projects / cascardo / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f6c253) | patch
netfilter: don't call hooks unless needed
authorFlorian Westphal <fw@strlen.de>
Thu, 25 Feb 2016 09:08:38 +0000 (10:08 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 2 Mar 2016 19:05:26 +0000 (20:05 +0100)
commitaf4610c39589d839551da104f7da342d86f23ea0
treedd1aa462199737434bccc9b2f54cb8595d4e1407tree | snapshot
parent5f6c253ebe93b02dece01c6f58447f16b29f6dd3commit | diff
netfilter: don't call hooks unless needed

With the previous patches in place, a netns nf_hook_list might be empty,
even if e.g. init_net performs filtering.

Thus change nf_hook_thresh to check the hook_list as well before
initializing hook_state and calling nf_hook_slow().

We still make use of static keys; if no netfilter modules are loaded
list is guaranteed to be empty.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/netfilter.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.