doc: document possible verdicts on packets and minor change in example

Signed-off-by: Alessandro Vessely <vesely@tana.it>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 7d0fb454eb4822daa991b3bf4b52b39ef28a14a3..d4293d469a4d4d069263c33be27c92f3dbd6d12e 100644 (file)
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -211,13 +211,22 @@ struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h)
  * \verbatim
        fd = nfq_fd(h);
 
-       while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
+       while ((rv = recv(fd, buf, sizeof(buf), 0)) >= 0) {
                printf("pkt received\n");
                nfq_handle_packet(h, buf, rv);
        }
 \endverbatim
  * When the decision on a packet has been choosed, the verdict has to be given
- * by calling nfq_set_verdict() or nfq_set_verdict_mark().
+ * by calling nfq_set_verdict() or nfq_set_verdict_mark(). The verdict
+ * determines the destiny of the packet as follows:
+ *
+ *   - NF_DROP discarded the packet
+ *   - NF_ACCEPT the packet passes, continue iterations
+ *   - NF_STOLEN gone away
+ *   - NF_QUEUE inject the packet into a different queue
+ *     (the target queue number is in the high 16 bits of the verdict)
+ *   - NF_REPEAT iterate the same cycle once more
+ *   - NF_STOP accept, but don't continue iterations
  *
  * Data and information about the packet can be fetch by using message parsing
  * functions (See \link Parsing \endlink).