target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch

   1 --- a/net/bridge/br_netfilter.c
   2 +++ b/net/bridge/br_netfilter.c
   3 @@ -62,6 +62,15 @@ static int brnf_filter_pppoe_tagged __re
   4  #define brnf_filter_pppoe_tagged 0
   5  #endif
   6
   7 +int brnf_call_ebtables __read_mostly = 0;
   8 +EXPORT_SYMBOL_GPL(brnf_call_ebtables);
   9 +
  10 +bool br_netfilter_run_hooks(void)
  11 +{
  12 +       return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables |
  13 +              brnf_call_ebtables;
  14 +}
  15 +
  16  static inline __be16 vlan_proto(const struct sk_buff *skb)
  17  {
  18         if (vlan_tx_tag_present(skb))
  19 --- a/net/bridge/br_private.h
  20 +++ b/net/bridge/br_private.h
  21 @@ -488,15 +488,29 @@ static inline bool br_multicast_is_route
  22
  23  /* br_netfilter.c */
  24  #ifdef CONFIG_BRIDGE_NETFILTER
  25 +extern int brnf_call_ebtables;
  26  extern int br_netfilter_init(void);
  27  extern void br_netfilter_fini(void);
  28  extern void br_netfilter_rtable_init(struct net_bridge *);
  29 +extern bool br_netfilter_run_hooks(void);
  30  #else
  31  #define br_netfilter_init()    (0)
  32  #define br_netfilter_fini()    do { } while(0)
  33  #define br_netfilter_rtable_init(x)
  34 +#define br_netfilter_run_hooks()       false
  35  #endif
  36
  37 +static inline int
  38 +BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
  39 +       struct net_device *in, struct net_device *out,
  40 +       int (*okfn)(struct sk_buff *))
  41 +{
  42 +       if (!br_netfilter_run_hooks())
  43 +               return okfn(skb);
  44 +
  45 +       return NF_HOOK(pf, hook, skb, in, out, okfn);
  46 +}
  47 +
  48  /* br_stp.c */
  49  extern void br_log_state(const struct net_bridge_port *p);
  50  extern struct net_bridge_port *br_get_port(struct net_bridge *br,
  51 --- a/net/bridge/br_input.c
  52 +++ b/net/bridge/br_input.c
  53 @@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
  54         indev = skb->dev;
  55         skb->dev = brdev;
  56
  57 -       return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL,
  58 +       return BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL,
  59                        netif_receive_skb);
  60  }
  61
  62 @@ -199,7 +199,7 @@ rx_handler_result_t br_handle_frame(stru
  63                 }
  64
  65                 /* Deliver packet to local host only */
  66 -               if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
  67 +               if (BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
  68                             NULL, br_handle_local_finish)) {
  69                         return RX_HANDLER_CONSUMED; /* consumed by filter */
  70                 } else {
  71 @@ -224,7 +224,7 @@ forward:
  72                 if (!compare_ether_addr(p->br->dev->dev_addr, dest))
  73                         skb->pkt_type = PACKET_HOST;
  74
  75 -               NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
  76 +               BR_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
  77                         br_handle_frame_finish);
  78                 break;
  79         default:
  80 --- a/net/bridge/br_forward.c
  81 +++ b/net/bridge/br_forward.c
  82 @@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
  83
  84  int br_forward_finish(struct sk_buff *skb)
  85  {
  86 -       return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
  87 +       return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
  88                        br_dev_queue_push_xmit);
  89
  90  }
  91 @@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
  92                 return;
  93         }
  94
  95 -       NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
  96 +       BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
  97                 br_forward_finish);
  98  }
  99
 100 @@ -91,7 +91,7 @@ static void __br_forward(const struct ne
 101         skb->dev = to->dev;
 102         skb_forward_csum(skb);
 103
 104 -       NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
 105 +       BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
 106                 br_forward_finish);
 107  }
 108
 109 --- a/net/bridge/br_multicast.c
 110 +++ b/net/bridge/br_multicast.c
 111 @@ -827,7 +827,7 @@ static void __br_multicast_send_query(st
 112         if (port) {
 113                 __skb_push(skb, sizeof(struct ethhdr));
 114                 skb->dev = port->dev;
 115 -               NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
 116 +               BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
 117                         dev_queue_xmit);
 118         } else
 119                 netif_rx(skb);
 120 --- a/net/bridge/br_stp_bpdu.c
 121 +++ b/net/bridge/br_stp_bpdu.c
 122 @@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
 123
 124         skb_reset_mac_header(skb);
 125
 126 -       NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
 127 +       BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
 128                 dev_queue_xmit);
 129  }
 130
 131 --- a/net/bridge/netfilter/ebtables.c
 132 +++ b/net/bridge/netfilter/ebtables.c
 133 @@ -2399,11 +2399,13 @@ static int __init ebtables_init(void)
 134         }
 135
 136         printk(KERN_INFO "Ebtables v2.0 registered\n");
 137 +       brnf_call_ebtables = 1;
 138         return 0;
 139  }
 140
 141  static void __exit ebtables_fini(void)
 142  {
 143 +       brnf_call_ebtables = 0;
 144         nf_unregister_sockopt(&ebt_sockopts);
 145         xt_unregister_target(&ebt_standard_target);
 146         printk(KERN_INFO "Ebtables v2.0 unregistered\n");