On Thu, Apr 7, 2016 at 10:43 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Thu, Apr 07, 2016 at 03:06:40PM +0530, Shivani Bhardwaj wrote: >> The idea of fanout option is to improve the performance by indexing CPU >> ID to map packets to the queues. This is used for load balancing. >> Fanout option is not required when there is a single queue specified. >> >> According to iptables, queue balance should be specified in order to use >> fanout, following that, throw an error in nftables if the range of >> queues for load balancing is not specified with the fanout option. > > Curious, how does iptables behave when you pass fanout and a single > queue? > It throws an error: $ sudo iptables -A FORWARD -j NFQUEUE --queue-num 0 --queue-cpu-fanout iptables v1.6.0: NFQUEUE: option "--queue-cpu-fanout" also requires "--queue-balance". Try `iptables -h' or 'iptables --help' for more information. Since, queue-balance is done as queue num with a range in nftables, I thought it should follow the same routine as iptables. > Could you also include how the nft error output looks like after your > patch in your description? > Yes I'll do that. Thanks. > Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
