Mattias Rönnblom wrote: > Patrick McHardy <kaber@xxxxxxxxx> writes: > >> Mattias Rönnblom wrote: >>> Hi, >>> >>> with NFQUEUE and the libnetfilter_queue library, is it possible to >>> bind several applications to same protocol (for example, AF_INET)? >>> >>> That would be useful if you want to do load balancing on a multicore >>> system, with a thread/process serving each NFQUEUE queue. >>> >>> After having a brief look at the NFQUEUE/libnetfilter_queue code, it >>> looks like there's only single netlink fd for all queues, and the >>> library does the demultiplexing. Would that mean I have to have a >>> "front-end" thread distributing different servering threads? >> You can bind them to different group numbers for the same AF. >> The latest version of the NFQUEUE target even supports automatic >> balancing between those groups based on a simple flow hash. > > Do you by "group number" mean NFQUEUE queue number? If so, how would I > do that? Yes. You can specify the netlink group number in the nfq_create_queue() call. > The data comes on a single netlink fd, which is serviced by > one thread, which is suppose to give the data chunk to > libnetfilter_queue (nfq_handle_packet). The libary executes a callback > (depending on queue number) in the context of that thread. At least > that is my understanding of NFQUEUE/libnetfilter_queue. You can start multiple processes and bind each one to a seperate queue. Alternatively you can create multiple queue handles in a multithreaded programm. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
