[OpenWrt-Devel] [PATCH] generic: Fix per interface nf_call_iptables setting

Sven Eckelmann sven at open-mesh.com
Thu Sep 3 08:12:34 EDT 2015

On Thursday 03 September 2015 13:31:32 Sven Eckelmann wrote:
> On Thursday 03 September 2015 12:52:07 Felix Fietkau wrote:
> [...]
> > Did your test have the ebtables modules loaded or not? If I remember
> > correctly, the patch you're removing was added mainly for the case where
> > CONFIG_BRIDGE_NETFILTER=y is set, but ebtables is not loaded.
> No, ebtables was not loaded.

To be a little more specific: Nothing was loaded which would enable the
real filter hooks. Otherwise the per bridge nf_call_iptables setting
would have worked even with this patch still being there and
net.bridge.bridge-nf-call-iptables set to 0.

Your br_netfilter_run_hooks check prevented the actual NF_HOOKs to run
and thus I would say that the patch was "active".

I don't say that your check was never working. Most likely it was
helping to increase the performance in the past (Linux 3.2 is over 3
years old). I haven't tested it but wouldn't wonder when it helped back

Kind regards,
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list