| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- .TH IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
- .\"
- .\" Copyright (c) 2000-2001 Netfilter Core Team
- .\"
- .\" This program is free software; you can redistribute it and/or modify
- .\" it under the terms of the GNU General Public License as published by
- .\" the Free Software Foundation; either version 2 of the License, or
- .\" (at your option) any later version.
- .\"
- .\" This program is distributed in the hope that it will be useful,
- .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
- .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- .\" GNU General Public License for more details.
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
- .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- .\"
- .\"
- .SH NAME
- ipq_set_verdict \(em issue verdict and optionally modified packet to kernel
- .SH SYNOPSIS
- .B #include <linux/netfilter.h>
- .br
- .B #include <libipq.h>
- .sp
- .BI "int ipq_set_verdict(const struct ipq_handle *" h ", ipq_id_t " id ", unsigned int " verdict ", size_t " data_len ", unsigned char *" buf ");"
- .SH DESCRIPTION
- The
- .B ipq_set_verdict
- function issues a verdict on a packet previously obtained with
- .BR ipq_read ,
- specifing the intended disposition of the packet, and optionally
- supplying a modified version of the payload data.
- .PP
- The
- .I h
- parameter is a context handle which must previously have been returned
- successfully from a call to
- .BR ipq_create_handle .
- .PP
- The
- .I id
- parameter is the packet identifier obtained via
- .BR ipq_get_packet .
- .PP
- The
- .I verdict
- parameter must be one of:
- .TP
- .B NF_ACCEPT
- Accept the packet and continue traversal within the kernel.
- .br
- .TP
- .B NF_DROP
- Drop the packet.
- .TP
- \fBNF_QUEUE\fP
- Requeue the packet.
- .PP
- \fBNF_STOLEN\fP and \fBNF_REPEAT\fP are kernel-internal constants and should
- not be used from userspace as their exact side effects have not been
- investigated.
- .PP
- The
- .I data_len
- parameter is the length of the data pointed to
- by
- .IR buf ,
- the optional replacement payload data.
- .PP
- If simply setting a verdict without modifying the payload data, use zero
- for
- .I data_len
- and NULL for
- .IR buf .
- .PP
- The application is responsible for recalculating any packet checksums
- when modifying packets.
- .SH RETURN VALUE
- On failure, \-1 is returned.
- .br
- On success, a non-zero positive value is returned.
- .SH ERRORS
- On error, a descriptive error message will be available
- via the
- .B ipq_errstr
- function.
- .SH BUGS
- None known.
- .SH AUTHOR
- James Morris <jmorris@intercode.com.au>
- .SH COPYRIGHT
- Copyright (c) 2000-2001 Netfilter Core Team.
- .PP
- Distributed under the GNU General Public License.
- .SH SEE ALSO
- .BR iptables (8),
- .BR libipq (3).
|
