Yes with --queue-balance do I open a socket via nfq_open() per thread or do I just have the one nfq_open() and have each thread call nfq_create_queue only? On Wed, Jun 3, 2015 at 9:22 AM, Florian Westphal <fw@xxxxxxxxx> wrote: > Ryan Johnston <ryan@xxxxxxxxxxxxxxxx> wrote: >> When creating a multi-threaded NFQ/Netlink application, should I have >> multiple threads with fd sockets connected to the kernel, or do I have >> one socket with multiple thread loops to read the socket? > > Its up to you. > >> If I am to have many threaded fd sockets connected to kernel's >> netlink, is there any performance loss by having too many? > > For best performance use multiple queues, e.g. manually via iptables > -m cpu ... -j NFQUEUE, or via iptables .. NFQUEUE --queue-balance 0:x, > then run one process or thread for each queue. > > One thread per queue model is implemented in suricata ids for example. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
