On Wednesday 2011-04-13 14:35, Ed W wrote: >Hi > >> In iptables, the options --enable-static and --enable-shared are >> semantically different from other projects. > >Thanks for confirming - iptables also helpfully spells exactly this out >in the INSTALL doc (+1 for open source documentation!!) -1 to the user for not reading it ;-) >>> Additionally, as helpfully pointed out by Jan, a chunk of my problem is >>> my static iptables apparently trying to probe a kernel module which >>> isn't incorporated into my kernel version. I can't immediately see a >>> solution to not uselessly probing for that (without patching iptables)? >>> Any ideas? >> >> I would have said it could be the missing SET module being the cause for >> your modprobe time accumulation, but since you also use iptables-restore >> that possibility, too, is eliminated. > >Yes, although these modules are being probed for even on a zero >(missing) input to iptables-restore. However, that seems consistent >with a v1.4.10 iptables --enable-static based binary? Presumably this >just probes everything? Yes, and that which does not exist in the kernel you pay with a modprobe call then. That would not only include SET, but also extensions long obsoleted, such as libipt_unclean's counterpart. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
