mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-10-20 10:28:24 +00:00
188bab3ae0
When you've enabled conntrack and NAT as a module (standard case in all distributions), and you've also enabled the new conntrack netlink interface, loading ip_conntrack_netlink.ko will auto-load iptable_nat.ko. This causes a huge performance penalty, since for every packet you iterate the nat code, even if you don't want it. This patch splits iptable_nat.ko into the NAT core (ip_nat.ko) and the iptables frontend (iptable_nat.ko). Threfore, ip_conntrack_netlink.ko will only pull ip_nat.ko, but not the frontend. ip_nat.ko will "only" allocate some resources, but not affect runtime performance. This separation is also a nice step in anticipation of new packet filters (nf-hipac, ipset, pkttables) being able to use the NAT core. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
18 lines
634 B
C
18 lines
634 B
C
#ifndef _IP_NAT_CORE_H
|
|
#define _IP_NAT_CORE_H
|
|
#include <linux/list.h>
|
|
#include <linux/netfilter_ipv4/ip_conntrack.h>
|
|
|
|
/* This header used to share core functionality between the standalone
|
|
NAT module, and the compatibility layer's use of NAT for masquerading. */
|
|
|
|
extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
|
|
enum ip_conntrack_info conntrackinfo,
|
|
unsigned int hooknum,
|
|
struct sk_buff **pskb);
|
|
|
|
extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
|
|
struct ip_conntrack *ct,
|
|
enum ip_nat_manip_type manip,
|
|
enum ip_conntrack_dir dir);
|
|
#endif /* _IP_NAT_CORE_H */
|