netfilter: nf_tables: build-in filter chain type

One module per supported filter chain family type takes too much memory for very little code - too much modularization - place all chain filter definitions in one single file. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso 2018-03-27 11:53:07 +0200
committer: Pablo Neira Ayuso 2018-03-30 11:29:19 +0200
commit: 02c7b25e5f54321b9063e18d4f52cce07f8e081d (patch)
tree: c497bb71b3f152f3f07ea93dfbd605632e61457a /net/netfilter/nf_tables_api.c
parent: netfilter: nf_tables: nft_register_chain_type() returns void (diff)
download: kernel-qcow2-linux-02c7b25e5f54321b9063e18d4f52cce07f8e081d.tar.gz
kernel-qcow2-linux-02c7b25e5f54321b9063e18d4f52cce07f8e081d.tar.xz
kernel-qcow2-linux-02c7b25e5f54321b9063e18d4f52cce07f8e081d.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 9e4b1614ee39..97ec1c388bfe 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6584,6 +6584,8 @@ static int __init nf_tables_module_init(void)
 {
 	int err;
 
+	nft_chain_filter_init();
+
 	info = kmalloc(sizeof(struct nft_expr_info) * NFT_RULE_MAXEXPRS,
 		       GFP_KERNEL);
 	if (info == NULL) {
@@ -6618,6 +6620,7 @@ static void __exit nf_tables_module_exit(void)
 	rcu_barrier();
 	nf_tables_core_module_exit();
 	kfree(info);
+	nft_chain_filter_fini();
 }
 
 module_init(nf_tables_module_init);
author	Pablo Neira Ayuso	2018-03-27 11:53:07 +0200
committer	Pablo Neira Ayuso	2018-03-30 11:29:19 +0200
commit	02c7b25e5f54321b9063e18d4f52cce07f8e081d (patch)
tree	c497bb71b3f152f3f07ea93dfbd605632e61457a /net/netfilter/nf_tables_api.c
parent	netfilter: nf_tables: nft_register_chain_type() returns void (diff)
download	kernel-qcow2-linux-02c7b25e5f54321b9063e18d4f52cce07f8e081d.tar.gz kernel-qcow2-linux-02c7b25e5f54321b9063e18d4f52cce07f8e081d.tar.xz kernel-qcow2-linux-02c7b25e5f54321b9063e18d4f52cce07f8e081d.zip