libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. It is is part of a system that deprecates the old ip_queue / libipq mechanism.

libnetfilter_queue homepage is: http://netfilter.org/projects/libnetfilter_queue/


libnetfilter_queue requires libnfnetlink and a kernel that includes the nfnetlink_queue subsystem (i.e. 2.6.14 or later).



The current development version of libnetfilter_queue can be accessed at https://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_queue.git;a=summary.


You need the CAP_NET_ADMIN capability in order to allow your application to receive from and to send packets to kernel-space.


To write your own program using libnetfilter_queue, you should start by reading the doxygen documentation (start by LibrarySetup page) and nfqnl_test.c source file.

