On 08/04/2011 01:18, Jan Engelhardt wrote: >> I have my kernel compiled without modules. My modprobe takes a little >> under 1ms to execute. "iptables" appears to try and modprobe some 21 >> match/target modules. > > This is your kernel calling modprobe through I think not, or that you mean in a more roundabout fashion than I do? >> I have dug through the code a bit and the first thing I notice is that >> there is no --modprobe option actually parsed for, and the undocumented >> "-M" option doesn't appear to pass through to xtables.c? (I thought >> about simply lying about the modprobe binary name) > > ip6tables.c:do_command6, near case 'M'. I see the code, but "iptables -M /dev/null -h" still runs /sbin/modprobe (lots) >> The final thought is whether it's possible to notice that a module is >> already loaded and skip the modprobe call altogether? (/proc/modules is >> not enough because the module could be built into the kernel) > > If ip_tables.ko is already loaded, iptc_init will not fail (per the > command above xtables_load_ko(xtables_modprobe_program, false), and > thus, modprobe will not be called - at least not by iptables. Sure, but everything derived from xtables.c calls modprobe? I'm sorry if I'm misunderstanding "who" calls modprobe, but the point is that you can do a simple strace on "iptables -h" and without Maciej' patch you will see a boatload of modprobe's... Even with his patch then I still seem to get a load of modprobe's where extra xtable matches are needed, and in my case (500Mhz processor), modprobe is slow and also unnecessary because (nearly) everything is compiled into the kernel Avoiding modprobe would be very desirable in my case. Any ideas? (For the moment I have just patched out the xtables.c insmod function, but it's not very neat) Thanks all Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
