Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [bug report] netfilter: nf_tables: add hardware offload support
@ 2019-08-07 13:36 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2019-08-07 13:36 UTC (permalink / raw)
  To: pablo; +Cc: netfilter-devel

Hello Pablo Neira Ayuso,

The patch c9626a2cbdb2: "netfilter: nf_tables: add hardware offload
support" from Jul 9, 2019, leads to the following static checker
warning:

	net/netfilter/nf_tables_offload.c:196 nft_flow_offload_chain()
	warn: always true condition '(((trans->data)->policy) != -1) => (0-255 != (-1))'

net/netfilter/nf_tables_offload.c
   176  static int nft_flow_offload_chain(struct nft_trans *trans,
   177                                    enum flow_block_command cmd)
   178  {
   179          struct nft_chain *chain = trans->ctx.chain;
   180          struct netlink_ext_ack extack = {};
   181          struct flow_block_offload bo = {};
   182          struct nft_base_chain *basechain;
   183          struct net_device *dev;
   184          int err;
   185  
   186          if (!nft_is_base_chain(chain))
   187                  return -EOPNOTSUPP;
   188  
   189          basechain = nft_base_chain(chain);
   190          dev = basechain->ops.dev;
   191          if (!dev || !dev->netdev_ops->ndo_setup_tc)
   192                  return -EOPNOTSUPP;
   193  
   194          /* Only default policy to accept is supported for now. */
   195          if (cmd == FLOW_BLOCK_BIND &&
   196              nft_trans_chain_policy(trans) != -1 &&
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
nft_trans_chain_policy() is a u8 so it can't be -1.

   197              nft_trans_chain_policy(trans) != NF_ACCEPT)
   198                  return -EOPNOTSUPP;
   199  
   200          bo.command = cmd;
   201          bo.block = &basechain->flow_block;
   202          bo.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS;
   203          bo.extack = &extack;
   204          INIT_LIST_HEAD(&bo.cb_list);

regards,
dan carpenter

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-07 13:36 [bug report] netfilter: nf_tables: add hardware offload support Dan Carpenter

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org netfilter-devel@archiver.kernel.org
	public-inbox-index netfilter-devel


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox