diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-08-07 18:59:18 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-08-07 18:59:18 +0000 |
commit | 449950ea2465a6fa1809370575b1a3778a6644f6 (patch) | |
tree | 5f1516c7b8547f71d543d166c533fb8a156bf65b /target/linux/generic/patches-3.10 | |
parent | 580fa6ca22cd3baf63fa5893b170811a153590fc (diff) | |
download | upstream-449950ea2465a6fa1809370575b1a3778a6644f6.tar.gz upstream-449950ea2465a6fa1809370575b1a3778a6644f6.tar.bz2 upstream-449950ea2465a6fa1809370575b1a3778a6644f6.zip |
kernel: improve ipv4 netfilter optimization patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42045 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/generic/patches-3.10')
-rw-r--r-- | target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch index 3cf0e5a32d..2e0324345b 100644 --- a/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch @@ -34,33 +34,35 @@ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb, - ip = ip_hdr(skb); - indev = in ? in->name : nulldevname; - outdev = out ? out->name : nulldevname; -+ +@@ -331,9 +358,27 @@ ipt_do_table(struct sk_buff *skb, + unsigned int addend; + + /* Initialization */ + IP_NF_ASSERT(table->valid_hooks & (1 << hook)); + local_bh_disable(); -+ addend = xt_write_recseq_begin(); + private = table->private; + cpu = smp_processor_id(); + table_base = private->entries[cpu]; -+ jumpstack = (struct ipt_entry **)private->jumpstack[cpu]; -+ stackptr = per_cpu_ptr(private->stackptr, cpu); -+ origptr = *stackptr; -+ + e = get_entry(table_base, private->hook_entry[hook]); + if (ipt_handle_default_rule(e, &verdict)) { + ADD_COUNTER(e->counters, skb->len, 1); -+ xt_write_recseq_end(addend); + local_bh_enable(); + return verdict; + } + + ip = ip_hdr(skb); + indev = in ? in->name : nulldevname; + outdev = out ? out->name : nulldevname; ++ ++ addend = xt_write_recseq_begin(); ++ jumpstack = (struct ipt_entry **)private->jumpstack[cpu]; ++ stackptr = per_cpu_ptr(private->stackptr, cpu); ++ origptr = *stackptr; ++ /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated * normally, except that they will NEVER match rules that ask -@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb, +@@ -348,18 +393,6 @@ ipt_do_table(struct sk_buff *skb, acpar.family = NFPROTO_IPV4; acpar.hooknum = hook; |