On Mon, Mar 25, 2024 at 05:31:19PM +0800, Jason Xing wrote:
> On Mon, Mar 25, 2024 at 5:19 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> >
> > On Mon, Mar 25, 2024 at 11:19:42AM +0800, Jason Xing wrote:
> > > From: Jason Xing <kernelxing@xxxxxxxxxxx>
> > >
> > > Just simply replace the -NF_DROP with NF_DROP since it is just zero.
> >
> > Single patch for this should be fine, thanks.
>
> Okay, I thought every patch should be atomic, so I splitted one into
> three. I will squash them :)
One patch for logical update, patch description is the same for them all.
> > There are spots where this happens, and it is not obvious, such as nf_conntrack_in()
> >
> > if (protonum == IPPROTO_ICMP || protonum == IPPROTO_ICMPV6) {
> > ret = nf_conntrack_handle_icmp(tmpl, skb, dataoff,
> > protonum, state);
> > if (ret <= 0) {
> > ret = -ret;
>
> Yep, it's not that obvious.
>
> > goto out;
> > }
> >
> > removing signed zero seems more in these cases look more complicated.
>
> Yes, so I have no intention to touch them all. The motivation of this
> patch is that I traced back to the use of NF_DROP in history and found
> out something strange.
Yes, it looks like something was trying to be fixed not in the right way.
> I will send a v2 patch soon.
Thanks.
