On Tue, May 17, 2016 at 02:50:32PM +0200, Arturo Borrero Gonzalez wrote:
> @@ -114,18 +129,34 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option)
>
> static int getobjopt_is_snat(const struct nf_conntrack *ct)
> {
> - return ((test_bit(ATTR_STATUS, ct->head.set) ?
> - ct->status & IPS_SRC_NAT_DONE : 1) &&
> - ct->repl.dst.v4 !=
> - ct->head.orig.src.v4);
> + if (!(test_bit(ATTR_STATUS, ct->head.set) ?
> + ct->status & IPS_SRC_NAT_DONE : 1))
> + return 0;
Better untangle this code:
if (!test_bit(ATTR_STATUS, ct->head.set))
return 0;
if (!(ct->status & IPS_SRC_NAT_DONE))
return 0;
switch (ct->head.orig.l3protonum) {
case AF_INET:
return ct->repl.dst.v4 != ct->head.orig.src.v4;
default:
return 0;
}
> + switch (ct->head.orig.l3protonum) {
> + case AF_INET:
> + return ct->repl.dst.v4 != ct->head.orig.src.v4;
> + case AF_INET6:
> + return 0;
It is a bit strange to me that you add in this patch all these:
case AF_INET6:
return 0;
I'd rather see you adding this in 2/3 when you implement IPv6 support.
> + default:
> + return 0;
> + }
> }
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
