summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-03-16 09:21:59 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-03-16 09:21:59 +0000
commite2f9a07f36024868f2d8d413a27401952556ae4a (patch)
tree56b93738eac1bded588de4801121ddc93040b182
parenta2e617077c8ad32460b343d7b88696a2c02fc239 (diff)
kernel: optimize out remaining netfilter hooks in the bridging code if bridge filtering is disabled
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30954 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch74
-rw-r--r--target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch96
2 files changed, 131 insertions, 39 deletions
diff --git a/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch b/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch
index 835d18dca8..06b05f8af9 100644
--- a/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch
+++ b/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch
@@ -14,7 +14,7 @@
if (vlan_tx_tag_present(skb))
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
-@@ -491,10 +491,12 @@ static inline bool br_multicast_is_route
+@@ -491,12 +491,25 @@ static inline bool br_multicast_is_route
extern int br_netfilter_init(void);
extern void br_netfilter_fini(void);
extern void br_netfilter_rtable_init(struct net_bridge *);
@@ -26,13 +26,6 @@
+#define br_netfilter_run_hooks() false
#endif
- /* br_stp.c */
---- a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = {
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
-
+static inline int
+BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
+ struct net_device *in, struct net_device *out,
@@ -44,10 +37,12 @@
+ return NF_HOOK(pf, hook, skb, in, out, okfn);
+}
+
- static int br_pass_frame_up(struct sk_buff *skb)
- {
- struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+ /* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
indev = skb->dev;
skb->dev = brdev;
@@ -56,7 +51,7 @@
netif_receive_skb);
}
-@@ -199,7 +210,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -199,7 +199,7 @@ rx_handler_result_t br_handle_frame(stru
}
/* Deliver packet to local host only */
@@ -65,7 +60,7 @@
NULL, br_handle_local_finish)) {
return RX_HANDLER_CONSUMED; /* consumed by filter */
} else {
-@@ -224,7 +235,7 @@ forward:
+@@ -224,7 +224,7 @@ forward:
if (!compare_ether_addr(p->br->dev->dev_addr, dest))
skb->pkt_type = PACKET_HOST;
@@ -74,3 +69,54 @@
br_handle_frame_finish);
break;
default:
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+
+ int br_forward_finish(struct sk_buff *skb)
+ {
+- return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++ return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+ br_dev_queue_push_xmit);
+
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+ return;
+ }
+
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ br_forward_finish);
+ }
+
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+ skb->dev = to->dev;
+ skb_forward_csum(skb);
+
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+ br_forward_finish);
+ }
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -824,7 +824,7 @@ static void __br_multicast_send_query(st
+ if (port) {
+ __skb_push(skb, sizeof(struct ethhdr));
+ skb->dev = port->dev;
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ dev_queue_xmit);
+ } else
+ netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+
+ skb_reset_mac_header(skb);
+
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ dev_queue_xmit);
+ }
+
diff --git a/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch b/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
index c2c38271db..af793ee830 100644
--- a/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
+++ b/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch
@@ -1,24 +1,6 @@
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = {
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
-
-+static inline int
-+BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
-+ struct net_device *in, struct net_device *out,
-+ int (*okfn)(struct sk_buff *))
-+{
-+ if (!br_netfilter_run_hooks())
-+ return okfn(skb);
-+
-+ return NF_HOOK(pf, hook, skb, in, out, okfn);
-+}
-+
- static int br_pass_frame_up(struct sk_buff *skb)
- {
- struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
indev = skb->dev;
skb->dev = brdev;
@@ -27,7 +9,7 @@
netif_receive_skb);
}
-@@ -194,7 +205,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -194,7 +194,7 @@ rx_handler_result_t br_handle_frame(stru
}
/* Deliver packet to local host only */
@@ -36,7 +18,7 @@
NULL, br_handle_local_finish)) {
return RX_HANDLER_CONSUMED; /* consumed by filter */
} else {
-@@ -219,7 +230,7 @@ forward:
+@@ -219,7 +219,7 @@ forward:
if (!compare_ether_addr(p->br->dev->dev_addr, dest))
skb->pkt_type = PACKET_HOST;
@@ -47,9 +29,9 @@
default:
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
-@@ -62,6 +62,11 @@ static int brnf_filter_pppoe_tagged __re
- #define brnf_filter_pppoe_tagged 0
- #endif
+@@ -71,6 +71,11 @@ static int brnf_filter_pppoe_tagged __re
+ #define IS_ARP(skb) \
+ (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
+bool br_netfilter_run_hooks(void)
+{
@@ -61,7 +43,7 @@
if (vlan_tx_tag_present(skb))
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
-@@ -492,10 +492,12 @@ static inline bool br_multicast_is_route
+@@ -492,12 +492,25 @@ static inline bool br_multicast_is_route
extern int br_netfilter_init(void);
extern void br_netfilter_fini(void);
extern void br_netfilter_rtable_init(struct net_bridge *);
@@ -73,4 +55,68 @@
+#define br_netfilter_run_hooks() false
#endif
++static inline int
++BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
++ struct net_device *in, struct net_device *out,
++ int (*okfn)(struct sk_buff *))
++{
++ if (!br_netfilter_run_hooks())
++ return okfn(skb);
++
++ return NF_HOOK(pf, hook, skb, in, out, okfn);
++}
++
/* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+
+ int br_forward_finish(struct sk_buff *skb)
+ {
+- return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++ return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+ br_dev_queue_push_xmit);
+
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+ return;
+ }
+
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ br_forward_finish);
+ }
+
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+ skb->dev = to->dev;
+ skb_forward_csum(skb);
+
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+ br_forward_finish);
+ }
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st
+ if (port) {
+ __skb_push(skb, sizeof(struct ethhdr));
+ skb->dev = port->dev;
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ dev_queue_xmit);
+ } else
+ netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+
+ skb_reset_mac_header(skb);
+
+- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ dev_queue_xmit);
+ }
+