Imre Palik <[email protected]> wrote: > On 02/11/15 23:29, David Miller wrote: > > If I apply this, someone is going to try to submit a patch for every > > damn protocol layer to add a stupid hack like this. > > Actually this is one of those patches. There is already a "stupid hack like > this" for iptables and arptables. (Implemented before git history, and > giving me 10% speedup. Many thanks, whoever did it.) > > I also searched various LKML archives, and it seems the existing "stupid > hacks" for iptables and arptables haven't resulted in any related patch > submission in the last ten years. (Or my google-fu is weak.) > > Moreover, I cannot imagine any other reasonable on/off switch for > bridge-netfilter than these three. Of course, my imagination might be > lacking there.
Why do you load the bridge netfilter module if you don't want it? Loading it registers the internal hooks for the call-ip(6)tables and sabotage hooks with NF_BRIDGE protocol so most of the NF_HOOK(NF_BRIDGE, ... calls become active. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
