summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlessandro Vesely <vesely@tana.it>2010-05-10 16:54:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2010-05-10 16:54:37 +0200
commit8b173fbff19d57c35c4578643e12c2956d88639b (patch)
treebfebcaeeb02769038663ea7e0b4269454cbb1942
parent1d0c4aad0be092c8fd9cfe794ea41d5da1ce2ed7 (diff)
doc: document possible verdicts on packets and minor change in example
Signed-off-by: Alessandro Vessely <vesely@tana.it> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/libnetfilter_queue.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 7d0fb45..d4293d4 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -211,13 +211,22 @@ struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h)
* \verbatim
fd = nfq_fd(h);
- while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
+ while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
printf("pkt received\n");
nfq_handle_packet(h, buf, rv);
}
\endverbatim
* When the decision on a packet has been choosed, the verdict has to be given
- * by calling nfq_set_verdict() or nfq_set_verdict_mark().
+ * by calling nfq_set_verdict() or nfq_set_verdict_mark(). The verdict
+ * determines the destiny of the packet as follows:
+ *
+ * - NF_DROP discarded the packet
+ * - NF_ACCEPT the packet passes, continue iterations
+ * - NF_STOLEN gone away
+ * - NF_QUEUE inject the packet into a different queue
+ * (the target queue number is in the high 16 bits of the verdict)
+ * - NF_REPEAT iterate the same cycle once more
+ * - NF_STOP accept, but don't continue iterations
*
* Data and information about the packet can be fetch by using message parsing
* functions (See \link Parsing \endlink).