git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 21 Sep 2016 15:35:01 +0000 (11:35 -0400)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 24 Sep 2016 19:25:48 +0000 (21:25 +0200)
commit	b2c9c32de28e50238c9c9d6b27514cc28a64cd6c
tree	c5ffa93a950d60bdc5bc0690743c5bc806cd0904	tree \| snapshot
parent	44309c2513ddfd989fa4cd29c5d78cf51274b7a2	commit \| diff

netfilter: bridge: add and use br_nf_hook_thresh

This replaces the last uses of NF_HOOK_THRESH().
Followup patch will remove it and rename nf_hook_thresh.

The reason is that inet (non-bridge) netfilter no longer invokes the
hooks from hooks, so we do no longer need the thresh value to skip hooks
with a lower priority.

The bridge netfilter however may need to do this. br_nf_hook_thresh is a
wrapper that is supposed to do this, i.e. only call hooks with a
priority that exceeds NF_BR_PRI_BRNF.

It's used only in the recursion cases of br_netfilter. It invokes
nf_hook_slow while holding an rcu read-side critical section to make a
future cleanup simpler.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/br_netfilter.h		diff \| blob \| history
net/bridge/br_netfilter_hooks.c		diff \| blob \| history
net/bridge/br_netfilter_ipv6.c		diff \| blob \| history