Home | History | Annotate | Download | only in libipq
IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"

Copyright (c) 2000-2001 Netfilter Core Team

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


NAME
ipq_set_verdict \(em issue verdict and optionally modified packet to kernel
SYNOPSIS
#include <linux/netfilter.h> #include <libipq.h> "int ipq_set_verdict(const struct ipq_handle *" h ", ipq_id_t " id ", unsigned int " verdict ", size_t " data_len ", unsigned char *" buf ");"
DESCRIPTION
The ipq_set_verdict function issues a verdict on a packet previously obtained with ipq_read , specifing the intended disposition of the packet, and optionally supplying a modified version of the payload data.

The h parameter is a context handle which must previously have been returned successfully from a call to ipq_create_handle .

The id parameter is the packet identifier obtained via ipq_get_packet .

The verdict parameter must be one of:

NF_ACCEPT Accept the packet and continue traversal within the kernel.

NF_DROP Drop the packet.

NF_QUEUE Requeue the packet.

NF_STOLEN and NF_REPEAT are kernel-internal constants and should not be used from userspace as their exact side effects have not been investigated.

The data_len parameter is the length of the data pointed to by buf , the optional replacement payload data.

If simply setting a verdict without modifying the payload data, use zero for data_len and NULL for buf .

The application is responsible for recalculating any packet checksums when modifying packets.

RETURN VALUE
On failure, -1 is returned. On success, a non-zero positive value is returned.
ERRORS
On error, a descriptive error message will be available via the ipq_errstr function.
BUGS
None known.
AUTHOR
James Morris <jmorris (at] intercode.com.au>
COPYRIGHT
Copyright (c) 2000-2001 Netfilter Core Team.

Distributed under the GNU General Public License.

SEE ALSO
iptables (8), libipq (3).