git.baikalelectronics.ru Git - kernel.git/commit

author	Harald Welte <laforge@netfilter.org>
	Mon, 26 Sep 2005 22:25:11 +0000 (15:25 -0700)
committer	David S. Miller <davem@davemloft.net>
	Mon, 26 Sep 2005 22:25:11 +0000 (15:25 -0700)
commit	b4894c931b9e2ff6a08ad291f3d7b83321f66e90
tree	58a4a77478e8abf0af5afa53dee6a6b1e5828387	tree \| snapshot
parent	6805e9086cda55e5637153418791d105b909bf05	commit \| diff

[NETFILTER]: Fix invalid module autoloading by splitting iptable_nat

When you've enabled conntrack and NAT as a module (standard case in all
distributions), and you've also enabled the new conntrack netlink
interface, loading ip_conntrack_netlink.ko will auto-load iptable_nat.ko.
This causes a huge performance penalty, since for every packet you iterate
the nat code, even if you don't want it.

This patch splits iptable_nat.ko into the NAT core (ip_nat.ko) and the
iptables frontend (iptable_nat.ko). Threfore, ip_conntrack_netlink.ko will
only pull ip_nat.ko, but not the frontend. ip_nat.ko will "only" allocate
some resources, but not affect runtime performance.

This separation is also a nice step in anticipation of new packet filters
(nf-hipac, ipset, pkttables) being able to use the NAT core.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netfilter_ipv4/ip_nat_core.h		diff \| blob \| history
net/ipv4/netfilter/Makefile		diff \| blob \| history
net/ipv4/netfilter/ip_nat_core.c		diff \| blob \| history
net/ipv4/netfilter/ip_nat_helper.c		diff \| blob \| history
net/ipv4/netfilter/ip_nat_standalone.c		diff \| blob \| history