From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias DiPasquale Subject: Re: Mangling IP Options fields Date: Mon, 16 May 2005 09:35:16 -0400 Message-ID: <876ef97a050516063532a0f24e@mail.gmail.com> References: <42889068.4010307@hoole.biz> <002d01c55a30$2063f940$7b0e10ac@hegel> <42889D97.7000601@hoole.biz> Reply-To: Tobias DiPasquale Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <42889D97.7000601@hoole.biz> Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Quinton Hoole Cc: netfilter@lists.netfilter.org On 5/16/05, Quinton Hoole wrote: > I looked into the libipq user space queueing option, but unfortunately > switching to user space is not feasble in my case (every single packet > on a GBit ethernet needs to be stamped, and resource utilisation is a > big issue). Some further reading of the netfilter FAQ has revealed that > patch-o-matic based extensions seem to be the way that others have > achieved things similar to my aims. >=20 > http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-= 4.html >=20 > Can anyone confirm that I'm heading in the right direction? You are headed in the right direction. I will say two more things: 1. What you are trying to do is very simple and shouldn't require much deviation from iptables targets that already exist w/r/t coding ability. Just make sure you know the pertinent RFCs and have a fast machine to compile on. 2. You will need 2-3 CPUs (x86) to keep up with GBit forwarding + netfilter= . --=20 [ Tobias DiPasquale ] 0x636f6465736c696e67657240676d61696c2e636f6d