Patrick McHardy <kaber@xxxxxxxxx> writes:
> Mattias Rönnblom wrote:
>> Hi,
>>
>> with NFQUEUE and the libnetfilter_queue library, is it possible to
>> bind several applications to same protocol (for example, AF_INET)?
>>
>> That would be useful if you want to do load balancing on a multicore
>> system, with a thread/process serving each NFQUEUE queue.
>>
>> After having a brief look at the NFQUEUE/libnetfilter_queue code, it
>> looks like there's only single netlink fd for all queues, and the
>> library does the demultiplexing. Would that mean I have to have a
>> "front-end" thread distributing different servering threads?
>
> You can bind them to different group numbers for the same AF.
> The latest version of the NFQUEUE target even supports automatic
> balancing between those groups based on a simple flow hash.
Do you by "group number" mean NFQUEUE queue number? If so, how would I
do that? The data comes on a single netlink fd, which is serviced by
one thread, which is suppose to give the data chunk to
libnetfilter_queue (nfq_handle_packet). The libary executes a callback
(depending on queue number) in the context of that thread. At least
that is my understanding of NFQUEUE/libnetfilter_queue.
(Automatic load balancing sounds great btw.)
Best regards,
Mattias
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
