On Friday 2010-09-24 22:45, Eric Paris wrote: >Commit 4a5a5c73 attempted to pass decent error messages back to userspace for >netfilter errors. In xt_SECMARK.c however the patch screwed up and returned >on 0 (aka no error) early and didn't finish setting up secmark. This results >in a kernel BUG if you use SECMARK. >+++ b/net/netfilter/xt_SECMARK.c >@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) > switch (info->mode) { > case SECMARK_MODE_SEL: > err = checkentry_selinux(info); >- if (err <= 0) >+ if (err) > return err; Indeed the = is unwanted and err < 0 was intended here. Sorry for the slip. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html