On Thu, Jul 21, 2016 at 06:45:53PM +0200, Pablo Neira Ayuso wrote:
> > diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
> > index 153e33f..634d592 100644
> > --- a/net/netfilter/nf_conntrack_core.c
> > +++ b/net/netfilter/nf_conntrack_core.c
> > @@ -1108,10 +1108,8 @@ resolve_normal_ct(struct net *net, struct nf_conn *tmpl,
> > if (!h) {
> > h = init_conntrack(net, tmpl, &tuple, l3proto, l4proto,
> > skb, dataoff, hash);
> > - if (!h)
> > - return NULL;
> > - if (IS_ERR(h))
> > - return (void *)h;
> > + if (IS_ERR_OR_NULL(h))
> > + return ERR_CAST(h);
>
> Interesting.
>
> I think we can actually simplify this patch, I'm sending a patch for
> this now.
Forget this, I cannot actually achieve the simplification, we need the
ENOMEM to drop packets when we're under stress.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
