diff options
author | Harald Welte <laforge@netfilter.org> | 2005-09-26 18:25:11 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-09-26 18:25:11 -0400 |
commit | 188bab3ae0ed164bc18f98be932512d777dd038b (patch) | |
tree | 58a4a77478e8abf0af5afa53dee6a6b1e5828387 /include/linux | |
parent | b85daee0e497c8fe7c4dc3531674ede645b37cdf (diff) |
[NETFILTER]: Fix invalid module autoloading by splitting iptable_nat
When you've enabled conntrack and NAT as a module (standard case in all
distributions), and you've also enabled the new conntrack netlink
interface, loading ip_conntrack_netlink.ko will auto-load iptable_nat.ko.
This causes a huge performance penalty, since for every packet you iterate
the nat code, even if you don't want it.
This patch splits iptable_nat.ko into the NAT core (ip_nat.ko) and the
iptables frontend (iptable_nat.ko). Threfore, ip_conntrack_netlink.ko will
only pull ip_nat.ko, but not the frontend. ip_nat.ko will "only" allocate
some resources, but not affect runtime performance.
This separation is also a nice step in anticipation of new packet filters
(nf-hipac, ipset, pkttables) being able to use the NAT core.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter_ipv4/ip_nat_core.h | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h index 3b50eb91f00..30db23f06b0 100644 --- a/include/linux/netfilter_ipv4/ip_nat_core.h +++ b/include/linux/netfilter_ipv4/ip_nat_core.h | |||
@@ -5,16 +5,14 @@ | |||
5 | 5 | ||
6 | /* This header used to share core functionality between the standalone | 6 | /* This header used to share core functionality between the standalone |
7 | NAT module, and the compatibility layer's use of NAT for masquerading. */ | 7 | NAT module, and the compatibility layer's use of NAT for masquerading. */ |
8 | extern int ip_nat_init(void); | ||
9 | extern void ip_nat_cleanup(void); | ||
10 | 8 | ||
11 | extern unsigned int nat_packet(struct ip_conntrack *ct, | 9 | extern unsigned int ip_nat_packet(struct ip_conntrack *ct, |
12 | enum ip_conntrack_info conntrackinfo, | 10 | enum ip_conntrack_info conntrackinfo, |
13 | unsigned int hooknum, | 11 | unsigned int hooknum, |
14 | struct sk_buff **pskb); | 12 | struct sk_buff **pskb); |
15 | 13 | ||
16 | extern int icmp_reply_translation(struct sk_buff **pskb, | 14 | extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb, |
17 | struct ip_conntrack *ct, | 15 | struct ip_conntrack *ct, |
18 | enum ip_nat_manip_type manip, | 16 | enum ip_nat_manip_type manip, |
19 | enum ip_conntrack_dir dir); | 17 | enum ip_conntrack_dir dir); |
20 | #endif /* _IP_NAT_CORE_H */ | 18 | #endif /* _IP_NAT_CORE_H */ |