[OpenWrt-Devel] [PATCH] generic: Fix per interface nf_call_iptables setting
Sven Eckelmann
sven at open-mesh.com
Thu Sep 3 08:12:34 EDT 2015
On Thursday 03 September 2015 13:31:32 Sven Eckelmann wrote:
> On Thursday 03 September 2015 12:52:07 Felix Fietkau wrote:
> [...]
> > Did your test have the ebtables modules loaded or not? If I remember
> > correctly, the patch you're removing was added mainly for the case where
> > CONFIG_BRIDGE_NETFILTER=y is set, but ebtables is not loaded.
>
> No, ebtables was not loaded.
To be a little more specific: Nothing was loaded which would enable the
real filter hooks. Otherwise the per bridge nf_call_iptables setting
would have worked even with this patch still being there and
net.bridge.bridge-nf-call-iptables set to 0.
Your br_netfilter_run_hooks check prevented the actual NF_HOOKs to run
and thus I would say that the patch was "active".
I don't say that your check was never working. Most likely it was
helping to increase the performance in the past (Linux 3.2 is over 3
years old). I haven't tested it but wouldn't wonder when it helped back
then.
Kind regards,
Sven
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list