kernel: optimize out remaining netfilter hooks in the bridging code if bridge filteri...
authorFelix Fietkau <nbd@openwrt.org>
Fri, 16 Mar 2012 09:21:59 +0000 (09:21 +0000)
committerFelix Fietkau <nbd@openwrt.org>
Fri, 16 Mar 2012 09:21:59 +0000 (09:21 +0000)
SVN-Revision: 30954

target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch
target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch

index 835d18d..06b05f8 100644 (file)
@@ -14,7 +14,7 @@
        if (vlan_tx_tag_present(skb))
 --- a/net/bridge/br_private.h
 +++ b/net/bridge/br_private.h
-@@ -491,10 +491,12 @@ static inline bool br_multicast_is_route
+@@ -491,12 +491,25 @@ static inline bool br_multicast_is_route
  extern int br_netfilter_init(void);
  extern void br_netfilter_fini(void);
  extern void br_netfilter_rtable_init(struct net_bridge *);
 +#define br_netfilter_run_hooks()      false
  #endif
  
- /* br_stp.c */
---- a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = { 
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
 +static inline int
 +BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
 +      struct net_device *in, struct net_device *out,
 +      return NF_HOOK(pf, hook, skb, in, out, okfn);
 +}
 +
- static int br_pass_frame_up(struct sk_buff *skb)
- {
-       struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+ /* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
        indev = skb->dev;
        skb->dev = brdev;
  
@@ -56,7 +51,7 @@
                       netif_receive_skb);
  }
  
-@@ -199,7 +210,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -199,7 +199,7 @@ rx_handler_result_t br_handle_frame(stru
                }
  
                /* Deliver packet to local host only */
@@ -65,7 +60,7 @@
                            NULL, br_handle_local_finish)) {
                        return RX_HANDLER_CONSUMED; /* consumed by filter */
                } else {
-@@ -224,7 +235,7 @@ forward:
+@@ -224,7 +224,7 @@ forward:
                if (!compare_ether_addr(p->br->dev->dev_addr, dest))
                        skb->pkt_type = PACKET_HOST;
  
                        br_handle_frame_finish);
                break;
        default:
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+ int br_forward_finish(struct sk_buff *skb)
+ {
+-      return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++      return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+                      br_dev_queue_push_xmit);
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+               return;
+       }
+-      NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++      BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+               br_forward_finish);
+ }
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+       skb->dev = to->dev;
+       skb_forward_csum(skb);
+-      NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++      BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+               br_forward_finish);
+ }
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -824,7 +824,7 @@ static void __br_multicast_send_query(st
+       if (port) {
+               __skb_push(skb, sizeof(struct ethhdr));
+               skb->dev = port->dev;
+-              NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++              BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+                       dev_queue_xmit);
+       } else
+               netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+       skb_reset_mac_header(skb);
+-      NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++      BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+               dev_queue_xmit);
+ }
index c2c3827..af793ee 100644 (file)
@@ -1,24 +1,6 @@
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = { 
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
-+static inline int
-+BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
-+      struct net_device *in, struct net_device *out,
-+      int (*okfn)(struct sk_buff *))
-+{
-+      if (!br_netfilter_run_hooks())
-+              return okfn(skb);
-+
-+      return NF_HOOK(pf, hook, skb, in, out, okfn);
-+}
-+
- static int br_pass_frame_up(struct sk_buff *skb)
- {
-       struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
        indev = skb->dev;
        skb->dev = brdev;
  
@@ -27,7 +9,7 @@
                       netif_receive_skb);
  }
  
-@@ -194,7 +205,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -194,7 +194,7 @@ rx_handler_result_t br_handle_frame(stru
                }
  
                /* Deliver packet to local host only */
@@ -36,7 +18,7 @@
                            NULL, br_handle_local_finish)) {
                        return RX_HANDLER_CONSUMED; /* consumed by filter */
                } else {
-@@ -219,7 +230,7 @@ forward:
+@@ -219,7 +219,7 @@ forward:
                if (!compare_ether_addr(p->br->dev->dev_addr, dest))
                        skb->pkt_type = PACKET_HOST;
  
@@ -47,9 +29,9 @@
        default:
 --- a/net/bridge/br_netfilter.c
 +++ b/net/bridge/br_netfilter.c
-@@ -62,6 +62,11 @@ static int brnf_filter_pppoe_tagged __re
- #define brnf_filter_pppoe_tagged 0
- #endif
+@@ -71,6 +71,11 @@ static int brnf_filter_pppoe_tagged __re
+ #define IS_ARP(skb) \
+       (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
  
 +bool br_netfilter_run_hooks(void)
 +{
@@ -61,7 +43,7 @@
        if (vlan_tx_tag_present(skb))
 --- a/net/bridge/br_private.h
 +++ b/net/bridge/br_private.h
-@@ -492,10 +492,12 @@ static inline bool br_multicast_is_route
+@@ -492,12 +492,25 @@ static inline bool br_multicast_is_route
  extern int br_netfilter_init(void);
  extern void br_netfilter_fini(void);
  extern void br_netfilter_rtable_init(struct net_bridge *);
 +#define br_netfilter_run_hooks()      false
  #endif
  
++static inline int
++BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
++      struct net_device *in, struct net_device *out,
++      int (*okfn)(struct sk_buff *))
++{
++      if (!br_netfilter_run_hooks())
++              return okfn(skb);
++
++      return NF_HOOK(pf, hook, skb, in, out, okfn);
++}
++
  /* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+ int br_forward_finish(struct sk_buff *skb)
+ {
+-      return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++      return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+                      br_dev_queue_push_xmit);
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+               return;
+       }
+-      NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++      BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+               br_forward_finish);
+ }
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+       skb->dev = to->dev;
+       skb_forward_csum(skb);
+-      NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++      BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+               br_forward_finish);
+ }
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st
+       if (port) {
+               __skb_push(skb, sizeof(struct ethhdr));
+               skb->dev = port->dev;
+-              NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++              BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+                       dev_queue_xmit);
+       } else
+               netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+       skb_reset_mac_header(skb);
+-      NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++      BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+               dev_queue_xmit);
+ }