Hi, I am implementing a custom filter using the libnetfilter_queue library. Performance is important, so I am looking at ways to parallelize it. The options I see are as follows: - single queue, multiple threads - multiple queues, multiple threads - multiple queues, multiple processes (1 per queue) Which of these options would be most effective? The guide I found here https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/ says "the nfq_set_verdict2 and nfq_handle_packet function needs to be protected by lock mechanism." Does that mean that there can be at most 2 threads per queue? When using multiple queues, is it valid to call nfq_open() multiple times in the same process? When I do that I get negative numbers for peer portid. Is this normal? $ sudo cat /proc/net/netfilter/nfnetlink_queue 100 27790 0 2 65531 0 0 0 1 101 -4585 0 2 65531 0 0 0 1 102 -4586 0 2 65531 0 0 0 1 103 -4587 0 2 65531 0 0 0 1 Also, how exactly does --queue-balance work? All packets seem to be directed to one particular queue. thanks, Eugene -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
