netfilter: make nftables drops visible in net dropmonitor - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Florian Westphal <fw@strlen.de>	2023-10-11 10:59:38 +0300
committer	Florian Westphal <fw@strlen.de>	2023-10-18 11:26:43 +0300
commit	e0d4593140b01b8da513a0c88c26da28b4906413 (patch)
tree	38aa2be18abfbdb974535a1530910a8b6c25cca2 /tools/perf/scripts/python/gecko.py
parent	35c038b0a4be197679deefaf96998241cb7efc88 (diff)
download	linux-e0d4593140b01b8da513a0c88c26da28b4906413.tar.xz

netfilter: make nftables drops visible in net dropmonitor

net_dropmonitor blames core.c:nf_hook_slow. Add NF_DROP_REASON() helper and use it in nft_do_chain(). The helper releases the skb, so exact drop location becomes available. Calling code will observe the NF_STOLEN verdict instead. Adjust nf_hook_slow so we can embed an erro value wih NF_STOLEN verdicts, just like we do for NF_DROP. After this, drop in nftables can be pinpointed to a drop due to a rule or the chain policy. Signed-off-by: Florian Westphal <fw@strlen.de>

Diffstat (limited to 'tools/perf/scripts/python/gecko.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: