Hello Pablo Neira Ayuso,
The patch c9626a2cbdb2: "netfilter: nf_tables: add hardware offload
support" from Jul 9, 2019, leads to the following static checker
warning:
net/netfilter/nf_tables_offload.c:196 nft_flow_offload_chain()
warn: always true condition '(((trans->data)->policy) != -1) => (0-255
!= (-1))'
net/netfilter/nf_tables_offload.c
176 static int nft_flow_offload_chain(struct nft_trans *trans,
177 enum flow_block_command cmd)
178 {
179 struct nft_chain *chain = trans->ctx.chain;
180 struct netlink_ext_ack extack = {};
181 struct flow_block_offload bo = {};
182 struct nft_base_chain *basechain;
183 struct net_device *dev;
184 int err;
185
186 if (!nft_is_base_chain(chain))
187 return -EOPNOTSUPP;
188
189 basechain = nft_base_chain(chain);
190 dev = basechain->ops.dev;
191 if (!dev || !dev->netdev_ops->ndo_setup_tc)
192 return -EOPNOTSUPP;
193
194 /* Only default policy to accept is supported for now. */
195 if (cmd == FLOW_BLOCK_BIND &&
196 nft_trans_chain_policy(trans) != -1 &&
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
nft_trans_chain_policy() is a u8 so it can't be -1.
197 nft_trans_chain_policy(trans) != NF_ACCEPT)
198 return -EOPNOTSUPP;
199
200 bo.command = cmd;
201 bo.block = &basechain->flow_block;
202 bo.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS;
203 bo.extack = &extack;
204 INIT_LIST_HEAD(&bo.cb_list);
regards,
dan carpenter
