Linux Netfilter discussions
 help / color / mirror / Atom feed
From: "Mattias Rönnblom" <hofors@lysator.liu.se>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter@vger.kernel.org
Subject: Re: Multiple nf_bind_pf to the same protocol
Date: Tue, 03 Nov 2009 11:12:22 +0100	[thread overview]
Message-ID: <87639rhq7t.fsf@isengard.friendlyfire.se> (raw)
In-Reply-To: <4AEEFB23.407@trash.net> (Patrick McHardy's message of "Mon\, 02 Nov 2009 16\:30\:43 +0100")

Patrick McHardy <kaber@trash.net> writes:

> Mattias Rönnblom wrote:
>> Hi,
>> 
>> with NFQUEUE and the libnetfilter_queue library, is it possible to
>> bind several applications to same protocol (for example, AF_INET)?
>> 
>> That would be useful if you want to do load balancing on a multicore
>> system, with a thread/process serving each NFQUEUE queue.
>> 
>> After having a brief look at the NFQUEUE/libnetfilter_queue code, it
>> looks like there's only single netlink fd for all queues, and the
>> library does the demultiplexing. Would that mean I have to have a
>> "front-end" thread distributing different servering threads?
>
> You can bind them to different group numbers for the same AF.
> The latest version of the NFQUEUE target even supports automatic
> balancing between those groups based on a simple flow hash.

Do you by "group number" mean NFQUEUE queue number? If so, how would I
do that? The data comes on a single netlink fd, which is serviced by
one thread, which is suppose to give the data chunk to
libnetfilter_queue (nfq_handle_packet). The libary executes a callback
(depending on queue number) in the context of that thread. At least
that is my understanding of NFQUEUE/libnetfilter_queue.

(Automatic load balancing sounds great btw.)

Best regards,
     Mattias

  reply	other threads:[~2009-11-03 10:12 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-02 15:09 Multiple nf_bind_pf to the same protocol Mattias Rönnblom
2009-11-02 15:30 ` Patrick McHardy
2009-11-03 10:12   ` Mattias Rönnblom [this message]
2009-11-03 10:50     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87639rhq7t.fsf@isengard.friendlyfire.se \
    --to=hofors@lysator.liu.se \
    --cc=kaber@trash.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox