--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
-@@ -57,7 +57,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+@@ -53,7 +53,7 @@ EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit
int br_forward_finish(struct sk_buff *skb)
{
br_dev_queue_push_xmit);
}
-@@ -80,7 +80,7 @@ static void __br_deliver(const struct ne
+@@ -77,7 +77,7 @@ static void __br_deliver(const struct ne
return;
}
br_forward_finish);
}
-@@ -101,7 +101,7 @@ static void __br_forward(const struct ne
+@@ -98,7 +98,7 @@ static void __br_forward(const struct ne
skb->dev = to->dev;
skb_forward_csum(skb);
netif_receive_skb);
}
-@@ -214,7 +214,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -219,7 +219,7 @@ rx_handler_result_t br_handle_frame(stru
}
/* Deliver packet to local host only */
NULL, br_handle_local_finish)) {
return RX_HANDLER_CONSUMED; /* consumed by filter */
} else {
-@@ -229,7 +229,7 @@ forward:
+@@ -234,7 +234,7 @@ forward:
if (ether_addr_equal(p->br->dev->dev_addr, dest))
skb->pkt_type = PACKET_HOST;
br_handle_local_finish))
break;
-@@ -251,7 +251,7 @@ forward:
+@@ -256,7 +256,7 @@ forward:
if (ether_addr_equal(p->br->dev->dev_addr, dest))
skb->pkt_type = PACKET_HOST;
default:
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
-@@ -802,7 +802,7 @@ static void __br_multicast_send_query(st
+@@ -814,7 +814,7 @@ static void __br_multicast_send_query(st
+
if (port) {
- __skb_push(skb, sizeof(struct ethhdr));
skb->dev = port->dev;
- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
- dev_queue_xmit);
- } else
- netif_rx(skb);
+ br_dev_queue_push_xmit);
+ } else {
+ br_multicast_select_own_querier(br, ip, skb);
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -73,6 +73,15 @@ static int brnf_pass_vlan_indev __read_m
if (vlan_tx_tag_present(skb))
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
-@@ -724,15 +724,29 @@ static inline u16 br_get_pvid(const stru
+@@ -778,6 +778,24 @@ static inline void br_nf_core_fini(void)
+ #define br_netfilter_rtable_init(x)
+ #endif
- /* br_netfilter.c */
- #ifdef CONFIG_BRIDGE_NETFILTER
++#if IS_BUILTIN(CONFIG_BRIDGE_NETFILTER)
+extern int brnf_call_ebtables;
- int br_netfilter_init(void);
- void br_netfilter_fini(void);
- void br_netfilter_rtable_init(struct net_bridge *);
+bool br_netfilter_run_hooks(void);
- #else
- #define br_netfilter_init() (0)
- #define br_netfilter_fini() do { } while (0)
- #define br_netfilter_rtable_init(x)
++#else
+#define br_netfilter_run_hooks() false
- #endif
-
++#endif
++
+static inline int
+BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
+ struct net_device *in, struct net_device *out,
+
/* br_stp.c */
void br_log_state(const struct net_bridge_port *p);
- struct net_bridge_port *br_get_port(struct net_bridge *br, u16 port_no);
+ void br_set_state(struct net_bridge_port *p, unsigned int state);
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -54,7 +54,7 @@ static void br_send_bpdu(struct net_brid
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
-@@ -2405,11 +2405,13 @@ static int __init ebtables_init(void)
+@@ -2414,11 +2414,19 @@ static int __init ebtables_init(void)
}
printk(KERN_INFO "Ebtables v2.0 registered\n");
++
++#if IS_BUILTIN(CONFIG_BRIDGE_NETFILTER)
+ brnf_call_ebtables = 1;
++#endif
++
return 0;
}
static void __exit ebtables_fini(void)
{
++#if IS_BUILTIN(CONFIG_BRIDGE_NETFILTER)
+ brnf_call_ebtables = 0;
++#endif
nf_unregister_sockopt(&ebt_sockopts);
xt_unregister_target(&ebt_standard_target);
printk(KERN_INFO "Ebtables v2.0 unregistered\n");
+--- a/net/Kconfig
++++ b/net/Kconfig
+@@ -177,11 +177,11 @@ config NETFILTER_ADVANCED
+ If unsure, say Y.
+
+ config BRIDGE_NETFILTER
+- tristate "Bridged IP/ARP packets filtering"
++ bool "Bridged IP/ARP packets filtering"
+ depends on BRIDGE
+ depends on NETFILTER && INET
+ depends on NETFILTER_ADVANCED
+- default m
++ default y
+ ---help---
+ Enabling this option will let arptables resp. iptables see bridged
+ ARP resp. IP traffic. If you want a bridging firewall, you probably