Em 25-05-2014 07:35, Varun Sharma escreveu: > Hi, > > I am experimenting with libnetfilter_queue. libnetfilter_queue is a > userspace library providing an API to packets that have been queued by > the kernel packet filter. > > I am using sample code(nfqnl_test.c) available on netfilter.org. I > have generated two binaries (queue0 and queue1) using that > nfqnl_test.c sample code. > > These binaries are working as per expected behaviour in case of Centos > 6.2 but with Centos 6.5 only one queue is receiving network traffic. > > I am not able to understand why only one queue is receiving network > traffic in case of Centos 6.5 whereas same network traffic is being > distributed in both the queues with Centos 6.2. > > uname –a :- > > Linux hwcentos8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC > 2013 x86_64 x86_64 x86_64 GNU/Linux > > Machine Info: > > 16 core machine with 64GB RAM. > > Command used for iptables in Centos 6.5 :- > > iptables -A INPUT -j NFQUEUE --queue-balance 0:1 > > > Output In Centos 6.5 :- > > > [varun at exp2 ~]$ ./queue0 > > opening library handle > > unbinding existing nf_queue handler for AF_INET (if any) > > binding nfnetlink_queue as nf_queue handler for AF_INET > > binding this socket to queue '0' > > setting copy_packet mode > > pkt received > > queue0 hw_protocol=0x0800 hook=1 id=0 hw_src_addr=fc:4d:d4:d3:7f:73 > indev=2 payload_len=40 > > entering callback > > pkt received > > queue0 hw_protocol=0x0800 hook=1 id=1 hw_src_addr=fc:4d:d4:d3:7f:73 > indev=2 payload_len=40 > > entering callback > > pkt received > > queue0 hw_protocol=0x0800 hook=1 id=2 hw_src_addr=fc:4d:d4:d3:7f:73 > indev=2 payload_len=40 > > entering callback > > pkt received > > queue0 hw_protocol=0x0800 hook=1 id=3 hw_src_addr=fc:4d:d4:f1:e1:5f > indev=2 payload_len=78 > > entering callback > > > > [varun at exp2 ~]$ ./queue1 > > opening library handle > > unbinding existing nf_queue handler for AF_INET (if any) > > binding nfnetlink_queue as nf_queue handler for AF_INET > > binding this socket to queue '1' > > setting copy_packet mode > > > > > Please let me know if more information is required. Hi, Considering the MAC address is the same, should I assume both IP addresses are the same too? Because it balances according to the hash of src ip, dst ip and ip proto (tcp, udp..). That is, all packets from a single tcp stream will always go through the same queue, avoiding re-ordering. Cheers, Marcelo