On Saturday 2011-04-09 01:22, Ed W wrote: >On 08/04/2011 20:54, Jan Engelhardt wrote: >> >> On Friday 2011-04-08 19:11, Ed W wrote: >>> Starting "shorewall" >>> - using busybox modprobe + released iptables = several minutes... >>> - module-init-tools + released iptables = 12s >>> - module-init-tools + your commit = 7.7s >>> - module-init-tools + patching out modprobe completely = 4.9s >>> >>> So, whilst your patch has a huge positive benefit, I'm still seeing a >>> substantial amount of cpu going to useless modprobing. >> >> Which is only natural, because the kernel loads stuff. If you have >> a problem with time (why so?) you should <*> the xtables modules, >> and just leave iptables in its origin state. > >I'm sorry that I haven't managed to explain my situation clearly. >However, I'm trying very hard to explain that I *have* got <*> in my >kernel. There are no modules. > >Stated another way. I don't have any kernel modules - everything is >compiled into the kernel In that case, iptables should never call modprobe. You said `iptables -h` itself would take a long time due to modprobe, however, I can spot no invocation of it using `strace -fe execve iptables -h` when the desired codes are already loaded into the kernel one way or another. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
