From: Stephen Hemminger <shemminger@vyatta.com>
To: Patrick McHardy <kaber@trash.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: NAT regression in next tree
Date: Fri, 19 Feb 2010 10:11:27 -0800 [thread overview]
Message-ID: <20100219101127.462f5fe2@nehalam> (raw)
In-Reply-To: <4B7E3D65.2030203@trash.net>
On Fri, 19 Feb 2010 08:27:33 +0100
Patrick McHardy <kaber@trash.net> wrote:
> Eric Dumazet wrote:
> > Le vendredi 19 février 2010 à 08:06 +0100, Patrick McHardy a écrit :
> >> netfilter: restore POST_ROUTING hook in NF_HOOK_COND
> >>
> >> Commit 2249065 ("netfilter: get rid of the grossness in netfilter.h")
> >> inverted the logic for conditional hook invocation, breaking the
> >> POST_ROUTING hook invoked by ip_output().
> >>
> >> Correct the logic and remove an unnecessary initialization.
> >>
> >> Reported-by: Stephen Hemminger <shemminger@vyatta.com>
> >> Signed-off-by: Patrick McHardy <kaber@trash.net>
> >>
> >> diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
> >> index 7007945..89341c3 100644
> >> --- a/include/linux/netfilter.h
> >> +++ b/include/linux/netfilter.h
> >> @@ -212,8 +212,9 @@ NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb,
> >> struct net_device *in, struct net_device *out,
> >> int (*okfn)(struct sk_buff *), bool cond)
> >> {
> >> - int ret = 1;
> >> - if (cond ||
> >> + int ret;
> >> +
> >> + if (!cond ||
> >> (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1))
> >> ret = okfn(skb);
> >> return ret;
> >
> > I dont quite get it
> >
> > Original code was :
> >
> >
> > #define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \
> > ({int __ret; \
> > if ((cond) || (__ret = nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN)) == 1)\
> > __ret = (okfn)(skb); \
> > __ret;})
> >
> >
> > There was no condition inversion.
>
> Right, I quoted the wrong patch, it was actually broken in
> 23f3733 ("netfilter: reduce NF_HOOK by one argument"), which
> moved the cond check from nf_hook_thresh() to NF_HOOK_COND().
Yes, this fixes the problem I was seeing.
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
--
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2010-02-19 18:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-17 1:36 Recent change to net-next broke KVM bridging Stephen Hemminger
2010-02-17 14:26 ` Arnd Bergmann
2010-02-19 1:36 ` NAT regression in next tree Stephen Hemminger
2010-02-19 5:45 ` Patrick McHardy
2010-02-19 5:51 ` Stephen Hemminger
2010-02-19 7:06 ` Patrick McHardy
2010-02-19 7:20 ` Eric Dumazet
2010-02-19 7:27 ` Patrick McHardy
2010-02-19 18:11 ` Stephen Hemminger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100219101127.462f5fe2@nehalam \
--to=shemminger@vyatta.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.