On Wednesday 2009-11-04 08:59, Changli Gao wrote:
>On Wed, Nov 4, 2009 at 2:04 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote:
>>
>> -#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \
>> -({int __ret; \
>> -if ((cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\
>> - __ret = (okfn)(skb); \
>> -__ret;})
>This code isn't the same as the linus tree's.
It sure is:
git diff mdz/next~6..mdz/next include/linux/netfilter.h
=> no output, hence the same.
>And has a risk about uninitialized variable __ret.
>
>#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \
>({int __ret; \
>if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn,
>INT_MIN, cond)) == 1)\
> __ret = (okfn)(skb); \
>__ret;})
No uninitialized variable either there.
>The fact is: no matter the cond value, okfn(skb) should always be
>called, and hf_hook_thresh() should be called only when cond is true.
Yes, thank you for noticing. I will have that fixed up:
Subject: augment a3dc8cdef7c00d0340a0e6bc80211ce81b665f3b
---
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index d02dc03..6854000 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -209,7 +209,7 @@ __ret;})
#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \
({int __ret; \
-if ((cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\
+if (!(cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\
__ret = (okfn)(skb); \
__ret;})
--
# Created with git-export-patch
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
