How to disable Connection Tracking runtime

All of lore.kernel.org
 help / color / mirror / Atom feed

* How to disable Connection Tracking runtime
@ 2008-05-06  3:38 Srinivas Murthy
  2008-05-06  6:19 ` Jan Engelhardt
  0 siblings, 1 reply; 6+ messages in thread
From: Srinivas Murthy @ 2008-05-06  3:38 UTC (permalink / raw)
  To: netfilter-devel

Hi,
 Is there a way to disable conntracking runtime?

 I see a lot of cpu time taken up by these fns:

__hash_conntrack
ipt_do_table
conn_hash_table_lookup

 I did see the perf tweaking params related to this but for test
purposes, I'd like to try w/ this disabled altogether (and going via/
the kernel config file is too painful for now).

Thanks.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: How to disable Connection Tracking runtime
  2008-05-06  3:38 How to disable Connection Tracking runtime Srinivas Murthy
@ 2008-05-06  6:19 ` Jan Engelhardt
  2008-05-07  3:54   ` Srinivas Murthy
  0 siblings, 1 reply; 6+ messages in thread
From: Jan Engelhardt @ 2008-05-06  6:19 UTC (permalink / raw)
  To: Srinivas Murthy; +Cc: netfilter-devel


On Tuesday 2008-05-06 05:38, Srinivas Murthy wrote:

>Hi,
> Is there a way to disable conntracking runtime?

Use -j NOTRACK.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: How to disable Connection Tracking runtime
  2008-05-06  6:19 ` Jan Engelhardt
@ 2008-05-07  3:54   ` Srinivas Murthy
  2008-05-07  3:54     ` Srinivas Murthy
  0 siblings, 1 reply; 6+ messages in thread
From: Srinivas Murthy @ 2008-05-07  3:54 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

I tried,

iptables -t raw -p all -j NOTRACK

I can see the rule installed.

However I still see these calls in the oprofile data.

_Sri

On Mon, May 5, 2008 at 11:19 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>
>  On Tuesday 2008-05-06 05:38, Srinivas Murthy wrote:
>
>  >Hi,
>  > Is there a way to disable conntracking runtime?
>
>  Use -j NOTRACK.
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: How to disable Connection Tracking runtime
  2008-05-07  3:54   ` Srinivas Murthy
@ 2008-05-07  3:54     ` Srinivas Murthy
  2008-05-07  4:04       ` Philip Craig
  0 siblings, 1 reply; 6+ messages in thread
From: Srinivas Murthy @ 2008-05-07  3:54 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

Sorry I installed,
iptables -t raw -A PREROUTING -p all -j NOTRACK

On Tue, May 6, 2008 at 8:54 PM, Srinivas Murthy <codevana@gmail.com> wrote:
> I tried,
>
>  iptables -t raw -p all -j NOTRACK
>
>  I can see the rule installed.
>
>  However I still see these calls in the oprofile data.
>
>  _Sri
>
>
>
>  On Mon, May 5, 2008 at 11:19 PM, Jan Engelhardt <jengelh@medozas.de> wrote:
>  >
>  >  On Tuesday 2008-05-06 05:38, Srinivas Murthy wrote:
>  >
>  >  >Hi,
>  >  > Is there a way to disable conntracking runtime?
>  >
>  >  Use -j NOTRACK.
>  >
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: How to disable Connection Tracking runtime
  2008-05-07  3:54     ` Srinivas Murthy
@ 2008-05-07  4:04       ` Philip Craig
  2008-05-07  4:05         ` Philip Craig
  0 siblings, 1 reply; 6+ messages in thread
From: Philip Craig @ 2008-05-07  4:04 UTC (permalink / raw)
  To: Srinivas Murthy; +Cc: Jan Engelhardt, netfilter-devel

Srinivas Murthy wrote:
> Sorry I installed,
> iptables -t raw -A PREROUTING -p all -j NOTRACK

You'll need this for locally generated packets:
iptables -t raw -A INPUT -j NOTRACK

But note that these only disable conntracking.  You'll still see
ipt_do_table().

If you want to stop iptables too then you'll need to unload the various
iptables/conntrack/nat modules (there are lots of them).  Even this
doesn't quite remove it all: there are still netfilter hooks.

If they aren't built as modules then I don't think there is a solution
other than rebuilding the kernel.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: How to disable Connection Tracking runtime
  2008-05-07  4:04       ` Philip Craig
@ 2008-05-07  4:05         ` Philip Craig
  0 siblings, 0 replies; 6+ messages in thread
From: Philip Craig @ 2008-05-07  4:05 UTC (permalink / raw)
  To: Srinivas Murthy; +Cc: Jan Engelhardt, netfilter-devel

Philip Craig wrote:
> You'll need this for locally generated packets:
> iptables -t raw -A INPUT -j NOTRACK

Sorry:
iptables -t raw -A OUTPUT -j NOTRACK


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2008-05-07  4:05 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-06  3:38 How to disable Connection Tracking runtime Srinivas Murthy
2008-05-06  6:19 ` Jan Engelhardt
2008-05-07  3:54   ` Srinivas Murthy
2008-05-07  3:54     ` Srinivas Murthy
2008-05-07  4:04       ` Philip Craig
2008-05-07  4:05         ` Philip Craig

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.