On Mon, Mar 25, 2024 at 5:19 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> On Mon, Mar 25, 2024 at 11:19:42AM +0800, Jason Xing wrote:
> > From: Jason Xing <kernelxing@xxxxxxxxxxx>
> >
> > Just simply replace the -NF_DROP with NF_DROP since it is just zero.
>
> Single patch for this should be fine, thanks.
Okay, I thought every patch should be atomic, so I splitted one into
three. I will squash them :)
>
> There are spots where this happens, and it is not obvious, such as nf_conntrack_in()
>
> if (protonum == IPPROTO_ICMP || protonum == IPPROTO_ICMPV6) {
> ret = nf_conntrack_handle_icmp(tmpl, skb, dataoff,
> protonum, state);
> if (ret <= 0) {
> ret = -ret;
Yep, it's not that obvious.
> goto out;
> }
>
> removing signed zero seems more in these cases look more complicated.
Yes, so I have no intention to touch them all. The motivation of this
patch is that I traced back to the use of NF_DROP in history and found
out something strange.
I will send a v2 patch soon.
Thanks,
Jason
