一 安装库
# yum install iptables-devel

二 加载
# modprobe iptable_filter
# modprobe ip_queue

三 将出去的icmp送到应用层
# iptables -A OUTPUT -p icmp -j QUEUE


四 应用层实例代码---test.c---------------
#if 1
/*
 * This code is GPL.
 */
#include arpa/inet.h        //自己添加尖括号
#include linux/netfilter.h  //自己添加尖括号
#include libipq.h            //自己添加尖括号
#include stdio.h            //自己添加尖括号

#define BUFSIZE 2048

static void die(struct ipq_handle *h) {
    ipq_perror("passer");
    ipq_destroy_handle(h);
    exit(1);
}
int main(int argc, char **argv) {
    int status;
    unsigned char buf[BUFSIZE];
    struct ipq_handle *h;

    h = ipq_create_handle(0, NFPROTO_IPV4);
    if (!h)
        die(h);

    status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
    if (status < 0)
        die(h);

    do {
        status = ipq_read(h, buf, BUFSIZE, 0);
        if (status < 0)
            die(h);
        switch (ipq_message_type(buf)) {
        case NLMSG_ERROR:
            fprintf(stderr, "Received error message %d\n", ipq_get_msgerr(buf));
            break;

        case IPQM_PACKET: {

            fprintf(stderr, "Received  message\n");
            ipq_packet_msg_t *m = ipq_get_packet(buf);
            int i;
            for (i=0; i<20;i++)
            {
                   fprintf(stderr, "%x ", m->payload[i]);
            }            
status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);
            if (status < 0)
                die(h);
            break;
        }

        default:
            fprintf(stderr, "Unknown message type!\n");
            break;
        }
    } while (1);

    ipq_destroy_handle(h);
    return 0;
}
#endif

五 ------------编译代码-----------
 gcc test.c  -lipq


六 ------------测试程序------------
打开2个命令行窗口
A窗口：  ./a.out
B窗口：ping 114.114.114.114