IPQ_SET_VERDICT
Section: Linux Programmer's Manual (3)
Updated: 16 October 2001
Page Index
NAME
ipq_set_verdict --- issue verdict and optionally modified packet to kernel
SYNOPSIS
#include <linux/netfilter.h>
#include <libipq.h>
int ipq_set_verdict(const struct ipq_handle *h, ipq_id_t id, unsigned int verdict, size_t data_len, unsigned char *buf);
DESCRIPTION
The
ipq_set_verdict
function issues a verdict on a packet previously obtained with
ipq_read,
specifing the intended disposition of the packet, and optionally
supplying a modified version of the payload data.
The
h
parameter is a context handle which must previously have been returned
successfully from a call to
ipq_create_handle.
The
id
parameter is the packet identifier obtained via
ipq_get_packet.
The
verdict
parameter must be one of:
- NF_ACCEPT
-
Accept the packet and continue traversal within the kernel.
- NF_DROP
-
Drop the packet.
- NF_QUEUE
-
Requeue the packet.
NF_STOLEN and NF_REPEAT are kernel-internal constants and should
not be used from userspace as their exact side effects have not been
investigated.
The
data_len
parameter is the length of the data pointed to
by
buf,
the optional replacement payload data.
If simply setting a verdict without modifying the payload data, use zero
for
data_len
and NULL for
buf.
The application is responsible for recalculating any packet checksums
when modifying packets.
RETURN VALUE
On failure, -1 is returned.
On success, a non-zero positive value is returned.
ERRORS
On error, a descriptive error message will be available
via the
ipq_errstr
function.
BUGS
None known.
AUTHOR
James Morris <
jmorris@intercode.com.au>
COPYRIGHT
Copyright (c) 2000-2001 Netfilter Core Team.
Distributed under the GNU General Public License.
SEE ALSO
iptables(8),
libipq(3).