From 8b173fbff19d57c35c4578643e12c2956d88639b Mon Sep 17 00:00:00 2001 From: Alessandro Vesely Date: Mon, 10 May 2010 16:54:37 +0200 Subject: doc: document possible verdicts on packets and minor change in example Signed-off-by: Alessandro Vessely Signed-off-by: Pablo Neira Ayuso --- src/libnetfilter_queue.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 7d0fb45..d4293d4 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -211,13 +211,22 @@ struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) * \verbatim fd = nfq_fd(h); - while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { + while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) { printf("pkt received\n"); nfq_handle_packet(h, buf, rv); } \endverbatim * When the decision on a packet has been choosed, the verdict has to be given - * by calling nfq_set_verdict() or nfq_set_verdict_mark(). + * by calling nfq_set_verdict() or nfq_set_verdict_mark(). The verdict + * determines the destiny of the packet as follows: + * + * - NF_DROP discarded the packet + * - NF_ACCEPT the packet passes, continue iterations + * - NF_STOLEN gone away + * - NF_QUEUE inject the packet into a different queue + * (the target queue number is in the high 16 bits of the verdict) + * - NF_REPEAT iterate the same cycle once more + * - NF_STOP accept, but don't continue iterations * * Data and information about the packet can be fetch by using message parsing * functions (See \link Parsing \endlink). -- cgit v1.2.3