188bab3ae0
When you've enabled conntrack and NAT as a module (standard case in all distributions), and you've also enabled the new conntrack netlink interface, loading ip_conntrack_netlink.ko will auto-load iptable_nat.ko. This causes a huge performance penalty, since for every packet you iterate the nat code, even if you don't want it. This patch splits iptable_nat.ko into the NAT core (ip_nat.ko) and the iptables frontend (iptable_nat.ko). Threfore, ip_conntrack_netlink.ko will only pull ip_nat.ko, but not the frontend. ip_nat.ko will "only" allocate some resources, but not affect runtime performance. This separation is also a nice step in anticipation of new packet filters (nf-hipac, ipset, pkttables) being able to use the NAT core. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
ipvs | ||
netfilter | ||
af_inet.c | ||
ah4.c | ||
arp.c | ||
datagram.c | ||
devinet.c | ||
esp4.c | ||
fib_frontend.c | ||
fib_hash.c | ||
fib_lookup.h | ||
fib_rules.c | ||
fib_semantics.c | ||
fib_trie.c | ||
icmp.c | ||
igmp.c | ||
inet_connection_sock.c | ||
inet_diag.c | ||
inet_hashtables.c | ||
inet_timewait_sock.c | ||
inetpeer.c | ||
ip_forward.c | ||
ip_fragment.c | ||
ip_gre.c | ||
ip_input.c | ||
ip_options.c | ||
ip_output.c | ||
ip_sockglue.c | ||
ipcomp.c | ||
ipconfig.c | ||
ipip.c | ||
ipmr.c | ||
Kconfig | ||
Makefile | ||
multipath_drr.c | ||
multipath_random.c | ||
multipath_rr.c | ||
multipath_wrandom.c | ||
multipath.c | ||
netfilter.c | ||
proc.c | ||
protocol.c | ||
raw.c | ||
route.c | ||
syncookies.c | ||
sysctl_net_ipv4.c | ||
tcp_bic.c | ||
tcp_cong.c | ||
tcp_diag.c | ||
tcp_highspeed.c | ||
tcp_htcp.c | ||
tcp_hybla.c | ||
tcp_input.c | ||
tcp_ipv4.c | ||
tcp_minisocks.c | ||
tcp_output.c | ||
tcp_scalable.c | ||
tcp_timer.c | ||
tcp_vegas.c | ||
tcp_westwood.c | ||
tcp.c | ||
udp.c | ||
xfrm4_input.c | ||
xfrm4_output.c | ||
xfrm4_policy.c | ||
xfrm4_state.c | ||
xfrm4_tunnel.c |