| .TH IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" |
| .\" |
| .\" Copyright (c) 2000-2001 Netfilter Core Team |
| .\" |
| .\" This program is free software; you can redistribute it and/or modify |
| .\" it under the terms of the GNU General Public License as published by |
| .\" the Free Software Foundation; either version 2 of the License, or |
| .\" (at your option) any later version. |
| .\" |
| .\" This program is distributed in the hope that it will be useful, |
| .\" but WITHOUT ANY WARRANTY; without even the implied warranty of |
| .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| .\" GNU General Public License for more details. |
| .\" |
| .\" You should have received a copy of the GNU General Public License |
| .\" along with this program; if not, write to the Free Software |
| .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| .\" |
| .\" |
| .SH NAME |
| ipq_set_verdict \(em issue verdict and optionally modified packet to kernel |
| .SH SYNOPSIS |
| .B #include <linux/netfilter.h> |
| .br |
| .B #include <libipq.h> |
| .sp |
| .BI "int ipq_set_verdict(const struct ipq_handle *" h ", ipq_id_t " id ", unsigned int " verdict ", size_t " data_len ", unsigned char *" buf ");" |
| .SH DESCRIPTION |
| The |
| .B ipq_set_verdict |
| function issues a verdict on a packet previously obtained with |
| .BR ipq_read , |
| specifying the intended disposition of the packet, and optionally |
| supplying a modified version of the payload data. |
| .PP |
| The |
| .I h |
| parameter is a context handle which must previously have been returned |
| successfully from a call to |
| .BR ipq_create_handle . |
| .PP |
| The |
| .I id |
| parameter is the packet identifier obtained via |
| .BR ipq_get_packet . |
| .PP |
| The |
| .I verdict |
| parameter must be one of: |
| .TP |
| .B NF_ACCEPT |
| Accept the packet and continue traversal within the kernel. |
| .br |
| .TP |
| .B NF_DROP |
| Drop the packet. |
| .TP |
| \fBNF_QUEUE\fP |
| Requeue the packet. |
| .PP |
| \fBNF_STOLEN\fP and \fBNF_REPEAT\fP are kernel-internal constants and should |
| not be used from userspace as their exact side effects have not been |
| investigated. |
| .PP |
| The |
| .I data_len |
| parameter is the length of the data pointed to |
| by |
| .IR buf , |
| the optional replacement payload data. |
| .PP |
| If simply setting a verdict without modifying the payload data, use zero |
| for |
| .I data_len |
| and NULL for |
| .IR buf . |
| .PP |
| The application is responsible for recalculating any packet checksums |
| when modifying packets. |
| .SH RETURN VALUE |
| On failure, \-1 is returned. |
| .br |
| On success, a non-zero positive value is returned. |
| .SH ERRORS |
| On error, a descriptive error message will be available |
| via the |
| .B ipq_errstr |
| function. |
| .SH BUGS |
| None known. |
| .SH AUTHOR |
| James Morris <jmorris@intercode.com.au> |
| .SH COPYRIGHT |
| Copyright (c) 2000-2001 Netfilter Core Team. |
| .PP |
| Distributed under the GNU General Public License. |
| .SH SEE ALSO |
| .BR iptables (8), |
| .BR libipq (3). |
| |