Provide more precise drop information rather than doing the freeing from core.c:nf_hook_slow(). First patch is a small preparation patch, rest coverts NF_DROP locations of NF_DROP_REASON(). Florian Westphal (4): netfilter: xt_nat: compact nf_nat_setup_info calls netfilter: xt_nat: drop packet earlier netfilter: nf_nat: use skb_drop_reason netfilter: nf_tables: use skb_drop_reason include/linux/netfilter.h | 5 +- net/bridge/netfilter/nft_reject_bridge.c | 2 +- net/ipv4/netfilter/nft_reject_ipv4.c | 2 +- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 5 +- net/netfilter/nf_nat_masquerade.c | 23 +++++-- net/netfilter/nf_nat_proto.c | 18 +++--- net/netfilter/nf_nat_redirect.c | 4 +- net/netfilter/nf_synproxy_core.c | 16 ++--- net/netfilter/nft_chain_filter.c | 4 +- net/netfilter/nft_compat.c | 8 +-- net/netfilter/nft_connlimit.c | 4 +- net/netfilter/nft_ct.c | 14 ++-- net/netfilter/nft_exthdr.c | 2 +- net/netfilter/nft_fib_inet.c | 2 +- net/netfilter/nft_fwd_netdev.c | 4 +- net/netfilter/nft_nat.c | 8 ++- net/netfilter/nft_reject_inet.c | 2 +- net/netfilter/nft_reject_netdev.c | 2 +- net/netfilter/nft_synproxy.c | 10 +-- net/netfilter/xt_nat.c | 78 ++++++++++------------- 20 files changed, 112 insertions(+), 101 deletions(-) -- 2.45.2
