aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-09-26 18:25:11 -0400
committerDavid S. Miller <davem@davemloft.net>2005-09-26 18:25:11 -0400
commit188bab3ae0ed164bc18f98be932512d777dd038b (patch)
tree58a4a77478e8abf0af5afa53dee6a6b1e5828387 /include/linux
parentb85daee0e497c8fe7c4dc3531674ede645b37cdf (diff)
[NETFILTER]: Fix invalid module autoloading by splitting iptable_nat
When you've enabled conntrack and NAT as a module (standard case in all distributions), and you've also enabled the new conntrack netlink interface, loading ip_conntrack_netlink.ko will auto-load iptable_nat.ko. This causes a huge performance penalty, since for every packet you iterate the nat code, even if you don't want it. This patch splits iptable_nat.ko into the NAT core (ip_nat.ko) and the iptables frontend (iptable_nat.ko). Threfore, ip_conntrack_netlink.ko will only pull ip_nat.ko, but not the frontend. ip_nat.ko will "only" allocate some resources, but not affect runtime performance. This separation is also a nice step in anticipation of new packet filters (nf-hipac, ipset, pkttables) being able to use the NAT core. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_core.h12
1 files changed, 5 insertions, 7 deletions
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h
index 3b50eb91f007..30db23f06b03 100644
--- a/include/linux/netfilter_ipv4/ip_nat_core.h
+++ b/include/linux/netfilter_ipv4/ip_nat_core.h
@@ -5,16 +5,14 @@
5 5
6/* This header used to share core functionality between the standalone 6/* This header used to share core functionality between the standalone
7 NAT module, and the compatibility layer's use of NAT for masquerading. */ 7 NAT module, and the compatibility layer's use of NAT for masquerading. */
8extern int ip_nat_init(void);
9extern void ip_nat_cleanup(void);
10 8
11extern unsigned int nat_packet(struct ip_conntrack *ct, 9extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
12 enum ip_conntrack_info conntrackinfo, 10 enum ip_conntrack_info conntrackinfo,
13 unsigned int hooknum, 11 unsigned int hooknum,
14 struct sk_buff **pskb); 12 struct sk_buff **pskb);
15 13
16extern int icmp_reply_translation(struct sk_buff **pskb, 14extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
17 struct ip_conntrack *ct, 15 struct ip_conntrack *ct,
18 enum ip_nat_manip_type manip, 16 enum ip_nat_manip_type manip,
19 enum ip_conntrack_dir dir); 17 enum ip_conntrack_dir dir);
20#endif /* _IP_NAT_CORE_H */ 18#endif /* _IP_NAT_CORE_H */