Thanks for updating this patch to use struct brnf_net.
A few comments below.
On Sun, Jun 09, 2019 at 06:23:04PM +0200, Christian Brauner wrote:
[...]
> diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h
> index 89808ce293c4..302fcd3aade2 100644
> --- a/include/net/netfilter/br_netfilter.h
> +++ b/include/net/netfilter/br_netfilter.h
> @@ -85,17 +82,42 @@ static inline __be16 vlan_proto(const struct sk_buff *skb)
> return 0;
> }
>
> -#define IS_VLAN_IP(skb) \
> - (vlan_proto(skb) == htons(ETH_P_IP) && \
> - brnf_filter_vlan_tagged)
> +static inline bool is_vlan_ip(const struct sk_buff *skb, const struct net *net)
> +{
I like this conversion from macro to static inline a lot.
But if you let me ask for one more change, would you split this in two
patches? One to replace #defines by static inline.
Then, second patch introduces the sysctl update you need.
It will make it easier for me to review.
[...]
> +static inline bool is_vlan_ipv6(const struct sk_buff *skb,
> + const struct net *net)
> +{
> +#ifdef CONFIG_SYSCTL
Probably we can reduce #ifdef pollution a bit if you always add
'filter_vlan_tagged' and other fields to the brnf_net structure. No
matter if CONFIG_SYSCTL is set on or off. I think it's worth consuming
a bit more memory to simplify this code, so both CONFIG_SYSCTL=y and
CONFIG_SYSCTL=n run the same codepath.
Most vendors will just turn on to CONFIG_SYSCTL=y, and I don't think
it's worth the extra code for the CONFIG_SYSCTL=n case.
> + struct brnf_net *brnet = net_generic(net, brnf_net_id);
> +
> + return (vlan_proto(skb) == htons(ETH_P_IPV6) &&
> + brnet->filter_vlan_tagged);
> +#else
> + return (vlan_proto(skb) == htons(ETH_P_IPV6));
BTW, I think parens are not needed, ie.
return vlan_proto(skb) == htons(ETH_P_IPV6);
should be fine?
Thanks!
