Em 25-05-2014 07:35, Varun Sharma escreveu:
Hi,
I am experimenting with libnetfilter_queue. libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter.
I am using sample code(nfqnl_test.c) available on netfilter.org. I have generated two binaries (queue0 and queue1) using that nfqnl_test.c sample code.
These binaries are working as per expected behaviour in case of Centos 6.2 but with Centos 6.5 only one queue is receiving network traffic.
I am not able to understand why only one queue is receiving network traffic in case of Centos 6.5 whereas same network traffic is being distributed in both the queues with Centos 6.2.
uname –a :-
Linux hwcentos8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Machine Info:
16 core machine with 64GB RAM.
Command used for iptables in Centos 6.5 :-
iptables -A INPUT -j NFQUEUE --queue-balance 0:1
Output In Centos 6.5 :-
[varun@exp2 ~]$ ./queue0
opening library handle
unbinding existing nf_queue handler for AF_INET (if any)
binding nfnetlink_queue as nf_queue handler for AF_INET
binding this socket to queue '0'
setting copy_packet mode
pkt received
queue0 hw_protocol=0x0800 hook=1 id=0 hw_src_addr=fc:4d:d4:d3:7f:73 indev=2 payload_len=40
entering callback
pkt received
queue0 hw_protocol=0x0800 hook=1 id=1 hw_src_addr=fc:4d:d4:d3:7f:73 indev=2 payload_len=40
entering callback
pkt received
queue0 hw_protocol=0x0800 hook=1 id=2 hw_src_addr=fc:4d:d4:d3:7f:73 indev=2 payload_len=40
entering callback
pkt received
queue0 hw_protocol=0x0800 hook=1 id=3 hw_src_addr=fc:4d:d4:f1:e1:5f indev=2 payload_len=78
entering callback
[varun@exp2 ~]$ ./queue1
opening library handle
unbinding existing nf_queue handler for AF_INET (if any)
binding nfnetlink_queue as nf_queue handler for AF_INET
binding this socket to queue '1'
setting copy_packet mode
Please let me know if more information is required.
Hi,
Considering the MAC address is the same, should I assume both IP addresses are the same too? Because it balances according to the hash of src ip, dst ip and ip proto (tcp, udp..).
That is, all packets from a single tcp stream will always go through the same queue, avoiding re-ordering.
Cheers, Marcelo