Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
ipq_set_verdict.3 2.73 KB
Newer Older
Arturo Borrero Gonzalez's avatar
Imported Upstream version 1.4.21  
Arturo Borrero Gonzalez committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32 
.TH IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" 
.\"
.\"     Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\"     This program is free software; you can redistribute it and/or modify
.\"     it under the terms of the GNU General Public License as published by
.\"     the Free Software Foundation; either version 2 of the License, or
.\"     (at your option) any later version.
.\"
.\"     This program is distributed in the hope that it will be useful,
.\"     but WITHOUT ANY WARRANTY; without even the implied warranty of
.\"     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\"     GNU General Public License for more details.
.\"
.\"     You should have received a copy of the GNU General Public License
.\"     along with this program; if not, write to the Free Software
.\"     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\"
.SH NAME
ipq_set_verdict \(em issue verdict and optionally modified packet to kernel
.SH SYNOPSIS
.B #include <linux/netfilter.h>
.br
.B #include <libipq.h>
.sp
.BI "int ipq_set_verdict(const struct ipq_handle *" h ", ipq_id_t " id ", unsigned int " verdict ", size_t " data_len ", unsigned char *" buf ");"
.SH DESCRIPTION
The
.B ipq_set_verdict
function issues a verdict on a packet previously obtained with
.BR ipq_read ,
Arturo Borrero Gonzalez's avatar
New upstream version 1.8.5    
Arturo Borrero Gonzalez committed
33 
specifying the intended disposition of the packet, and optionally
Arturo Borrero Gonzalez's avatar
Imported Upstream version 1.4.21  
Arturo Borrero Gonzalez committed
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100 
supplying a modified version of the payload data.
.PP
The
.I h
parameter is a context handle which must previously have been returned 
successfully from a call to
.BR ipq_create_handle .
.PP
The
.I id
parameter is the packet identifier obtained via
.BR ipq_get_packet .
.PP
The
.I verdict
parameter must be one of:
.TP
.B NF_ACCEPT
Accept the packet and continue traversal within the kernel.
.br
.TP
.B NF_DROP
Drop the packet.
.TP
\fBNF_QUEUE\fP
Requeue the packet.
.PP
\fBNF_STOLEN\fP and \fBNF_REPEAT\fP are kernel-internal constants and should
not be used from userspace as their exact side effects have not been
investigated.
.PP
The
.I data_len
parameter is the length of the data pointed to
by
.IR buf ,
the optional replacement payload data.
.PP
If simply setting a verdict without modifying the payload data, use zero
for
.I data_len
and NULL for
.IR buf .
.PP
The application is responsible for recalculating any packet checksums
when modifying packets.
.SH RETURN VALUE
On failure, \-1 is returned.
.br
On success, a non-zero positive value is returned.
.SH ERRORS
On error, a descriptive error message will be available
via the
.B ipq_errstr
function.
.SH BUGS
None known.
.SH AUTHOR
James Morris <jmorris@intercode.com.au>
.SH COPYRIGHT
Copyright (c) 2000-2001 Netfilter Core Team.
.PP
Distributed under the GNU General Public License.
.SH SEE ALSO
.BR iptables (8),
.BR libipq (3).