diff options
author | Florian Westphal <fw@strlen.de> | 2015-07-14 17:51:09 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-07-15 18:18:06 +0200 |
commit | dcebd3153e0a7749bb054ab73fa4e1ca33e9d3f9 (patch) | |
tree | b962b7b1bca5b3c8272781c991a9878fdfe4e880 /net/ipv4 | |
parent | 7814b6ec6d0d63444abdb49554166c8cfcbd063e (diff) | |
download | op-kernel-dev-dcebd3153e0a7749bb054ab73fa4e1ca33e9d3f9.zip op-kernel-dev-dcebd3153e0a7749bb054ab73fa4e1ca33e9d3f9.tar.gz |
netfilter: add and use jump label for xt_tee
Don't bother testing if we need to switch to alternate stack
unless TEE target is used.
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index a2e4b01..ff585bd 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -340,7 +340,8 @@ ipt_do_table(struct sk_buff *skb, * For recursion via REJECT or SYNPROXY the stack will be clobbered * but it is no problem since absolute verdict is issued by these. */ - jumpstack += private->stacksize * __this_cpu_read(nf_skb_duplicated); + if (static_key_false(&xt_tee_enabled)) + jumpstack += private->stacksize * __this_cpu_read(nf_skb_duplicated); e = get_entry(table_base, private->hook_entry[hook]); |