Hi Pablo, The following contains a bunch of patches that id'like to see in -next tree. The two tproxy patches remove the nf_tproxy_core module - the TPROXY target is changed to use the generic sock_edemux destructor (this is one reason for the negative diffstat). The three conntrack patches are yet another attempt at removing the extra ecache timer: It implements redelivery via delayed work item - the advantage is that redelivery is now under scheduler control and thus competes fairly with the userspace event consumers. I got slightly better results than current master branch, and a lot better results compared to the old "single timer" based patch. Because nf_conntrack_netlink.c contains a bit of redundant code copied from nf_conntrack_core I rebased the "cleanup" parts of your patch titled "netfilter: nf_conntrack: fix race in timer handling with reliable events" which is sitting in patchwork: http://patchwork.ozlabs.org/patch/180436/ If you prefer to forward-port the cleanup bits yourself jsut let me know when you're finished an I will rebase my changes. Patches will also be sent in reply to this email. The following changes since commit 496e4ae7dc944faa1721bfda7e9d834d5611a874: netfilter: nf_queue: add NFQA_SKB_CSUM_NOTVERIFIED info flag (2013-06-30 18:15:48 +0200) are available in the git repository at: git://chamillionaire.breakpoint.cc/fw/nf-next.git pull-20130729 Florian Westphal (7): netfilter: connlabels: remove unneeded includes netfilter: nf_queue: relax NFQA_CT attribute check netfilter: tproxy: remove nf_tproxy_core module, keep tw sock assigned to skb netfilter: tproxy: remove nf_tproxy_core.h netfilter: conntrack: remove duplicate code in conntrack_netlink netfilter: conntrack: don't send destroy events from iterator netfilter: conntrack: remove timer from ecache extension Documentation/networking/tproxy.txt | 5 +- include/net/netfilter/nf_conntrack.h | 14 +- include/net/netfilter/nf_conntrack_ecache.h | 9 +- include/net/netfilter/nf_tproxy_core.h | 210 -------------------- include/net/netns/conntrack.h | 5 +- include/uapi/linux/netfilter/nf_conntrack_common.h | 8 +- net/ipv4/netfilter/ipt_MASQUERADE.c | 2 +- net/ipv6/netfilter/ip6t_MASQUERADE.c | 2 +- net/netfilter/Kconfig | 22 +-- net/netfilter/Makefile | 3 - net/netfilter/nf_conntrack_core.c | 131 +++---------- net/netfilter/nf_conntrack_ecache.c | 63 +++++- net/netfilter/nf_conntrack_labels.c | 4 - net/netfilter/nf_conntrack_netlink.c | 18 +-- net/netfilter/nf_conntrack_proto.c | 4 +- net/netfilter/nf_nat_core.c | 6 +- net/netfilter/nf_tproxy_core.c | 62 ------ net/netfilter/nfnetlink_queue_core.c | 4 +- net/netfilter/xt_TPROXY.c | 167 ++++++++++++++++- net/netfilter/xt_socket.c | 66 ++++++- 20 files changed, 353 insertions(+), 452 deletions(-) delete mode 100644 include/net/netfilter/nf_tproxy_core.h delete mode 100644 net/netfilter/nf_tproxy_core.c -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
