On Mon, Mar 25, 2024 at 11:19:42AM +0800, Jason Xing wrote:
> From: Jason Xing <kernelxing@xxxxxxxxxxx>
>
> Just simply replace the -NF_DROP with NF_DROP since it is just zero.
Single patch for this should be fine, thanks.
There are spots where this happens, and it is not obvious, such as nf_conntrack_in()
if (protonum == IPPROTO_ICMP || protonum == IPPROTO_ICMPV6) {
ret = nf_conntrack_handle_icmp(tmpl, skb, dataoff,
protonum, state);
if (ret <= 0) {
ret = -ret;
goto out;
}
removing signed zero seems more in these cases look more complicated.
