Re: [PATCH] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [PATCH] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply_translation
       [not found] <BAY403-EAS201184FFD171DD8A4B68C5E95580@phx.gbl>
@ 2015-09-19 17:36 ` Pablo Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2015-09-19 17:36 UTC (permalink / raw)
  To: Feng Gao; +Cc: netfilter-devel

On Sat, Sep 19, 2015 at 10:59:19PM +0800, Feng Gao wrote:
> It could enhance the codes readability and save one extra instruction than
> before

Gao, I'm still having patch mangling problems, most likely your MUA.
See below.

Note that patchwork doesn't catch up this either:

http://patchwork.ozlabs.org/project/netfilter-devel/list/

> Signed-off-by: Feng Gao <gfree.wind@gmail.com>
> 
> ---
> 
> net/ipv4/netfilter/nf_nat_l3proto_ipv4.c |    6 +++---
> 
> net/ipv6/netfilter/nf_nat_l3proto_ipv6.c |    6 +++---
> 
> 2 files changed, 6 insertions(+), 6 deletions(-)
> 
>  
> 
> diff --git a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
> b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
> 
> index 22f4579..f5c0754 100644
> 
> --- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
> 
> +++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
> 
> @@ -294,11 +294,11 @@ nf_nat_ipv4_fn(const struct nf_hook_ops *ops, struct
> sk_buff *skb,
> 
>        case IP_CT_RELATED:
> 
>        case IP_CT_RELATED_REPLY:
> 
>                 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
> 
> -                           if (!nf_nat_icmp_reply_translation(skb, ct,
> ctinfo,
> 
> +                          if (nf_nat_icmp_reply_translation(skb, ct,
> ctinfo,
> 
>  
> ops->hooknum))
> 
> -                                    return NF_DROP;
> 
> -                           else
> 
>                                    return NF_ACCEPT;
> 
> +                          else
> 
> +                                   return NF_DROP;
> 
>                 }
> 
>                 /* Fall thru... (Only ICMPs can be IP_CT_IS_REPLY) */
> 
>        case IP_CT_NEW:
> 
> diff --git a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
> b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
> 
> index 70fbaed..40c0a49 100644
> 
> --- a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
> 
> +++ b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
> 
> @@ -302,12 +302,12 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct
> sk_buff *skb,
> 
>                                               &nexthdr, &frag_off);
> 
>                  if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
> 
> -                           if (!nf_nat_icmpv6_reply_translation(skb, ct,
> ctinfo,
> 
> +                          if (nf_nat_icmpv6_reply_translation(skb, ct,
> ctinfo,
> 
>  
> ops->hooknum,
> 
>                                                                     hdrlen))
> 
> -                                    return NF_DROP;
> 
> -                           else
> 
>                                    return NF_ACCEPT;
> 
> +                          else
> 
> +                                   return NF_DROP;
> 
>                 }
> 
>                 /* Fall thru... (Only ICMPs can be IP_CT_IS_REPLY) */
> 
>        case IP_CT_NEW:
> 

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-09-19 17:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <BAY403-EAS201184FFD171DD8A4B68C5E95580@phx.gbl>
2015-09-19 17:36 ` [PATCH] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply_translation Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).