summaryrefslogtreecommitdiffstats
path: root/drivers/pinctrl/pinctrl-coh901.c
diff options
context:
space:
mode:
authorGao Feng <fgao@ikuai8.com>2017-04-20 14:01:45 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-04-26 09:30:22 +0200
commit495dcb56d09ddb63afe30e799af41876c3f061cc (patch)
treea1f3b7af426436ea25763e5c8f5fe58d29c63263 /drivers/pinctrl/pinctrl-coh901.c
parentaee12a0a3727e16fb837367c4755cb6daaf45109 (diff)
downloadlinux-495dcb56d09ddb63afe30e799af41876c3f061cc.tar.gz
linux-495dcb56d09ddb63afe30e799af41876c3f061cc.tar.bz2
linux-495dcb56d09ddb63afe30e799af41876c3f061cc.zip
netfilter: SYNPROXY: Return NF_STOLEN instead of NF_DROP during handshaking
Current SYNPROXY codes return NF_DROP during normal TCP handshaking, it is not friendly to caller. Because the nf_hook_slow would treat the NF_DROP as an error, and return -EPERM. As a result, it may cause the top caller think it meets one error. For example, the following codes are from cfv_rx_poll() err = netif_receive_skb(skb); if (unlikely(err)) { ++cfv->ndev->stats.rx_dropped; } else { ++cfv->ndev->stats.rx_packets; cfv->ndev->stats.rx_bytes += skb_len; } When SYNPROXY returns NF_DROP, then netif_receive_skb returns -EPERM. As a result, the cfv driver would treat it as an error, and increase the rx_dropped counter. So use NF_STOLEN instead of NF_DROP now because there is no error happened indeed, and free the skb directly. Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'drivers/pinctrl/pinctrl-coh901.c')
0 files changed, 0 insertions, 0 deletions