On Mon, Mar 25, 2024 at 05:31:19PM +0800, Jason Xing wrote: > On Mon, Mar 25, 2024 at 5:19 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > > On Mon, Mar 25, 2024 at 11:19:42AM +0800, Jason Xing wrote: > > > From: Jason Xing <kernelxing@xxxxxxxxxxx> > > > > > > Just simply replace the -NF_DROP with NF_DROP since it is just zero. > > > > Single patch for this should be fine, thanks. > > Okay, I thought every patch should be atomic, so I splitted one into > three. I will squash them :) One patch for logical update, patch description is the same for them all. > > There are spots where this happens, and it is not obvious, such as nf_conntrack_in() > > > > if (protonum == IPPROTO_ICMP || protonum == IPPROTO_ICMPV6) { > > ret = nf_conntrack_handle_icmp(tmpl, skb, dataoff, > > protonum, state); > > if (ret <= 0) { > > ret = -ret; > > Yep, it's not that obvious. > > > goto out; > > } > > > > removing signed zero seems more in these cases look more complicated. > > Yes, so I have no intention to touch them all. The motivation of this > patch is that I traced back to the use of NF_DROP in history and found > out something strange. Yes, it looks like something was trying to be fixed not in the right way. > I will send a v2 patch soon. Thanks.