Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > One question regarding this series. > > Most spots still rely on EPERM which is the default reason for > NF_DROP. core converts NF_DROP to EPERM if no errno value is set, correct. > I wonder if it is worth updating all these spots to use NF_DROP_REASON > with EPERM. I think patchset becomes smaller if it is only used to > provide a better reason than EPERM. I'm not following, sorry. What do you mean? This is not about errno. NF_DROP_REASON() calls kfree_skb, so tooling can show location other than nf_hook_slow(). Or do you mean using a different macro that always sets EPERM?
