Message ID | 536D4837.1090707@parallels.com |
---|---|
State | Superseded |
Headers | show |
Vasily Averin schreef op 9/05/2014 23:27: > > Signed-off-by: Vasily Averin <vvs@openvz.org> > --- > net/bridge/br_netfilter.c | 6 ++---- > 1 files changed, 2 insertions(+), 4 deletions(-) > > diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c > index 2b0dda80..cb75e80 100644 > --- a/net/bridge/br_netfilter.c > +++ b/net/bridge/br_netfilter.c > @@ -61,13 +61,11 @@ static struct brnf_net init_brnf_net = { > > #ifdef CONFIG_SYSCTL > static struct ctl_table_header *brnf_sysctl_header; > -static int brnf_call_iptables __read_mostly = 1; > static int brnf_call_ip6tables __read_mostly = 1; > static int brnf_filter_vlan_tagged __read_mostly = 0; > static int brnf_filter_pppoe_tagged __read_mostly = 0; > static int brnf_pass_vlan_indev __read_mostly = 0; > #else > -#define brnf_call_iptables 1 Your patch creates extra unneeded overhead in case CONFIG_SYSCTL isn't defined (a compile-time check of brnf_call_iptables is replaced by a runtime check of brnf_net(dev_net(skb->dev))->brnf_call_iptables). Please refactor to remove this extra overhead (for all flags). cheers, Bart -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 2b0dda80..cb75e80 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -61,13 +61,11 @@ static struct brnf_net init_brnf_net = { #ifdef CONFIG_SYSCTL static struct ctl_table_header *brnf_sysctl_header; -static int brnf_call_iptables __read_mostly = 1; static int brnf_call_ip6tables __read_mostly = 1; static int brnf_filter_vlan_tagged __read_mostly = 0; static int brnf_filter_pppoe_tagged __read_mostly = 0; static int brnf_pass_vlan_indev __read_mostly = 0; #else -#define brnf_call_iptables 1 #define brnf_call_ip6tables 1 #define brnf_filter_vlan_tagged 0 #define brnf_filter_pppoe_tagged 0 @@ -707,7 +705,7 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops, return br_nf_pre_routing_ipv6(ops, skb, in, out, okfn); } - if (!brnf_call_iptables && !br->nf_call_iptables) + if (!init_brnf_net.nf_call_iptables && !br->nf_call_iptables) return NF_ACCEPT; if (!IS_IP(skb) && !IS_VLAN_IP(skb) && !IS_PPPOE_IP(skb)) @@ -1032,7 +1030,7 @@ static struct ctl_table brnf_table[] = { }, { .procname = "bridge-nf-call-iptables", - .data = &brnf_call_iptables, + .data = &init_brnf_net.nf_call_iptables, .maxlen = sizeof(int), .mode = 0644, .proc_handler = brnf_sysctl_call_tables,
Signed-off-by: Vasily Averin <vvs@openvz.org> --- net/bridge/br_netfilter.c | 6 ++---- 1 files changed, 2 insertions(+), 4 deletions(-)