From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH/RFC] [NETFILTER]: Fix invalid module autoloading by splitting iptable_nat Date: Sun, 25 Sep 2005 18:26:28 +0200 Message-ID: <4336CFB4.6060806@trash.net> References: <20050925150755.GK731@sunbeam.de.gnumonks.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Linux Netdev List , Patrick McHardy , Netfilter Development Mailinglist , David Miller Return-path: To: Harald Welte In-Reply-To: <20050925150755.GK731@sunbeam.de.gnumonks.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netdev.vger.kernel.org Harald Welte wrote: > Hi Patrick, Dave, > > I think we really need a solution for the last (known) remaining > dependency problem with 2.6.14. Please see the description > below. I _think_ the patch is fine, at least I couldn't find any case > where we could leak anything by splitting the code in two modules. > > There's a slight semantic change, though. If the user unloads > iptable_nat, all existing connections (including their configured NAT > mappings) will continue to work. Only when ip_nat.ko is unloaded, the > NAT mappings are evicted from the conntrack table. I like it that way, > since it's logical. I agree, its more logical than having the table and the conntrack part in one module.