1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the PACKAGE package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: PACKAGE VERSION\n"
10 "POT-Creation-Date: 2013-04-08 14:07+0900\n"
11 "PO-Revision-Date: 2013-04-08 14:30+0900\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
26 msgid "16 October 2001"
31 msgid "Linux iptables 1.2"
36 msgid "Linux Programmer's Manual"
43 #. Copyright (c) 2000-2001 Netfilter Core Team
44 #. This program is free software; you can redistribute it and/or modify
45 #. it under the terms of the GNU General Public License as published by
46 #. the Free Software Foundation; either version 2 of the License, or
47 #. (at your option) any later version.
48 #. This program is distributed in the hope that it will be useful,
49 #. but WITHOUT ANY WARRANTY; without even the implied warranty of
50 #. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
51 #. GNU General Public License for more details.
52 #. You should have received a copy of the GNU General Public License
53 #. along with this program; if not, write to the Free Software
54 #. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
61 msgid "libipq \\(em iptables userspace packet queuing library."
70 msgid "B<#include E<lt>linux/netfilter.hE<gt>>"
74 msgid "B<#include E<lt>libipq.hE<gt>>"
83 msgid "libipq is a development library for iptables userspace packet queuing."
88 msgid "Userspace Packet Queuing"
92 msgid "Netfilter provides a mechanism for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel."
96 msgid "For each supported protocol, a kernel module called a I<queue handler> may register with Netfilter to perform the mechanics of passing packets to and from userspace."
100 msgid "The standard queue handler for IPv4 is ip_queue. It is provided as an experimental module with 2.4 kernels, and uses a Netlink socket for kernel/userspace communication."
104 msgid "Once ip_queue is loaded, IP packets may be selected with iptables and queued for userspace processing via the QUEUE target. For example, running the following commands:"
108 msgid " # modprobe iptable_filter"
112 msgid " # modprobe ip_queue"
116 msgid " # iptables -A OUTPUT -p icmp -j QUEUE"
120 msgid "will cause any locally generated ICMP packets (e.g. ping output) to be sent to the ip_queue module, which will then attempt to deliver the packets to a userspace application. If no userspace application is waiting, the packets will be dropped"
124 msgid "An application may receive and process these packets via libipq."
129 msgid "Libipq Overview"
133 msgid "Libipq provides an API for communicating with ip_queue. The following is an overview of API usage, refer to individual man pages for more details on each function."
137 msgid "B<Initialisation>"
141 msgid "To initialise the library, call B<ipq_create_handle>(3). This will attempt to bind to the Netlink socket used by ip_queue and return an opaque context handle for subsequent library calls."
145 msgid "B<Setting the Queue Mode>"
149 msgid "B<ipq_set_mode>(3) allows the application to specify whether packet metadata, or packet payloads as well as metadata are copied to userspace. It is also used to initially notify ip_queue that an application is ready to receive queue messages."
153 msgid "B<Receiving Packets from the Queue>"
157 msgid "B<ipq_read>(3) waits for queue messages to arrive from ip_queue and copies them into a supplied buffer. Queue messages may be I<packet messages> or I<error messages.>"
161 msgid "The type of packet may be determined with B<ipq_message_type>(3)."
165 msgid "If it's a packet message, the metadata and optional payload may be retrieved with B<ipq_get_packet>(3)."
169 msgid "To retrieve the value of an error message, use B<ipq_get_msgerr>(3)."
173 msgid "B<Issuing Verdicts on Packets>"
177 msgid "To issue a verdict on a packet, and optionally return a modified version of the packet to the kernel, call B<ipq_set_verdict>(3)."
181 msgid "B<Error Handling>"
185 msgid "An error string corresponding to the current value of the internal error variable B<ipq_errno> may be obtained with B<ipq_errstr>(3)."
189 msgid "For simple applications, calling B<ipq_perror>(3) will print the same message as B<ipq_errstr>(3), as well as the string corresponding to the global B<errno> value (if set) to stderr."
193 msgid "B<Cleaning Up>"
197 msgid "To free up the Netlink socket and destroy resources associated with the context handle, call B<ipq_destroy_handle>(3)."
207 msgid "B<ipq_create_handle>(3)"
211 msgid "Initialise library, return context handle."
216 msgid "B<ipq_set_mode>(3)"
220 msgid "Set the queue mode, to copy either packet metadata, or payloads as well as metadata to userspace."
225 msgid "B<ipq_read>(3)"
229 msgid "Wait for a queue message to arrive from ip_queue and read it into a buffer."
234 msgid "B<ipq_message_type>(3)"
238 msgid "Determine message type in the buffer."
243 msgid "B<ipq_get_packet>(3)"
247 msgid "Retrieve a packet message from the buffer."
252 msgid "B<ipq_get_msgerr>(3)"
256 msgid "Retrieve an error message from the buffer."
261 msgid "B<ipq_set_verdict>(3)"
265 msgid "Set a verdict on a packet, optionally replacing its contents."
270 msgid "B<ipq_errstr>(3)"
274 msgid "Return an error message corresponding to the internal ipq_errno variable."
279 msgid "B<ipq_perror>(3)"
283 msgid "Helper function to print error messages to stderr."
288 msgid "B<ipq_destroy_handle>(3)"
292 msgid "Destroy context handle and associated resources."
301 msgid "The following is an example of a simple application which receives packets and issues NF_ACCEPT verdicts on each packet."
308 " * This code is GPL.\n"
310 "#include E<lt>linux/netfilter.hE<gt>\n"
311 "#include E<lt>libipq.hE<gt>\n"
312 "#include E<lt>stdio.hE<gt>\n"
317 msgid "#define BUFSIZE 2048 \n"
323 "static void die(struct ipq_handle *h)\n"
325 "\tipq_perror(\"passer\");\n"
326 "\tipq_destroy_handle(h);\n"
334 "int main(int argc, char **argv)\n"
337 "\tunsigned char buf[BUFSIZE];\n"
338 "\tstruct ipq_handle *h;\n"
340 "\th = ipq_create_handle(0, NFPROTO_IPV4);\n"
344 "\tstatus = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);\n"
345 "\tif (status E<lt> 0)\n"
349 "\t\tstatus = ipq_read(h, buf, BUFSIZE, 0);\n"
350 "\t\tif (status E<lt> 0)\n"
353 "\t\tswitch (ipq_message_type(buf)) {\n"
354 "\t\t\tcase NLMSG_ERROR:\n"
355 "\t\t\t\tfprintf(stderr, \"Received error message %d\\en\",\n"
356 "\t\t\t\t ipq_get_msgerr(buf));\n"
359 "\t\t\tcase IPQM_PACKET: {\n"
360 "\t\t\t\tipq_packet_msg_t *m = ipq_get_packet(buf);\n"
362 "\t\t\t\tstatus = ipq_set_verdict(h, m-E<gt>packet_id,\n"
363 "\t\t\t\t NF_ACCEPT, 0, NULL);\n"
364 "\t\t\t\tif (status E<lt> 0)\n"
365 "\t\t\t\t\tdie(h);\n"
370 "\t\t\t\tfprintf(stderr, \"Unknown message type!\\en\");\n"
375 "\tipq_destroy_handle(h);\n"
381 msgid "Pointers to more libipq application examples may be found in The Netfilter FAQ."
390 msgid "For information about monitoring and tuning ip_queue, refer to the Linux 2.4 Packet Filtering HOWTO."
394 msgid "If an application modifies a packet, it needs to also update any checksums for the packet. Typically, the kernel will silently discard modified packets with invalid checksums."
403 msgid "Processes require CAP_NET_ADMIN capabilty to access the kernel ip_queue module. Such processes can potentially access and modify any IP packets received, generated or forwarded by the kernel."
412 msgid "Per-handle B<ipq_errno> values."
430 msgid "James Morris E<lt>jmorris@intercode.com.auE<gt>"
439 msgid "Copyright (c) 2000-2001 Netfilter Core Team."
443 msgid "Distributed under the GNU General Public License."
452 msgid "Joost Remijn implemented the B<ipq_read> timeout feature, which appeared in the 1.2.4 release of iptables."
456 msgid "Fernando Anton added support for IPv6."
465 msgid "B<iptables>(8), B<ipq_create_handle>(3), B<ipq_destroy_handle>(3), B<ipq_errstr>(3), B<ipq_get_msgerr>(3), B<ipq_get_packet>(3), B<ipq_message_type>(3), B<ipq_perror>(3), B<ipq_read>(3), B<ipq_set_mode>(3), B<ipq_set_verdict>(3)."
469 msgid "The Netfilter home page at http://netfilter.samba.org/ which has links to The Networking Concepts HOWTO, The Linux 2.4 Packet Filtering HOWTO, The Linux 2.4 NAT HOWTO, The Netfilter Hacking HOWTO, The Netfilter FAQ and many other useful resources."