On 5/16/05, Quinton Hoole <quinton@xxxxxxxxx> wrote: > I looked into the libipq user space queueing option, but unfortunately > switching to user space is not feasble in my case (every single packet > on a GBit ethernet needs to be stamped, and resource utilisation is a > big issue). Some further reading of the netfilter FAQ has revealed that > patch-o-matic based extensions seem to be the way that others have > achieved things similar to my aims. > > http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-4.html > > Can anyone confirm that I'm heading in the right direction? You are headed in the right direction. I will say two more things: 1. What you are trying to do is very simple and shouldn't require much deviation from iptables targets that already exist w/r/t coding ability. Just make sure you know the pertinent RFCs and have a fast machine to compile on. 2. You will need 2-3 CPUs (x86) to keep up with GBit forwarding + netfilter. -- [ Tobias DiPasquale ] 0x636f6465736c696e67657240676d61696c2e636f6d
