Re: Performance issue due to constant "modprobes"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/04/2011 00:42, Jan Engelhardt wrote:
> 
> You said `iptables -h` itself would take a long time due to modprobe, 
> however, I can spot no invocation of it using `strace -fe execve 
> iptables -h` when the desired codes are already loaded into the kernel 
> one way or another.


Maciej pointed out this is the case for git as of around 4 days ago, and
in my last email I confirmed I saw the same.  I don't expect you to
observe what you say if you use last released 1.4.10?

However, if you use an xtables match then I would expect you to see a
module loaded? (For example running up a fairly vanilla "shorewall"
script manages to cause some 20 odd modules to load).  My specific
problem is that on my hardware, invoking modprobe takes some good few ms
(whether something is loaded or not), all modules are compiled into the
kernel, so this time is dead time.  In the case of shorewall (which for
sure is a beefy firewall script), this amounts to some several seconds
of wasted time (since nothing is loaded)

I appear to be able to eliminate this delay by modifying
/proc/sys/kernel/modprobe, but I not (apparently) by using "iptables -M
blah"? No one else is commenting on this, so either it's resolved in
current git, or ...?


No one has suggested anything, but basically, is there some way to avoid
running modprobe when the kernel has all the xtables modules compiled
in? ie can we detect that the code is already loaded and avoid trying to
probe for it?

However, many thanks to Maciej - that commit massively improves the
performance of the simple cases!

Cheers

Ed W
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux