ip6tables-restore (8).
+.BR ip6tables-restore (8),
+.BR libipq (3).
 .P
 The packet-filtering-HOWTO details iptables usage for
 packet filtering, the NAT-HOWTO details NAT,
@@ -451,7 +464,7 @@
 See
 .BR "http://www.netfilter.org/" .
 .SH AUTHORS
-Rusty Russell wrote iptables, in early consultation with Michael
+Rusty Russell originally wrote iptables, in early consultation with Michael
 Neuling.
 .PP
 Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet
@@ -462,12 +475,12 @@
 .PP
 Jozsef Kadlecsik wrote the REJECT target.
 .PP
-Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as the TTL, DSCP, ECN matches and targets.
 .PP
 The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, 
 Patrick McHardy, James Morris, Harald Welte and Rusty Russell.
 .PP
-Man page written by Herve Eychenne <rv at wallfire.org>.
+Man page originally written by Herve Eychenne <rv at wallfire.org>.
 .\" .. and did I mention that we are incredibly cool people?
 .\" .. sexy, too ..
 .\" .. witty, charming, powerful ..




More information about the netfilter-cvslog mailing list