diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-03-19 17:32:59 +0100 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-03-25 16:56:09 +0100 |
commit | 4a5a5c73b7cfee46a0b1411903cfa0dea532deec (patch) | |
tree | 3f7ef0def4adf3a01e15ab3a2a7231967b87bfee /net/netfilter/xt_connlimit.c | |
parent | d6b00a5345ce4e86e8b00a88bb84a2c0c1f69ddc (diff) |
netfilter: xtables: slightly better error reporting
When extended status codes are available, such as ENOMEM on failed
allocations, or subsequent functions (e.g. nf_ct_get_l3proto), passing
them up to userspace seems like a good idea compared to just always
EINVAL.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/netfilter/xt_connlimit.c')
-rw-r--r-- | net/netfilter/xt_connlimit.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index 68e89f08140b..370088ec5764 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c @@ -220,22 +220,24 @@ static int connlimit_mt_check(const struct xt_mtchk_param *par) { struct xt_connlimit_info *info = par->matchinfo; unsigned int i; + int ret; if (unlikely(!connlimit_rnd_inited)) { get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd)); connlimit_rnd_inited = true; } - if (nf_ct_l3proto_try_module_get(par->family) < 0) { + ret = nf_ct_l3proto_try_module_get(par->family); + if (ret < 0) { pr_info("cannot load conntrack support for " "address family %u\n", par->family); - return -EINVAL; + return ret; } /* init private data */ info->data = kmalloc(sizeof(struct xt_connlimit_data), GFP_KERNEL); if (info->data == NULL) { nf_ct_l3proto_module_put(par->family); - return -EINVAL; + return -ENOMEM; } spin_lock_init(&info->data->lock); |