kernel: optimize out remaining netfilter hooks in the bridging code if bridge filtering is disabled

SVN-Revision: 30954

target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch

@@ -14,7 +14,7 @@
  	if (vlan_tx_tag_present(skb))
 --- a/net/bridge/br_private.h
 +++ b/net/bridge/br_private.h
-@@ -491,10 +491,12 @@ static inline bool br_multicast_is_route
+@@ -491,12 +491,25 @@ static inline bool br_multicast_is_route
  extern int br_netfilter_init(void);
  extern void br_netfilter_fini(void);
  extern void br_netfilter_rtable_init(struct net_bridge *);
@@ -26,13 +26,6 @@
 +#define br_netfilter_run_hooks()	false
  #endif
  
- /* br_stp.c */
---- a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = { 
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
- 
 +static inline int
 +BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
 +	struct net_device *in, struct net_device *out,
@@ -44,10 +37,12 @@
 +	return NF_HOOK(pf, hook, skb, in, out, okfn);
 +}
 +
- static int br_pass_frame_up(struct sk_buff *skb)
- {
- 	struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+ /* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
  	indev = skb->dev;
  	skb->dev = brdev;
  
@@ -56,7 +51,7 @@
  		       netif_receive_skb);
  }
  
-@@ -199,7 +210,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -199,7 +199,7 @@ rx_handler_result_t br_handle_frame(stru
  		}
  
  		/* Deliver packet to local host only */
@@ -65,7 +60,7 @@
  			    NULL, br_handle_local_finish)) {
  			return RX_HANDLER_CONSUMED; /* consumed by filter */
  		} else {
-@@ -224,7 +235,7 @@ forward:
+@@ -224,7 +224,7 @@ forward:
  		if (!compare_ether_addr(p->br->dev->dev_addr, dest))
  			skb->pkt_type = PACKET_HOST;
  
@@ -74,3 +69,54 @@
  			br_handle_frame_finish);
  		break;
  	default:
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+ 
+ int br_forward_finish(struct sk_buff *skb)
+ {
+-	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+ 		       br_dev_queue_push_xmit);
+ 
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+ 		return;
+ 	}
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 		br_forward_finish);
+ }
+ 
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+ 	skb->dev = to->dev;
+ 	skb_forward_csum(skb);
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+ 		br_forward_finish);
+ }
+ 
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -824,7 +824,7 @@ static void __br_multicast_send_query(st
+ 	if (port) {
+ 		__skb_push(skb, sizeof(struct ethhdr));
+ 		skb->dev = port->dev;
+-		NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++		BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 			dev_queue_xmit);
+ 	} else
+ 		netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+ 
+ 	skb_reset_mac_header(skb);
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 		dev_queue_xmit);
+ }
+ 

target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch

@@ -1,24 +1,6 @@
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
-@@ -26,6 +26,17 @@ const u8 br_group_address[ETH_ALEN] = { 
- br_should_route_hook_t __rcu *br_should_route_hook __read_mostly;
- EXPORT_SYMBOL(br_should_route_hook);
- 
-+static inline int
-+BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
-+	struct net_device *in, struct net_device *out,
-+	int (*okfn)(struct sk_buff *))
-+{
-+	if (!br_netfilter_run_hooks())
-+		return okfn(skb);
-+
-+	return NF_HOOK(pf, hook, skb, in, out, okfn);
-+}
-+
- static int br_pass_frame_up(struct sk_buff *skb)
- {
- 	struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
-@@ -40,7 +51,7 @@ static int br_pass_frame_up(struct sk_bu
+@@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu
  	indev = skb->dev;
  	skb->dev = brdev;
  
@@ -27,7 +9,7 @@
  		       netif_receive_skb);
  }
  
-@@ -194,7 +205,7 @@ rx_handler_result_t br_handle_frame(stru
+@@ -194,7 +194,7 @@ rx_handler_result_t br_handle_frame(stru
  		}
  
  		/* Deliver packet to local host only */
@@ -36,7 +18,7 @@
  			    NULL, br_handle_local_finish)) {
  			return RX_HANDLER_CONSUMED; /* consumed by filter */
  		} else {
-@@ -219,7 +230,7 @@ forward:
+@@ -219,7 +219,7 @@ forward:
  		if (!compare_ether_addr(p->br->dev->dev_addr, dest))
  			skb->pkt_type = PACKET_HOST;
  
@@ -47,9 +29,9 @@
  	default:
 --- a/net/bridge/br_netfilter.c
 +++ b/net/bridge/br_netfilter.c
-@@ -62,6 +62,11 @@ static int brnf_filter_pppoe_tagged __re
- #define brnf_filter_pppoe_tagged 0
- #endif
+@@ -71,6 +71,11 @@ static int brnf_filter_pppoe_tagged __re
+ #define IS_ARP(skb) \
+ 	(!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
  
 +bool br_netfilter_run_hooks(void)
 +{
@@ -61,7 +43,7 @@
  	if (vlan_tx_tag_present(skb))
 --- a/net/bridge/br_private.h
 +++ b/net/bridge/br_private.h
-@@ -492,10 +492,12 @@ static inline bool br_multicast_is_route
+@@ -492,12 +492,25 @@ static inline bool br_multicast_is_route
  extern int br_netfilter_init(void);
  extern void br_netfilter_fini(void);
  extern void br_netfilter_rtable_init(struct net_bridge *);
@@ -73,4 +55,68 @@
 +#define br_netfilter_run_hooks()	false
  #endif
  
++static inline int
++BR_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,
++	struct net_device *in, struct net_device *out,
++	int (*okfn)(struct sk_buff *))
++{
++	if (!br_netfilter_run_hooks())
++		return okfn(skb);
++
++	return NF_HOOK(pf, hook, skb, in, out, okfn);
++}
++
  /* br_stp.c */
+ extern void br_log_state(const struct net_bridge_port *p);
+ extern struct net_bridge_port *br_get_port(struct net_bridge *br,
+--- a/net/bridge/br_forward.c
++++ b/net/bridge/br_forward.c
+@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf
+ 
+ int br_forward_finish(struct sk_buff *skb)
+ {
+-	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
++	return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
+ 		       br_dev_queue_push_xmit);
+ 
+ }
+@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne
+ 		return;
+ 	}
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 		br_forward_finish);
+ }
+ 
+@@ -91,7 +91,7 @@ static void __br_forward(const struct ne
+ 	skb->dev = to->dev;
+ 	skb_forward_csum(skb);
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
+ 		br_forward_finish);
+ }
+ 
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st
+ 	if (port) {
+ 		__skb_push(skb, sizeof(struct ethhdr));
+ 		skb->dev = port->dev;
+-		NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++		BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 			dev_queue_xmit);
+ 	} else
+ 		netif_rx(skb);
+--- a/net/bridge/br_stp_bpdu.c
++++ b/net/bridge/br_stp_bpdu.c
+@@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid
+ 
+ 	skb_reset_mac_header(skb);
+ 
+-	NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
++	BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
+ 		dev_queue_xmit);
+ }
+