From: Patrick McHardy <kaber@trash.net>
To: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Cc: laforge@netfilter.org, netdev@vger.kernel.org,
netfilter-devel@lists.netfilter.org, acme@ghostprotocols.net
Subject: Re: (no subject)
Date: Tue, 01 Nov 2005 18:47:17 +0100 [thread overview]
Message-ID: <4367AA25.6050004@trash.net> (raw)
In-Reply-To: <200510311111.j9VBBU7n020516@toshiba.co.jp>
Yasuyuki KOZAKAI wrote:
> Subject: Re: nf_conntrack comments
> From: Yasuyuki KOZAKAI <kozakai@isl.rdc.toshiba.co.jp>
> Fcc: +backup
> In-Reply-To: <20051029135524.GQ4479@sunbeam.de.gnumonks.org>
> References: <20051018084924.GD20338@sunbeam.de.gnumonks.org>
> <39e6f6c70510282108i60d78df6w9728f40641dccf80@mail.gmail.com>
> <20051029135524.GQ4479@sunbeam.de.gnumonks.org>
> X-Mailer: Mew version 4.2 on Emacs 20.7 / Mule 4.0 (HANANOEN)
> ----
>
> Hi, Acme and all,
>
> Acme, thank you for reviewing of nf_conntrack.
>
> From: Harald Welte <laforge@netfilter.org>
> Date: Sat, 29 Oct 2005 15:55:24 +0200
>
>
>>>+ if (!h) {
>>>+ DEBUGP("icmpv6_error: no match\n");
>>>+ return NF_ACCEPT;
>>>+ } else {
>>>+ if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
>>>+ *ctinfo += IP_CT_IS_REPLY;
>>>+ }
>>>+
>>>+ /* Update skb to refer to this connection */
>>>+ skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
>>>+ skb->nfctinfo = *ctinfo;
>>>+ return -NF_ACCEPT;
>>>+}
>>>
>>>I noticed that some of the returns are NF_ACCEPT while at leat this last one
>>>returns -NF_ACCEPT, is this a special convention or should all be negative? or
>>>positive?
>>
>>I'll check that, looks like a bug to me, too.
>
>
> If we don't change, the result is same. If this function return NF_ACCEPT,
> connection tracking handles packet as normal packet. But it cannot find invert
> tuple for it and stop processing after all. Then no problem.
>
> But it may be better to replace NF_ACCEPT with -NF_ACCEPT in this function to
> stop processing early.
>
> BTW, this is common issue in nf_conntrack and ip_conntrack. Then it is
> necessary to both of them if we want.
>
> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
>
> Netfilter folks, do you have any problem if I change these return value ?
I think its a good idea, there is no point in continuing to process
these packets.
next prev parent reply other threads:[~2005-11-01 17:47 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-31 11:11 (no subject) Yasuyuki KOZAKAI
2005-11-01 17:47 ` Patrick McHardy [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-07-08 15:43 (No Subject) Bug
2023-05-13 8:12 [no subject] Beatrice Benson
2019-05-22 5:41 [No Subject] Gardner, Tim
2018-07-26 16:34 (no subject) Fritz Micheal.
2018-06-15 8:48 Dani Camps
2017-01-13 10:46 [PATCH v3 4/8] x86: stop exporting msr-index.h to userland Nicolas Dichtel
2017-01-09 11:33 ` [PATCH v2 0/7] uapi: export all headers under uapi directories Arnd Bergmann
2017-01-13 10:46 ` [PATCH v3 0/8] " Nicolas Dichtel
2017-01-13 15:43 ` (no subject) David Howells
2016-07-04 12:34 Brian Neu
2016-05-26 12:04 Brian Neu
2016-01-11 9:04 Brian Neu
2014-09-03 12:18 US-ARMEE
[not found] <pull request for net: batman-adv 2013-05-21>
2013-05-21 19:53 ` Antonio Quartulli
[not found] ` <1369166035-585-1-git-send-email-ordex-GaUfNO9RBHfsrOwW+9ziJQ@public.gmane.org>
2013-05-21 19:56 ` Antonio Quartulli
2011-05-25 18:36 ©2011.Coca-Cola Great Britain
2011-04-25 1:42 Mr. Miaoqing Fang
2009-09-11 17:10 Hyundai
2009-08-24 19:35 MRS SANDRA WHITE
2009-08-21 0:08 Wy
2009-08-19 18:31 Uknl
2009-07-21 10:02 The Camelot Group
2009-07-17 4:17 CG LOTTO
2009-06-30 1:28 Mrs Dianne Thompson
2009-06-22 15:09 IL
2009-06-22 11:26 Cgnlwin
2009-06-20 9:20 IL
2009-05-18 9:59 Mnl
2009-05-15 14:29 il
2009-01-09 13:38 Sanjay Rao
2008-11-18 20:44 Oluf Svendson
2008-11-18 15:07 Oluf Svendson
2008-08-27 12:17 Fabian Ischia
2008-08-13 7:09 Franco Fichtner
2008-06-06 21:11 Dragos Ilie
2007-12-31 7:03 Ramesh R
2006-08-25 21:50 ashish gawarikar
2006-06-20 11:31 Abimanyu G
2005-12-16 2:30 093u2y8y83yg3
2005-12-09 14:18 VJlm
2005-12-08 13:23 YjXXXulPAVpSHgx
2005-12-07 13:41 8pvs2I
2005-12-05 4:32 polpolkim6677
2005-12-03 17:41 ikoey8y36vihioyt
2005-11-28 20:08 declarator
2005-08-15 13:44 d1187e7720r
2005-08-15 12:04 d1187e7720r
2005-08-15 10:34 q0960m0638o
2005-08-15 7:10 d1187e7720r
2005-08-13 3:52 y5834i4926v
2005-08-13 2:36 d1187e7720r
2005-08-12 0:40 seohai
2005-05-24 9:17 root
2005-05-24 9:17 root
2005-05-24 9:16 root
2005-05-24 9:15 root
2005-05-24 9:14 root
2005-05-24 9:12 root
2005-05-24 9:11 root
2005-04-25 3:54 林先生
2005-03-08 6:51 l-linux-admin
2005-03-03 21:36 Luis R. Rodriguez
[not found] <E1CzsnF-0007zI-00@joanna.william.org>
2005-02-12 8:38 ` autoreply
2004-11-30 4:07 klsxl
2004-07-01 3:45 Luis R. Rodriguez
2004-06-18 16:44 efc5036
2004-06-02 17:15 3акyпки
2004-04-14 13:01 Kishore A K
2004-04-12 13:23 Denis Vlasenko
2004-03-26 14:57 ananth
2004-03-22 12:31 EBLAZHJ
2003-09-18 18:35 Robert Olsson
2003-08-09 13:44 mailperson
2003-07-08 20:05 bob.olszewski
2003-06-29 23:00 James Morris
2003-06-30 2:20 ` David S. Miller
2003-03-20 9:22 sakalra
2003-02-21 11:38 santosh kumar gowda
2003-02-21 18:37 ` Maciej W. Rozycki
2002-11-09 11:59 mike obi
2002-11-07 5:55 jenil68
2002-10-29 7:33 netdev-bounce
2002-10-29 7:16 netdev-bounce
2002-10-29 7:05 netdev-bounce
2002-10-29 6:52 netdev-bounce
2002-10-29 6:37 netdev-bounce
2002-10-29 6:35 netdev-bounce
2002-10-29 6:14 netdev-bounce
2002-10-29 6:10 netdev-bounce
2002-10-29 6:01 netdev-bounce
2002-10-29 4:45 netdev-bounce
2002-10-29 4:17 netdev-bounce
2002-10-29 3:39 netdev-bounce
2002-10-29 3:30 netdev-bounce
2002-10-29 3:19 netdev-bounce
2002-10-29 3:04 netdev-bounce
2002-10-29 2:55 netdev-bounce
2002-10-29 2:42 netdev-bounce
2002-10-29 2:03 netdev-bounce
2002-10-29 1:12 netdev-bounce
2002-08-25 18:48 KLpetronas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4367AA25.6050004@trash.net \
--to=kaber@trash.net \
--cc=acme@ghostprotocols.net \
--cc=laforge@netfilter.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=yasuyuki.kozakai@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).