On Mon, Jan 16, 2012 at 12:01:43PM +0100, Andres Velasco Garcia wrote: > > I would like to understand how load is distributed across different queues using NFQUEUE's --queue-balance option. > > The only information I could find on the subject is in the iptables man page, where I read: "Packets belonging to the same connection are put into the same nfqueue" It's a hash-based approach. You hash on the packet descriptors (source/destination/...), thus, the load is distributed between several user-space processes. See recent version of linux/net/netfilter/xt_NFQUEUE.c for more information. > I have two questions: > 1- Would this be true also if NFQUEUE target is triggered within the "mangle" and not the "nat" table? On the nat table, you will only see the first packet of the flow. > 2- I would find useful for my application if all packets from/to the same IP address (not only "connection") would flow though the same queue always. Is this somehow ensured by queue-balance? Yes. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
