On Fri, 07 Jan 2005 22:27:21 +0100 Bart De Schuymer <bdschuym@xxxxxxxxxx> wrote: > How about something like the patch below (untested but compiles)? > The current netfilter scheme adds one function call to the call chain > for each NF_HOOK and NF_HOOK_THRESH. This can be prevented by executing > the okfn in the calling function instead of in nf_hook_slow(). > I didn't check if there's any code that actually uses the return value > from NF_HOOK. If so, this patch won't work well in its current form as - > EPERM is now also returned for NF_QUEUE and NF_STOLEN. > > Another 2 calls of okfn can be postponed in br_netfilter.c by adding > NF_STOP, which would work like NF_STOLEN except that okfn is still > called. But I'd first like to get the IPv4/IPv6 fix for br_netfilter.c > accepted (see another thread on netdev). I believe I put in your ipv4/ipv6 br_netfilter fix already. This NF_HOOK() change looks interesting. Could we also do something like running the deeper ->hard_start_xmit() via a triggered tasklet or something similar?
