libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that deprecates the old ip_queue / libipq mechanism.
libnetfilter_queue homepage is: http://netfilter.org/projects/libnetfilter_queue/
libnetfilter_queue requires libnfnetlink and a kernel that includes the nfnetlink_queue subsystem (i.e. 2.6.14 or later).
The current development version of libnetfilter_queue can be accessed at https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_queue.git;a=summary.
You need the CAP_NET_ADMIN capability in order to allow your application to receive from and to send packets to kernel-space.
To write your own program using libnetfilter_queue, you should start by reading the doxygen documentation (start by LibrarySetup page) and nfqnl_test.c source file.
recv() may return -1 and errno is set to ENOBUFS in case that your application is not fast enough to retrieve the packets from the kernel. In that case, you can increase the socket buffer size by means of nfnl_rcvbufsiz(). Although this delays ENOBUFS errors, you may hit it again sooner or later. The next section provides some hints on how to obtain the best performance for your application.
To improve your libnetfilter_queue application in terms of performance, you may consider the following tweaks:
1.7.1