diff options
| author |   Florian Westphal <fw@strlen.de> | 2016-09-21 11:35:01 -0400 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-24 21:25:48 +0200 |
| commit | c5136b15ea364124299c8a9ba96b300e96061e3a (patch) | |
| tree | c5ffa93a950d60bdc5bc0690743c5bc806cd0904 /include/linux/netfilter.h | |
| parent | netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable (diff) | |
| download | wireguard-linux-c5136b15ea364124299c8a9ba96b300e96061e3a.tar.xz wireguard-linux-c5136b15ea364124299c8a9ba96b300e96061e3a.zip | |
netfilter: bridge: add and use br_nf_hook_thresh
This replaces the last uses of NF_HOOK_THRESH().
Followup patch will remove it and rename nf_hook_thresh.
The reason is that inet (non-bridge) netfilter no longer invokes the
hooks from hooks, so we do no longer need the thresh value to skip hooks
with a lower priority.
The bridge netfilter however may need to do this. br_nf_hook_thresh is a
wrapper that is supposed to do this, i.e. only call hooks with a
priority that exceeds NF_BR_PRI_BRNF.
It's used only in the recursion cases of br_netfilter. It invokes
nf_hook_slow while holding an rcu read-side critical section to make a
future cleanup simpler.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/netfilter.h')
0 files changed, 0 insertions, 0 deletions