netfilter: ipv4: propagate routing errors from ip_route_me_harder() - linux-dev - Linux kernel development work

diff options

author	Patrick McHardy <kaber@trash.net>	2013-04-05 06:41:10 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-04-08 12:34:00 +0200
commit	c9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9 (patch)
tree	7a7b6de83f82c9bbad878c3ead23dd2ad4b59c32 /net/ipv6/netfilter.c
parent	scm: Stop passing struct cred (diff)
download	linux-dev-c9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9.tar.xz linux-dev-c9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9.zip

netfilter: ipv4: propagate routing errors from ip_route_me_harder()

Propagate routing errors from ip_route_me_harder() when dropping a packet using NF_DROP_ERR(). This makes userspace get the proper error instead of EPERM for everything. Example: # ip r a unreachable default table 100 # ip ru add fwmark 0x1 lookup 100 # iptables -t mangle -A OUTPUT -d 8.8.8.8 -j MARK --set-mark 0x1 Current behaviour: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted New behaviour: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ping: sendmsg: Network is unreachable ping: sendmsg: Network is unreachable ping: sendmsg: Network is unreachable ping: sendmsg: Network is unreachable Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/ipv6/netfilter.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: