[CentOS] traffic distribution not happening in centos 6.5

Tue May 27 18:24:32 UTC 2014
Marcelo Ricardo Leitner <marcelo.leitner at gmail.com>

Em 25-05-2014 07:35, Varun Sharma escreveu:
> Hi,
>
> I am experimenting with libnetfilter_queue. libnetfilter_queue is a
> userspace library providing an API to packets that have been queued by
> the kernel packet filter.
>
> I am using sample code(nfqnl_test.c) available on netfilter.org. I
> have generated two binaries (queue0 and queue1) using that
> nfqnl_test.c sample code.
>
> These binaries are working as per expected behaviour in case of Centos
> 6.2 but with Centos 6.5 only one queue is receiving network traffic.
>
> I am not able to understand why only one queue is receiving network
> traffic in case of Centos 6.5 whereas same network traffic is being
> distributed in both the queues with Centos 6.2.
>
> uname –a :-
>
> Linux hwcentos8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC
> 2013 x86_64 x86_64 x86_64 GNU/Linux
>
> Machine Info:
>
> 16 core machine with 64GB RAM.
>
> Command used for iptables in Centos 6.5 :-
>
> iptables -A INPUT -j NFQUEUE --queue-balance 0:1
>
>
> Output In Centos 6.5 :-
>
>
> [varun at exp2 ~]$ ./queue0
>
> opening library handle
>
> unbinding existing nf_queue handler for AF_INET (if any)
>
> binding nfnetlink_queue as nf_queue handler for AF_INET
>
> binding this socket to queue '0'
>
> setting copy_packet mode
>
> pkt received
>
> queue0 hw_protocol=0x0800 hook=1 id=0 hw_src_addr=fc:4d:d4:d3:7f:73
> indev=2 payload_len=40
>
> entering callback
>
> pkt received
>
> queue0 hw_protocol=0x0800 hook=1 id=1 hw_src_addr=fc:4d:d4:d3:7f:73
> indev=2 payload_len=40
>
> entering callback
>
> pkt received
>
> queue0 hw_protocol=0x0800 hook=1 id=2 hw_src_addr=fc:4d:d4:d3:7f:73
> indev=2 payload_len=40
>
> entering callback
>
> pkt received
>
> queue0 hw_protocol=0x0800 hook=1 id=3 hw_src_addr=fc:4d:d4:f1:e1:5f
> indev=2 payload_len=78
>
> entering callback
>
>
>
> [varun at exp2 ~]$ ./queue1
>
> opening library handle
>
> unbinding existing nf_queue handler for AF_INET (if any)
>
> binding nfnetlink_queue as nf_queue handler for AF_INET
>
> binding this socket to queue '1'
>
> setting copy_packet mode
>
>
>
>
> Please let me know if more information is required.

Hi,

Considering the MAC address is the same, should I assume both IP 
addresses are the same too? Because it balances according to the hash of 
src ip, dst ip and ip proto (tcp, udp..).

That is, all packets from a single tcp stream will always go through the 
same queue, avoiding re-ordering.

Cheers,
Marcelo