diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-03-14 12:11:06 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-03-14 12:12:09 +0100 |
commit | 3b9f613680cbcf6efe7b5aac7da80c29a614c10b (patch) | |
tree | 5c24613dd8dfadb11e4e6df1330d310334e257ba /src | |
parent | 9efc1add771d9670e8e09cee74ab5c97f0c4c99f (diff) |
src: document NFQA_CFG_F_CONNTRACK flag
Suggested by Eric Leblond.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/libnetfilter_queue.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 55180a8..2894ccd 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -630,6 +630,15 @@ int nfq_set_mode(struct nfq_q_handle *qh, * \param mask specifies which flag bits to modify * \param flag bitmask of flags * + * Existing flags, that you may want to combine, are: + * + * - NFQA_CFG_F_FAIL_OPEN (requires Linux kernel >= 3.6): the kernel will + * accept the packets if the kernel queue gets full. If this flag is not + * set, the default action in this case is to drop packets. + * + * - NFQA_CFG_F_CONNTRACK (requires Linux kernel >= 3.6): the kernel will + * include the Connection Tracking system information. + * * Here's a little code snippet to show how to use this API: * \verbatim uint32_t flags = NFQA_CFG_F_FAIL_OPEN; @@ -643,11 +652,6 @@ int nfq_set_mode(struct nfq_q_handle *qh, err = nfq_set_queue_flags(qh, mask, flags); \endverbatim * - * If NFQA_CFG_F_FAIL_OPEN is used, the kernel will accept instead of - * drop packets that should have been enqueued to a full queue. This - * results in the system being able to handle high network load but at - * the depend of the control of the packets. - * * \return -1 on error with errno set appropriately; =0 otherwise. */ int nfq_set_queue_flags(struct nfq_q_handle *qh, |