|
Packit |
7b22a4 |
.TH IPQ_SET_VERDICT 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual"
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" Copyright (c) 2000-2001 Netfilter Core Team
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" This program is free software; you can redistribute it and/or modify
|
|
Packit |
7b22a4 |
.\" it under the terms of the GNU General Public License as published by
|
|
Packit |
7b22a4 |
.\" the Free Software Foundation; either version 2 of the License, or
|
|
Packit |
7b22a4 |
.\" (at your option) any later version.
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" This program is distributed in the hope that it will be useful,
|
|
Packit |
7b22a4 |
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
7b22a4 |
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
7b22a4 |
.\" GNU General Public License for more details.
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" You should have received a copy of the GNU General Public License
|
|
Packit |
7b22a4 |
.\" along with this program; if not, write to the Free Software
|
|
Packit |
7b22a4 |
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.SH NAME
|
|
Packit |
7b22a4 |
ipq_set_verdict \(em issue verdict and optionally modified packet to kernel
|
|
Packit |
7b22a4 |
.SH SYNOPSIS
|
|
Packit |
7b22a4 |
.B #include <linux/netfilter.h>
|
|
Packit |
7b22a4 |
.br
|
|
Packit |
7b22a4 |
.B #include <libipq.h>
|
|
Packit |
7b22a4 |
.sp
|
|
Packit |
7b22a4 |
.BI "int ipq_set_verdict(const struct ipq_handle *" h ", ipq_id_t " id ", unsigned int " verdict ", size_t " data_len ", unsigned char *" buf ");"
|
|
Packit |
7b22a4 |
.SH DESCRIPTION
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
.B ipq_set_verdict
|
|
Packit |
7b22a4 |
function issues a verdict on a packet previously obtained with
|
|
Packit |
7b22a4 |
.BR ipq_read ,
|
|
Packit |
7b22a4 |
specifing the intended disposition of the packet, and optionally
|
|
Packit |
7b22a4 |
supplying a modified version of the payload data.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
.I h
|
|
Packit |
7b22a4 |
parameter is a context handle which must previously have been returned
|
|
Packit |
7b22a4 |
successfully from a call to
|
|
Packit |
7b22a4 |
.BR ipq_create_handle .
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
.I id
|
|
Packit |
7b22a4 |
parameter is the packet identifier obtained via
|
|
Packit |
7b22a4 |
.BR ipq_get_packet .
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
.I verdict
|
|
Packit |
7b22a4 |
parameter must be one of:
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
.B NF_ACCEPT
|
|
Packit |
7b22a4 |
Accept the packet and continue traversal within the kernel.
|
|
Packit |
7b22a4 |
.br
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
.B NF_DROP
|
|
Packit |
7b22a4 |
Drop the packet.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fBNF_QUEUE\fP
|
|
Packit |
7b22a4 |
Requeue the packet.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
\fBNF_STOLEN\fP and \fBNF_REPEAT\fP are kernel-internal constants and should
|
|
Packit |
7b22a4 |
not be used from userspace as their exact side effects have not been
|
|
Packit |
7b22a4 |
investigated.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
The
|
|
Packit |
7b22a4 |
.I data_len
|
|
Packit |
7b22a4 |
parameter is the length of the data pointed to
|
|
Packit |
7b22a4 |
by
|
|
Packit |
7b22a4 |
.IR buf ,
|
|
Packit |
7b22a4 |
the optional replacement payload data.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
If simply setting a verdict without modifying the payload data, use zero
|
|
Packit |
7b22a4 |
for
|
|
Packit |
7b22a4 |
.I data_len
|
|
Packit |
7b22a4 |
and NULL for
|
|
Packit |
7b22a4 |
.IR buf .
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
The application is responsible for recalculating any packet checksums
|
|
Packit |
7b22a4 |
when modifying packets.
|
|
Packit |
7b22a4 |
.SH RETURN VALUE
|
|
Packit |
7b22a4 |
On failure, \-1 is returned.
|
|
Packit |
7b22a4 |
.br
|
|
Packit |
7b22a4 |
On success, a non-zero positive value is returned.
|
|
Packit |
7b22a4 |
.SH ERRORS
|
|
Packit |
7b22a4 |
On error, a descriptive error message will be available
|
|
Packit |
7b22a4 |
via the
|
|
Packit |
7b22a4 |
.B ipq_errstr
|
|
Packit |
7b22a4 |
function.
|
|
Packit |
7b22a4 |
.SH BUGS
|
|
Packit |
7b22a4 |
None known.
|
|
Packit |
7b22a4 |
.SH AUTHOR
|
|
Packit |
7b22a4 |
James Morris <jmorris@intercode.com.au>
|
|
Packit |
7b22a4 |
.SH COPYRIGHT
|
|
Packit |
7b22a4 |
Copyright (c) 2000-2001 Netfilter Core Team.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
Distributed under the GNU General Public License.
|
|
Packit |
7b22a4 |
.SH SEE ALSO
|
|
Packit |
7b22a4 |
.BR iptables (8),
|
|
Packit |
7b22a4 |
.BR libipq (3).
|
|
Packit |
7b22a4 |
|