net: netfilter: use kfree_drop_reason() for NF_DROP
Replace kfree_skb() with kfree_skb_reason() in nf_hook_slow() when skb is dropped by reason of NF_DROP. Following new drop reasons are introduced: SKB_DROP_REASON_NETFILTER_DROP Signed-off-by: Menglong Dong <imagedong@tencent.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
88590b3693
commit
2df3041ba3
@ -320,6 +320,7 @@ enum skb_drop_reason {
|
||||
SKB_DROP_REASON_TCP_CSUM, /* TCP checksum error */
|
||||
SKB_DROP_REASON_SOCKET_FILTER, /* dropped by socket filter */
|
||||
SKB_DROP_REASON_UDP_CSUM, /* UDP checksum error */
|
||||
SKB_DROP_REASON_NETFILTER_DROP, /* dropped by netfilter */
|
||||
SKB_DROP_REASON_MAX,
|
||||
};
|
||||
|
||||
|
@ -16,6 +16,7 @@
|
||||
EM(SKB_DROP_REASON_TCP_CSUM, TCP_CSUM) \
|
||||
EM(SKB_DROP_REASON_SOCKET_FILTER, SOCKET_FILTER) \
|
||||
EM(SKB_DROP_REASON_UDP_CSUM, UDP_CSUM) \
|
||||
EM(SKB_DROP_REASON_NETFILTER_DROP, NETFILTER_DROP) \
|
||||
EMe(SKB_DROP_REASON_MAX, MAX)
|
||||
|
||||
#undef EM
|
||||
|
@ -621,7 +621,8 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,
|
||||
case NF_ACCEPT:
|
||||
break;
|
||||
case NF_DROP:
|
||||
kfree_skb(skb);
|
||||
kfree_skb_reason(skb,
|
||||
SKB_DROP_REASON_NETFILTER_DROP);
|
||||
ret = NF_DROP_GETERR(verdict);
|
||||
if (ret == 0)
|
||||
ret = -EPERM;
|
||||
|
Loading…
Reference in New Issue
Block a user