On Tue, Dec 22, 2015 at 10:10 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Mon, Dec 21, 2015 at 06:53:43PM +0530, Shivani Bhardwaj wrote: >> Add translation of NF queue to nftables. >> >> Examples: >> >> $ sudo iptables-translate -t nat -A PREROUTING -p tcp --dport 80 -j NFQUEUE --queue-num 30 >> nft add rule ip nat PREROUTING tcp dport 80 counter queue num 30 >> >> $ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-num 0 --queue-bypass -p TCP --sport 80 >> nft add rule ip filter FORWARD tcp sport 80 counter queue num 0 bypass > ^ > Make sure this space is gone in a v2 of this patch. > >> $ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-balance 0:3 >> nft add rule ip filter FORWARD counter queue num 0-3 fanout > > I think --queue-balance is independent from fanout. Check the code and > make sure this is correct. > Hi, I have taken reference from here : http://wiki.nftables.org/wiki-nftables/index.php/Queueing_to_userspace It says: When doing load balancing, you can use the fanout option to use the CPU ID as an index to map packets to the queues. The idea is that you can improve performance if there's a queue/userspace application per CPU Please let me know if I have understood this wrong. Thank you >> $ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-bypass -p TCP --sport 80 --queue-balance 0:3 >> nft add rule ip filter FORWARD tcp sport 80 counter queue num 0-3 fanout bypass > > Although this syntax is correct, we prefer: > > nft add rule ip filter FORWARD tcp sport 80 counter queue num 0-3 fanout,bypass > ^ > comma-separated values for flags. > > Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
