Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > Or do you mean using a different macro that always sets EPERM? > > Maybe remove SKB_DROP_REASON_NETFILTER_DROP from macro, so line is > shorter? > > NF_DROP_REASON(pkt->skb, -EPERM) > > And add a new macro for br_netfilter NF_BR_DROP_REASON which does not > always sets SKB_DROP_REASON_NETFILTER_DROP? (Pick a better name for > this new macro if you like). NF_DROP_REASON is already in the tree and currently most users use something other than SKB_DROP_REASON_NETFILTER_DROP. I did not yet add new enum values or a dedicated nf namespace (enum skb_drop_reason_subsys), because I did not see a reason and wasn't sure if we'd need sub-subsystems (nf_tables, conntrack, nat, whatever). If you like, I can add NF_FREE_SKB(skb, errno) and rework this set to use that?
