diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-06-17 16:14:54 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-02-10 11:50:47 -0500 |
| commit | e3eaa9910b380530cfd2c0670fcd3f627674da8a (patch) | |
| tree | 309e522e78f78149ec3cb99ffc386d1b72415a96 /include | |
| parent | 2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (diff) | |
netfilter: xtables: generate initial table on-demand
The static initial tables are pretty large, and after the net
namespace has been instantiated, they just hang around for nothing.
This commit removes them and creates tables on-demand at runtime when
needed.
Size shrinks by 7735 bytes (x86_64).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index f2336523a9df..0b33980611b2 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
| @@ -258,6 +258,7 @@ struct arpt_error { | |||
| 258 | .target.errorname = "ERROR", \ | 258 | .target.errorname = "ERROR", \ |
| 259 | } | 259 | } |
| 260 | 260 | ||
| 261 | extern void *arpt_alloc_initial_table(const struct xt_table *); | ||
| 261 | extern struct xt_table *arpt_register_table(struct net *net, | 262 | extern struct xt_table *arpt_register_table(struct net *net, |
| 262 | const struct xt_table *table, | 263 | const struct xt_table *table, |
| 263 | const struct arpt_replace *repl); | 264 | const struct arpt_replace *repl); |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 8d1f273d350b..364973b42133 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -282,6 +282,7 @@ struct ipt_error { | |||
| 282 | .target.errorname = "ERROR", \ | 282 | .target.errorname = "ERROR", \ |
| 283 | } | 283 | } |
| 284 | 284 | ||
| 285 | extern void *ipt_alloc_initial_table(const struct xt_table *); | ||
| 285 | extern unsigned int ipt_do_table(struct sk_buff *skb, | 286 | extern unsigned int ipt_do_table(struct sk_buff *skb, |
| 286 | unsigned int hook, | 287 | unsigned int hook, |
| 287 | const struct net_device *in, | 288 | const struct net_device *in, |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index d2952d2fa658..8031eb486a10 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -297,6 +297,7 @@ ip6t_get_target(struct ip6t_entry *e) | |||
| 297 | #include <linux/init.h> | 297 | #include <linux/init.h> |
| 298 | extern void ip6t_init(void) __init; | 298 | extern void ip6t_init(void) __init; |
| 299 | 299 | ||
| 300 | extern void *ip6t_alloc_initial_table(const struct xt_table *); | ||
| 300 | extern struct xt_table *ip6t_register_table(struct net *net, | 301 | extern struct xt_table *ip6t_register_table(struct net *net, |
| 301 | const struct xt_table *table, | 302 | const struct xt_table *table, |
| 302 | const struct ip6t_replace *repl); | 303 | const struct ip6t_replace *repl); |