• Florian Westphal's avatar
    netfilter: nf_tables: make sets built-in · e32a4dc6
    Florian Westphal authored
    Placing nftables set support in an extra module is pointless:
    
    1. nf_tables needs dynamic registeration interface for sake of one module
    2. nft heavily relies on sets, e.g. even simple rule like
       "nft ... tcp dport { 80, 443 }" will not work with _SETS=n.
    
    IOW, either nftables isn't used or both nf_tables and nf_tables_set
    modules are needed anyway.
    
    With extra module:
     307K net/netfilter/nf_tables.ko
      79K net/netfilter/nf_tables_set.ko
    
       text  data  bss     dec filename
     146416  3072  545  150033 nf_tables.ko
      35496  1817    0   37313 nf_tables_set.ko
    
    This patch:
     373K net/netfilter/nf_tables.ko
    
     178563  4049  545  183157 nf_tables.ko
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    e32a4dc6
Kconfig 52.1 KB