forked from Minki/linux
netfilter: ingress: don't use nf_hook_list_active
nf_hook_list_active() always returns true once at least one device has NF_INGRESS hook enabled. Thus, don't use this function. Instead, inverse the test and use the static key to elide list_empty test if no NF_INGRESS hooks are active. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
212cd08953
commit
61b590b9ee
|
@ -5,10 +5,13 @@
|
|||
#include <linux/netdevice.h>
|
||||
|
||||
#ifdef CONFIG_NETFILTER_INGRESS
|
||||
static inline int nf_hook_ingress_active(struct sk_buff *skb)
|
||||
static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
|
||||
{
|
||||
return nf_hook_list_active(&skb->dev->nf_hooks_ingress,
|
||||
NFPROTO_NETDEV, NF_NETDEV_INGRESS);
|
||||
#ifdef HAVE_JUMP_LABEL
|
||||
if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS]))
|
||||
return false;
|
||||
#endif
|
||||
return !list_empty(&skb->dev->nf_hooks_ingress);
|
||||
}
|
||||
|
||||
static inline int nf_hook_ingress(struct sk_buff *skb)
|
||||
|
|
Loading…
Reference in New Issue
Block a user