diff options
author | Patrick McHardy <kaber@trash.net> | 2013-04-05 06:41:10 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-04-08 12:34:00 +0200 |
commit | c9e1673a0accf086dfce9b501d8bcb4ec6bbc1e9 (patch) | |
tree | 7a7b6de83f82c9bbad878c3ead23dd2ad4b59c32 /net/ipv6 | |
parent | 6b0ee8c036ecb3ac92e18e6ca0dca7bff88beaf0 (diff) |
netfilter: ipv4: propagate routing errors from ip_route_me_harder()
Propagate routing errors from ip_route_me_harder() when dropping a packet
using NF_DROP_ERR(). This makes userspace get the proper error instead of
EPERM for everything.
Example:
# ip r a unreachable default table 100
# ip ru add fwmark 0x1 lookup 100
# iptables -t mangle -A OUTPUT -d 8.8.8.8 -j MARK --set-mark 0x1
Current behaviour:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
New behaviour:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
0 files changed, 0 insertions, 0 deletions