ipq_set_verdict (3) - Linux Manuals

ipq_set_verdict: issue verdict and optionally modified packet to kernel

NAME

ipq_set_verdict --- issue verdict and optionally modified packet to kernel

SYNOPSIS

#include <linux/netfilter.h>
#include <libipq.h>

int ipq_set_verdict(const struct ipq_handle *h, ipq_id_t id, unsigned int verdict, size_t data_len, unsigned char *buf);

DESCRIPTION

The ipq_set_verdict function issues a verdict on a packet previously obtained with ipq_read, specifing the intended disposition of the packet, and optionally supplying a modified version of the payload data.

The h parameter is a context handle which must previously have been returned successfully from a call to ipq_create_handle.

The id parameter is the packet identifier obtained via ipq_get_packet.

The verdict parameter must be one of:

NF_ACCEPT
Accept the packet and continue traversal within the kernel.
NF_DROP
Drop the packet.
NF_QUEUE
Requeue the packet.

NF_STOLEN and NF_REPEAT are kernel-internal constants and should not be used from userspace as their exact side effects have not been investigated.

The data_len parameter is the length of the data pointed to by buf, the optional replacement payload data.

If simply setting a verdict without modifying the payload data, use zero for data_len and NULL for buf.

The application is responsible for recalculating any packet checksums when modifying packets.

RETURN VALUE

On failure, -1 is returned.
On success, a non-zero positive value is returned.

ERRORS

On error, a descriptive error message will be available via the ipq_errstr function.

BUGS

None known.

AUTHOR

James Morris <jmorris [at] intercode.com.au>

COPYRIGHT

Copyright (c) 2000-2001 Netfilter Core Team.

Distributed under the GNU General Public License.

SEE ALSO

iptables(8), libipq(3).