aboutsummaryrefslogtreecommitdiff
path: root/include/linux/netfilter_ipv4
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-06-17 22:14:54 +0200
committerJan Engelhardt <jengelh@medozas.de>2010-02-10 17:50:47 +0100
commite3eaa9910b380530cfd2c0670fcd3f627674da8a (patch)
tree309e522e78f78149ec3cb99ffc386d1b72415a96 /include/linux/netfilter_ipv4
parent2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (diff)
netfilter: xtables: generate initial table on-demand
The static initial tables are pretty large, and after the net namespace has been instantiated, they just hang around for nothing. This commit removes them and creates tables on-demand at runtime when needed. Size shrinks by 7735 bytes (x86_64). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'include/linux/netfilter_ipv4')
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 8d1f273d350..364973b4213 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -282,6 +282,7 @@ struct ipt_error {
.target.errorname = "ERROR", \
}
+extern void *ipt_alloc_initial_table(const struct xt_table *);
extern unsigned int ipt_do_table(struct sk_buff *skb,
unsigned int hook,
const struct net_device *in,