projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6b0ee8c) | patch
netfilter: ipv4: propagate routing errors from ip_route_me_harder()
authorPatrick McHardy <kaber@trash.net>
Fri, 5 Apr 2013 06:41:10 +0000 (06:41 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 8 Apr 2013 10:34:00 +0000 (12:34 +0200)
commitc9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9
tree7a7b6de83f82c9bbad878c3ead23dd2ad4b59c32tree | snapshot (tar.gz zip)
parent6b0ee8c036ecb3ac92e18e6ca0dca7bff88beaf0commit | diff
netfilter: ipv4: propagate routing errors from ip_route_me_harder()

Propagate routing errors from ip_route_me_harder() when dropping a packet
using NF_DROP_ERR(). This makes userspace get the proper error instead of
EPERM for everything.

Example:

# ip r a unreachable default table 100
# ip ru add fwmark 0x1 lookup 100
# iptables -t mangle -A OUTPUT -d 8.8.8.8 -j MARK --set-mark 0x1

Current behaviour:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

New behaviour:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter.c diff | blob | blame | history
net/ipv4/netfilter/iptable_mangle.c diff | blob | blame | history
net/ipv4/netfilter/iptable_nat.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)