Ryan Johnston <ryan@xxxxxxxxxxxxxxxx> wrote: > When creating a multi-threaded NFQ/Netlink application, should I have > multiple threads with fd sockets connected to the kernel, or do I have > one socket with multiple thread loops to read the socket? Its up to you. > If I am to have many threaded fd sockets connected to kernel's > netlink, is there any performance loss by having too many? For best performance use multiple queues, e.g. manually via iptables -m cpu ... -j NFQUEUE, or via iptables .. NFQUEUE --queue-balance 0:x, then run one process or thread for each queue. One thread per queue model is implemented in suricata ids for example. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
