diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2016-10-10 23:02:51 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-10-10 23:02:51 -0400 |
| commit | 3873691e5ab34fa26948643d038a2b98c4437298 (patch) | |
| tree | 5327469194c2167830bce38b56a618b754cdbeea /net/ipv4/netfilter/nft_chain_route_ipv4.c | |
| parent | c2050a454c7f123d7a57fa1d76ff61bd43643abb (diff) | |
| parent | aadfa8019e8114539cfa0b1eb2e5a9c83094a590 (diff) | |
Merge remote-tracking branch 'ovl/rename2' into for-linus
Diffstat (limited to 'net/ipv4/netfilter/nft_chain_route_ipv4.c')
| -rw-r--r-- | net/ipv4/netfilter/nft_chain_route_ipv4.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/nft_chain_route_ipv4.c b/net/ipv4/netfilter/nft_chain_route_ipv4.c index 2375b0a8be46..30493beb611a 100644 --- a/net/ipv4/netfilter/nft_chain_route_ipv4.c +++ b/net/ipv4/netfilter/nft_chain_route_ipv4.c @@ -31,6 +31,7 @@ static unsigned int nf_route_table_hook(void *priv, __be32 saddr, daddr; u_int8_t tos; const struct iphdr *iph; + int err; /* root is playing with raw sockets. */ if (skb->len < sizeof(struct iphdr) || @@ -46,15 +47,17 @@ static unsigned int nf_route_table_hook(void *priv, tos = iph->tos; ret = nft_do_chain(&pkt, priv); - if (ret != NF_DROP && ret != NF_QUEUE) { + if (ret != NF_DROP && ret != NF_STOLEN) { iph = ip_hdr(skb); if (iph->saddr != saddr || iph->daddr != daddr || skb->mark != mark || - iph->tos != tos) - if (ip_route_me_harder(state->net, skb, RTN_UNSPEC)) - ret = NF_DROP; + iph->tos != tos) { + err = ip_route_me_harder(state->net, skb, RTN_UNSPEC); + if (err < 0) + ret = NF_DROP_ERR(err); + } } return ret; } |