kernel: optimize out remaining netfilter hooks in the bridging code if bridge filtering is disabled

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30954 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2012-03-16 09:21:59 +0000
committer: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2012-03-16 09:21:59 +0000
commit: e2f9a07f36024868f2d8d413a27401952556ae4a (patch)
tree: 56b93738eac1bded588de4801121ddc93040b182 /target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
parent: a2e617077c8ad32460b343d7b88696a2c02fc239 (diff)
1 files changed, 71 insertions, 25 deletions
diff --git a/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch b/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
index c2c38271d..af793ee83 100644
--- a/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
+++ b/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
@@ -1,24 +1,6 @@
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = { 
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
- 
-+static inline int
-+BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
-+	struct net_device *in, struct net_device *out,
-+	int (*okfn)(struct sk_buff *))
-+{
-+	if (!br_netfilter_run_hooks())
-+		return okfn(skb);
-+
-+	return NF_HOOK(pf, hook, skb, in, out, okfn);
-+}
-+
- static int br_pass_frame_up(struct sk_buff *skb)
- {
- 	struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
  	indev = skb->dev;
  	skb->dev = brdev;
  
@@ -27,7 +9,7 @@
  		       netif_receive_skb);
  }
  
-@@ -194,7 +205,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -194,7 +194,7 @@ rx_handler_result_t br_handle_frame(stru
  		}
  
  		/* Deliver packet to local host only */
@@ -36,7 +18,7 @@
  			    NULL, br_handle_local_finish)) {
  			return RX_HANDLER_CONSUMED; /* consumed by filter */
  		} else {
-@@ -219,7 +230,7 @@ forward:
+@@ -219,7 +219,7 @@ forward:
  		if (!compare_ether_addr(p->br->dev->dev_addr, dest))
  			skb->pkt_type = PACKET_HOST;
  
@@ -47,9 +29,9 @@
  	default:
 --- a/net/bridge/br_netfilter.c
 +++ b/net/bridge/br_netfilter.c
-@@ -62,6 +62,11 @@ static int brnf_filter_pppoe_tagged __re
- #define brnf_filter_pppoe_tagged 0
- #endif
+@@ -71,6 +71,11 @@ static int brnf_filter_pppoe_tagged __re
+ #define IS_ARP(skb) \
+ 	(!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
  
 +bool br_netfilter_run_hooks(void)
 +{
@@ -61,7 +43,7 @@
  	if (vlan_tx_tag_present(skb))
 --- a/net/bridge/br_private.h
 +++ b/net/bridge/br_private.h
-@@ -492,10 +492,12 @@ static inline bool br_multicast_is_route
+@@ -492,12 +492,25 @@ static inline bool br_multicast_is_route
  extern int br_netfilter_init(void);
  extern void br_netfilter_fini(void);
  extern void br_netfilter_rtable_init(struct net_bridge *);
@@ -73,4 +55,68 @@
 +#define br_netfilter_run_hooks()	false
  #endif
  
++static inline int
++BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
++	struct net_device *in, struct net_device *out,
++	int (*okfn)(struct sk_buff *))
++{
++	if (!br_netfilter_run_hooks())
++		return okfn(skb);
++
++	return NF_HOOK(pf, hook, skb, in, out, okfn);
++}
++
  /* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+ 
+ int br_forward_finish(struct sk_buff *skb)
+ {
+-	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+ 		       br_dev_queue_push_xmit);
+ 
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+ 		return;
+ 	}
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 		br_forward_finish);
+ }
+ 
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+ 	skb->dev = to->dev;
+ 	skb_forward_csum(skb);
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+ 		br_forward_finish);
+ }
+ 
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st
+ 	if (port) {
+ 		__skb_push(skb, sizeof(struct ethhdr));
+ 		skb->dev = port->dev;
+-		NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++		BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 			dev_queue_xmit);
+ 	} else
+ 		netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+ 
+ 	skb_reset_mac_header(skb);
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 		dev_queue_xmit);
+ }
+
author	nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2012-03-16 09:21:59 +0000
committer	nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2012-03-16 09:21:59 +0000
commit	e2f9a07f36024868f2d8d413a27401952556ae4a (patch)
tree	56b93738eac1bded588de4801121ddc93040b182 /target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
parent	a2e617077c8ad32460b343d7b88696a2c02fc239 (diff)