source: trunk/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch @ 30954

Last change on this file since 30954 was 30954, checked in by nbd, 5 years ago

kernel: optimize out remaining netfilter hooks in the bridging code if bridge filtering is disabled

File size: 3.7 KB
  • net/bridge/br_input.c

    a b static int br_pass_frame_up(struct sk_bu 
    4040        indev = skb->dev; 
    4141        skb->dev = brdev; 
    4242 
    43         return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 
     43        return BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 
    4444                       netif_receive_skb); 
    4545} 
    4646 
    rx_handler_result_t br_handle_frame(stru 
    194194                } 
    195195 
    196196                /* Deliver packet to local host only */ 
    197                 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 
     197                if (BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 
    198198                            NULL, br_handle_local_finish)) { 
    199199                        return RX_HANDLER_CONSUMED; /* consumed by filter */ 
    200200                } else { 
    forward: 
    219219                if (!compare_ether_addr(p->br->dev->dev_addr, dest)) 
    220220                        skb->pkt_type = PACKET_HOST; 
    221221 
    222                 NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 
     222                BR_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 
    223223                        br_handle_frame_finish); 
    224224                break; 
    225225        default: 
  • net/bridge/br_netfilter.c

    a b static int brnf_filter_pppoe_tagged __re 
    7171#define IS_ARP(skb) \ 
    7272        (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP)) 
    7373 
     74bool br_netfilter_run_hooks(void) 
     75{ 
     76        return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables; 
     77} 
     78 
    7479static inline __be16 vlan_proto(const struct sk_buff *skb) 
    7580{ 
    7681        if (vlan_tx_tag_present(skb)) 
  • net/bridge/br_private.h

    a b static inline bool br_multicast_is_route 
    492492extern int br_netfilter_init(void); 
    493493extern void br_netfilter_fini(void); 
    494494extern void br_netfilter_rtable_init(struct net_bridge *); 
     495extern bool br_netfilter_run_hooks(void); 
    495496#else 
    496497#define br_netfilter_init()     (0) 
    497498#define br_netfilter_fini()     do { } while(0) 
    498499#define br_netfilter_rtable_init(x) 
     500#define br_netfilter_run_hooks()        false 
    499501#endif 
    500502 
     503static inline int 
     504BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb, 
     505        struct net_device *in, struct net_device *out, 
     506        int (*okfn)(struct sk_buff *)) 
     507{ 
     508        if (!br_netfilter_run_hooks()) 
     509                return okfn(skb); 
     510 
     511        return NF_HOOK(pf, hook, skb, in, out, okfn); 
     512} 
     513 
    501514/* br_stp.c */ 
    502515extern void br_log_state(const struct net_bridge_port *p); 
    503516extern struct net_bridge_port *br_get_port(struct net_bridge *br, 
  • net/bridge/br_forward.c

    a b int br_dev_queue_push_xmit(struct sk_buf 
    5555 
    5656int br_forward_finish(struct sk_buff *skb) 
    5757{ 
    58         return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 
     58        return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 
    5959                       br_dev_queue_push_xmit); 
    6060 
    6161} 
    static void __br_deliver(const struct ne 
    7474                return; 
    7575        } 
    7676 
    77         NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     77        BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    7878                br_forward_finish); 
    7979} 
    8080 
    static void __br_forward(const struct ne 
    9191        skb->dev = to->dev; 
    9292        skb_forward_csum(skb); 
    9393 
    94         NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 
     94        BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 
    9595                br_forward_finish); 
    9696} 
    9797 
  • net/bridge/br_multicast.c

    a b static void __br_multicast_send_query(st 
    827827        if (port) { 
    828828                __skb_push(skb, sizeof(struct ethhdr)); 
    829829                skb->dev = port->dev; 
    830                 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     830                BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    831831                        dev_queue_xmit); 
    832832        } else 
    833833                netif_rx(skb); 
  • net/bridge/br_stp_bpdu.c

    a b static void br_send_bpdu(struct net_brid 
    5252 
    5353        skb_reset_mac_header(skb); 
    5454 
    55         NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     55        BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    5656                dev_queue_xmit); 
    5757} 
    5858 
Note: See TracBrowser for help on using the repository browser.