1IPQ_SET_VERDICT(3) Linux Programmer's Manual IPQ_SET_VERDICT(3)
2
6 ipq_set_verdict — issue verdict and optionally modified packet to ker‐
7 nel
8
10 #include <linux/netfilter.h>
11 #include <libipq.h>
12 int ipq_set_verdict(const struct ipq_handle *h, ipq_id_t id, unsigned
14 int verdict, size_t data_len, unsigned char *buf);
15
17 The ipq_set_verdict function issues a verdict on a packet previously
18 obtained with ipq_read, specifing the intended disposition of the
19 packet, and optionally supplying a modified version of the payload
20 data.
21 The h parameter is a context handle which must previously have been
23 returned successfully from a call to ipq_create_handle.
24 The id parameter is the packet identifier obtained via ipq_get_packet.
26 The verdict parameter must be one of:
28 NF_ACCEPT
30 Accept the packet and continue traversal within the kernel.
31 NF_DROP
33 Drop the packet.
34 NF_QUEUE
36 Requeue the packet.
37 NF_STOLEN and NF_REPEAT are kernel-internal constants and should not be
39 used from userspace as their exact side effects have not been investi‐
40 gated.
41 The data_len parameter is the length of the data pointed to by buf, the
43 optional replacement payload data.
44 If simply setting a verdict without modifying the payload data, use
46 zero for data_len and NULL for buf.
47 The application is responsible for recalculating any packet checksums
49 when modifying packets.
50
52 On failure, -1 is returned.
53 On success, a non-zero positive value is returned.
54
56 On error, a descriptive error message will be available via the
57 ipq_errstr function.
58
60 None known.
61
63 James Morris <jmorris@intercode.com.au>
64
66 Copyright (c) 2000-2001 Netfilter Core Team.
67 Distributed under the GNU General Public License.
69
71 iptables(8), libipq(3).
72Linux iptables 1.2 16 October 2001 IPQ_SET_VERDICT(3)