I was looking at the build-time defined per-CPU variables in netfilter
and added the needed local-BH-locks in order to be able to remove the
current per-CPU lock in local_bh_disable() on PREMPT_RT.
NF wise nft_set_pipapo is missing but this requires some core changes so
I need to postspone it for now.
This has been split out of the networking series which was sent earlier.
Therefore the last patch (nf_dup_netdev) will likely clash with net-next
due to changes in include/linux/netdevice_xmit.h (both add an entry).
Sebastian Andrzej Siewior (3):
netfilter: nf_dup{4, 6}: Move duplication check to task_struct
netfilter: nft_inner: Use nested-BH locking for nft_pcpu_tun_ctx
netfilter: nf_dup_netdev: Move the recursion counter struct
netdev_xmit
include/linux/netdevice_xmit.h | 3 +++
include/linux/netfilter.h | 11 -----------
include/linux/sched.h | 1 +
net/ipv4/netfilter/ip_tables.c | 2 +-
net/ipv4/netfilter/nf_dup_ipv4.c | 6 +++---
net/ipv6/netfilter/ip6_tables.c | 2 +-
net/ipv6/netfilter/nf_dup_ipv6.c | 6 +++---
net/netfilter/core.c | 3 ---
net/netfilter/nf_dup_netdev.c | 22 ++++++++++++++++++----
net/netfilter/nft_inner.c | 18 +++++++++++++++---
10 files changed, 45 insertions(+), 29 deletions(-)
--
2.49.0
