Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / c9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9
commitc9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9[log] [tgz]
authorPatrick McHardy <kaber@trash.net>Fri Apr 05 06:41:10 2013 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>Mon Apr 08 12:34:00 2013 +0200
tree7a7b6de83f82c9bbad878c3ead23dd2ad4b59c32
parent6b0ee8c036ecb3ac92e18e6ca0dca7bff88beaf0 [diff]
netfilter: ipv4: propagate routing errors from ip_route_me_harder()

Propagate routing errors from ip_route_me_harder() when dropping a packet
using NF_DROP_ERR(). This makes userspace get the proper error instead of
EPERM for everything.

Example:

# ip r a unreachable default table 100
# ip ru add fwmark 0x1 lookup 100
# iptables -t mangle -A OUTPUT -d 8.8.8.8 -j MARK --set-mark 0x1

Current behaviour:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

New behaviour:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3 files changed
tree: 7a7b6de83f82c9bbad878c3ead23dd2ad4b59c32
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS