On Wednesday 2011-04-13 13:35, Ed W wrote: >On 13/04/2011 10:10, Maciej Åenczykowski wrote: >> I should probably point out that iptables module autoloading behaviour >> is very different for a pre-my commit statically compiled, non-shared >> iptables binary >> vs a post-my commit or non-statically compiled binary. > >Aha. I am using a static (well, --static --shared) iptables > >> The modprobe issue would only show up if you had a statically >> compiled, non-shared iptables binary. >> ie. one where all the extensions were already part of the iptables >> binary and would always get initialized at startup (even for iptables >> -h). > >Thanks - although my evidence suggests its simply the statically >compiled bit which is enough to trigger this? My binary is both static >and shared (is that the correct term?) In iptables, the options --enable-static and --enable-shared are semantically different from other projects. --enable-static/--disable-static decides whether [not] to put all shipped plugins into the binary. --enable-shared/--disable-shared selects whether the iptables-multi binary will attempt to dlopen extensions when they have not already been found inside the binary. Which is really what people want. --enable-static is _not_ going to produce a fully-static executable (one that would yield "not a dynamic executable" when running ldd) in iptables. >Additionally, as helpfully pointed out by Jan, a chunk of my problem is >my static iptables apparently trying to probe a kernel module which >isn't incorporated into my kernel version. I can't immediately see a >solution to not uselessly probing for that (without patching iptables)? > Any ideas? I would have said it could be the missing SET module being the cause for your modprobe time accumulation, but since you also use iptables-restore that possibility, too, is eliminated. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
