netfilter: nf_tables: keep chain counters away from hot path

These chain counters are only used by the iptables-compat tool, that allow users to use the x_tables extensions from the existing nf_tables framework. This patch makes nf_tables by ~5% for the general usecase, ie. native nft users, where no chain counters are used at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2017-07-18 20:18:09 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-07-24 12:23:16 +0200
commit: 9f08ea848117ab521efcfd3e004d8e1a0edc640c (patch)
tree: d1c5ac609cee2c686ca887707497477ac792537b /include/net
parent: netfilter: expect: add to hash table after expect init (diff)
download: linux-9f08ea848117ab521efcfd3e004d8e1a0edc640c.tar.xz
linux-9f08ea848117ab521efcfd3e004d8e1a0edc640c.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
index 8f690effec37..424684c33771 100644
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -49,6 +49,8 @@ struct nft_payload_set {
 };
 
 extern const struct nft_expr_ops nft_payload_fast_ops;
+
+extern struct static_key_false nft_counters_enabled;
 extern struct static_key_false nft_trace_enabled;
 
 #endif /* _NET_NF_TABLES_CORE_H */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2017-07-18 20:18:09 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-07-24 12:23:16 +0200
commit	9f08ea848117ab521efcfd3e004d8e1a0edc640c (patch)
tree	d1c5ac609cee2c686ca887707497477ac792537b /include/net
parent	netfilter: expect: add to hash table after expect init (diff)
download	linux-9f08ea848117ab521efcfd3e004d8e1a0edc640c.tar.xz linux-9f08ea848117ab521efcfd3e004d8e1a0edc640c.zip