[PATCH Resolved UMA issue] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH Resolved UMA issue] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply_translation
@ 2015-09-20  0:39 Feng Gao
       [not found] ` <BAY403-EAS177047F29CEA067EAD9964C95430@phx.gbl>
  0 siblings, 1 reply; 2+ messages in thread
From: Feng Gao @ 2015-09-20  0:39 UTC (permalink / raw)
  To: 'Pablo Neira Ayuso'; +Cc: netfilter-devel, gfree.wind

It could enhance the codes readability and save one extra instruction than
before

Signed-off-by: Feng Gao <gfree.wind@gmail.com>
---
 net/ipv4/netfilter/nf_nat_l3proto_ipv4.c |    6 +++---
 net/ipv6/netfilter/nf_nat_l3proto_ipv6.c |    6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
index 22f4579..f5c0754 100644
--- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
@@ -294,11 +294,11 @@ nf_nat_ipv4_fn(const struct nf_hook_ops *ops, struct
sk_buff *skb,
 	case IP_CT_RELATED:
 	case IP_CT_RELATED_REPLY:
 		if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
-			if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
+			if (nf_nat_icmp_reply_translation(skb, ct, ctinfo,
 							   ops->hooknum))
-				return NF_DROP;
-			else
 				return NF_ACCEPT;
+			else
+				return NF_DROP;
 		}
 		/* Fall thru... (Only ICMPs can be IP_CT_IS_REPLY) */
 	case IP_CT_NEW:
diff --git a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
index 70fbaed..40c0a49 100644
--- a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
@@ -302,12 +302,12 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct
sk_buff *skb,
 					  &nexthdr, &frag_off);
 
 		if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
-			if (!nf_nat_icmpv6_reply_translation(skb, ct,
ctinfo,
+			if (nf_nat_icmpv6_reply_translation(skb, ct, ctinfo,
 							     ops->hooknum,
 							     hdrlen))
-				return NF_DROP;
-			else
 				return NF_ACCEPT;
+			else
+				return NF_DROP;
 		}
 		/* Fall thru... (Only ICMPs can be IP_CT_IS_REPLY) */
 	case IP_CT_NEW:

^ permalink raw reply related	[flat|nested] 2+ messages in thread

[parent not found: <BAY403-EAS177047F29CEA067EAD9964C95430@phx.gbl>]

* Re: 答复: [PATCH Resolved UMA issue] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply_translation
       [not found] ` <BAY403-EAS177047F29CEA067EAD9964C95430@phx.gbl>
@ 2015-09-24 10:13   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2015-09-24 10:13 UTC (permalink / raw)
  To: Feng Gao; +Cc: netfilter-devel

On Thu, Sep 24, 2015 at 12:24:41PM +0800, Feng Gao wrote:
> Hi Pablo,
> 
> How about this patch?
> If it is ok, I have more confidence to try to commit more patches.

The patch format looks good, patchwork is catching it.

I'll go back to the pending list of patches as soon as the netns bunch
gets merged mainstream.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-09-24 10:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-20  0:39 [PATCH Resolved UMA issue] netfilter: icmp: Enhance the return value check of nf_nat_icmp(v6)_reply_translation Feng Gao
     [not found] ` <BAY403-EAS177047F29CEA067EAD9964C95430@phx.gbl>
2015-09-24 10:13   ` 答复: " Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).