Re: DROP still returns -EPERM to userspace in OUTPUT chain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pablo Neira Ayuso wrote:
Jan Engelhardt wrote:
So just wanting to know - are people supposed to use xt_STEAL instead
if they really want it silently dropped?

Well, I still would like to know any application that can benefit from
this, apart from broken applications.

I'd suggest to encode an errno code in the verdict and return that
one. Currently we're not able to propagate f.i. -EHOSTUNREACH from
ip_route_me_harder() and always return -EPERM. This could then be
used to make the errno code configurable for DROP, similar to
unreachable routes.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux