mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/ipv6/netfilter
History
Jason Xing 8edc27fc4f netfilter: use NF_DROP instead of -NF_DROP 
At the beginning in 2009 one patch [1] introduced collecting drop
counter in nf_conntrack_in() by returning -NF_DROP. Later, another
patch [2] changed the return value of tcp_packet() which now is
renamed to nf_conntrack_tcp_packet() from -NF_DROP to NF_DROP. As
we can see, that -NF_DROP should be corrected.

Similarly, there are other two points where the -NF_DROP is used.

Well, as NF_DROP is equal to 0, inverting NF_DROP makes no sense
as patch [2] said many years ago.

[1]
commit 7d1e04598e ("netfilter: nf_conntrack: account packets drop by tcp_packet()")
[2]
commit ec8d540969 ("netfilter: conntrack: fix dropping packet after l4proto->packet()")

Signed-off-by: Jason Xing <kernelxing@tencent.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2024-05-06 16:29:21 +02:00
..
Kconfig netfilter: xtables: allow xtables-nft only builds 2024-01-29 15:43:21 +01:00
Makefile netfilter: xtables: allow xtables-nft only builds 2024-01-29 15:43:21 +01:00
ip6_tables.c netfilter: complete validation of user input 2024-04-10 19:42:56 -07:00
ip6t_NPT.c netfilter: ip6t_NPT: rewrite addresses in ICMPv6 original packet 2020-08-28 19:18:48 +02:00
ip6t_REJECT.c netfilter: use actual socket sk for REJECT action 2020-12-01 14:33:55 +01:00
ip6t_SYNPROXY.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
ip6t_ah.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_eui64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_frag.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_hbh.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_ipv6header.c netfilter: move inline nf_ip6_ext_hdr() function to a more appropriate header. 2019-09-13 12:34:09 +02:00
ip6t_mh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_rpfilter.c netfilter: ip6t_rpfilter: Fix regression with VRF interfaces 2023-02-22 00:22:20 +01:00
ip6t_rt.c netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 2021-10-14 23:08:35 +02:00
ip6t_srh.c
ip6table_filter.c netfilter: use NF_DROP instead of -NF_DROP 2024-05-06 16:29:21 +02:00
ip6table_mangle.c netfilter: xt_mangle: only check verdict part of return value 2023-10-18 10:26:43 +02:00
ip6table_nat.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
ip6table_raw.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
ip6table_security.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
nf_conntrack_reasm.c netfilter: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00
nf_defrag_ipv6_hooks.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
nf_dup_ipv6.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
nf_reject_ipv6.c ipv6: annotate data-races around cnf.hop_limit 2024-03-01 08:42:31 +00:00
nf_socket_ipv6.c tcp: Access &tcp_hashinfo via net. 2022-09-20 10:21:49 -07:00
nf_tproxy_ipv6.c netfilter: tproxy: fix deadlock due to missing BH disable 2023-03-06 12:09:48 +01:00
nft_dup_ipv6.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_fib_ipv6.c netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces. 2022-10-19 08:46:48 +02:00
nft_reject_ipv6.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00