git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 18 Feb 2020 10:59:26 +0000 (11:59 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 15 Mar 2020 14:20:16 +0000 (15:20 +0100)
commit	e32a4dc6512ce3c1a1920531246e7037896e510a
tree	ee886881f452103e9055ab1db7e647fd44a02a4f	tree
parent	925d844696d9287f841d6b3e0ed62a35fb175970	commit \| diff

netfilter: nf_tables: make sets built-in

Placing nftables set support in an extra module is pointless:

1. nf_tables needs dynamic registeration interface for sake of one module
2. nft heavily relies on sets, e.g. even simple rule like
   "nft ... tcp dport { 80, 443 }" will not work with _SETS=n.

IOW, either nftables isn't used or both nf_tables and nf_tables_set
modules are needed anyway.

With extra module:
307K net/netfilter/nf_tables.ko
  79K net/netfilter/nf_tables_set.ko

   text  data  bss     dec filename
146416  3072  545  150033 nf_tables.ko
  35496  1817    0   37313 nf_tables_set.ko

This patch:
373K net/netfilter/nf_tables.ko

178563  4049  545  183157 nf_tables.ko

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| blame \| history
net/netfilter/Kconfig		diff \| blob \| blame \| history
net/netfilter/Makefile		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nf_tables_set_core.c	[deleted file]	blob \| blame \| history