On Thu, Oct 6, 2016 at 6:30 AM, Shmulik Ladkani <shmulik.ladk...@gmail.com> wrote: > Hi, > > On Mon, Oct 3, 2016 at 12:45 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Thu, Sep 29, 2016 at 4:03 AM, Shmulik Ladkani >> <shmulik.ladk...@gmail.com> wrote: >>> skb2->skb_iif = skb->dev->ifindex; >>> skb2->dev = dev; >>> - err = dev_queue_xmit(skb2); >>> + if (tcf_mirred_act_direction(m_eaction) & AT_EGRESS) >>> + err = dev_queue_xmit(skb2); >>> + else >>> + netif_receive_skb(skb2); >> >> Any reason why not check the return value here? > > Rationale: netif_receive_skb returns err if there was no protocol > handler to deliver the skb to. > If skb is not caught by any protocol handler, this should not be > considered an "ingress redirect" error. The redirect action should be > considered successful.
A quick grep shows there are many places returning NET_RX_DROP: E.g. net/ipv4/arp.c: return NET_RX_DROP; net/ipv4/arp.c: return NET_RX_DROP; net/ipv4/gre_demux.c: return NET_RX_DROP; net/ipv4/ip_forward.c: return NET_RX_DROP; net/ipv4/ip_input.c: return NET_RX_DROP; net/ipv4/ip_input.c: return NET_RX_DROP; net/ipv4/ipconfig.c: return NET_RX_DROP; net/ipv4/ipconfig.c: return NET_RX_DROP; net/ipv4/raw.c: return NET_RX_DROP; net/ipv4/raw.c: return NET_RX_DROP; net/ipv4/xfrm4_input.c: return NET_RX_DROP; net/ipv6/ip6_input.c: return NET_RX_DROP; net/ipv6/ip6_input.c: return NET_RX_DROP; net/ipv6/ip6_input.c: return NET_RX_DROP; net/ipv6/raw.c: return NET_RX_DROP; net/ipv6/raw.c: return NET_RX_DROP; net/ipv6/raw.c: return NET_RX_DROP; net/ipv6/raw.c: return NET_RX_DROP;
