netfilter: xtables: generate initial table on-demand

The static initial tables are pretty large, and after the net namespace has been instantiated, they just hang around for nothing. This commit removes them and creates tables on-demand at runtime when needed. Size shrinks by 7735 bytes (x86_64). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-06-17 22:14:54 +0200
committer: Jan Engelhardt <jengelh@medozas.de> 2010-02-10 17:50:47 +0100
commit: e3eaa9910b380530cfd2c0670fcd3f627674da8a (patch)
tree: 309e522e78f78149ec3cb99ffc386d1b72415a96 /net/ipv4/netfilter/ip_tables.c
parent: 2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (diff)
download: linux-e3eaa9910b380530cfd2c0670fcd3f627674da8a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 5bf7de1527a54e..2057b1bb617823 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -28,6 +28,7 @@
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <net/netfilter/nf_log.h>
+#include "../../netfilter/xt_repldata.h"
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
@@ -66,6 +67,12 @@ do {								\
 #define inline
 #endif
 
+void *ipt_alloc_initial_table(const struct xt_table *info)
+{
+	return xt_alloc_initial_table(ipt, IPT);
+}
+EXPORT_SYMBOL_GPL(ipt_alloc_initial_table);
+
 /*
    We keep a set of rules for each CPU, so we can avoid write-locking
    them in the softirq when updating the counters and therefore
author	Jan Engelhardt <jengelh@medozas.de>	2009-06-17 22:14:54 +0200
committer	Jan Engelhardt <jengelh@medozas.de>	2010-02-10 17:50:47 +0100
commit	e3eaa9910b380530cfd2c0670fcd3f627674da8a (patch)
tree	309e522e78f78149ec3cb99ffc386d1b72415a96 /net/ipv4/netfilter/ip_tables.c
parent	2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (diff)
download	linux-e3eaa9910b380530cfd2c0670fcd3f627674da8a.tar.gz