Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

author: David S. Miller <davem@davemloft.net> 2016-09-23 06:46:57 -0400
committer: David S. Miller <davem@davemloft.net> 2016-09-23 06:46:57 -0400
commit: d6989d4bbe6c4d1c2a76696833a07f044e85694d (patch)
tree: 2d9a70d0feee4d4a20568be1b39a961fa0d27d81 /net/ipv4/netfilter
parent: 0364a8824c020f12e2d5e9fad963685b58f7574e (diff)
parent: b1f2beb87bb034bb209773807994279f90cace78 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/nft_chain_route_ipv4.c b/net/ipv4/netfilter/nft_chain_route_ipv4.c
index 2375b0a8be46..30493beb611a 100644
--- a/net/ipv4/netfilter/nft_chain_route_ipv4.c
+++ b/net/ipv4/netfilter/nft_chain_route_ipv4.c
@@ -31,6 +31,7 @@ static unsigned int nf_route_table_hook(void *priv,
 	__be32 saddr, daddr;
 	u_int8_t tos;
 	const struct iphdr *iph;
+	int err;
 
 	/* root is playing with raw sockets. */
 	if (skb->len < sizeof(struct iphdr) ||
@@ -46,15 +47,17 @@ static unsigned int nf_route_table_hook(void *priv,
 	tos = iph->tos;
 
 	ret = nft_do_chain(&pkt, priv);
-	if (ret != NF_DROP && ret != NF_QUEUE) {
+	if (ret != NF_DROP && ret != NF_STOLEN) {
 		iph = ip_hdr(skb);
 
 		if (iph->saddr != saddr ||
 		    iph->daddr != daddr ||
 		    skb->mark != mark ||
-		    iph->tos != tos)
-			if (ip_route_me_harder(state->net, skb, RTN_UNSPEC))
-				ret = NF_DROP;
+		    iph->tos != tos) {
+			err = ip_route_me_harder(state->net, skb, RTN_UNSPEC);
+			if (err < 0)
+				ret = NF_DROP_ERR(err);
+		}
 	}
 	return ret;
 }
author	David S. Miller <davem@davemloft.net>	2016-09-23 06:46:57 -0400
committer	David S. Miller <davem@davemloft.net>	2016-09-23 06:46:57 -0400
commit	d6989d4bbe6c4d1c2a76696833a07f044e85694d (patch)
tree	2d9a70d0feee4d4a20568be1b39a961fa0d27d81 /net/ipv4/netfilter
parent	0364a8824c020f12e2d5e9fad963685b58f7574e (diff)
parent	b1f2beb87bb034bb209773807994279f90cace78 (diff)