Hi all, I'm working on a kernel module to filter packets for a specific application (to build a firewall for this specific application). I can't use iptables for performance issues (the module must filter hundred of thousands small packets per second, and rules are added/removed relatively fast to a large ruleset, which is too slow with iptables). I'm filtering packets using the PREROUTING netfilter hooks, and I can't figure how they are executed on SMP machine. This hook should be executed in a softirq, and so could be run by multiple CPUs at the same time. This seems to be the case when 2 NICs are used (tested on a dual Xeon, 85%"load on each CPU). But when there is only one NIC, only one CPU is used. Is there a way to make packets coming from a single NIC handled by multiple CPUs? Thanks in advance, strawks -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
