Hi,

I am experimenting with libnetfilter_queue. libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter.

I am using sample code(nfqnl_test.c) available on netfilter.org. I
have generated two binaries (queue0 and queue1) using that nfqnl_test.c sample code.

These binaries are working as per expected behaviour in case of CentOS
6.2 but with CentOS 6.5 only one queue is receiving network traffic.

I am not able to understand why only one queue is receiving network traffic in case of CentOS 6.5 whereas same network traffic is being distributed in both the queues with CentOS 6.2.

uname –a :-

Linux hwCentOS8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC
2013 x86_64 x86_64 x86_64 GNU/Linux

Machine Info:

16 core machine with 64GB RAM.

Command used for iptables in CentOS 6.5 :-

iptables -A INPUT -j NFQUEUE –queue-balance 0:1

Output In CentOS 6.5 :-

[varun@exp2 ~]$ ./queue0

opening library handle

unbinding existing nf_queue handler for AF_INET (if any)

binding nfnetlink_queue as nf_queue handler for AF_INET

binding this socket to queue ‘0’

setting copy_packet mode

pkt received

queue0 hw_protocol=0x0800 hook=1 id=0 hw_src_addr=fc:4d:d4:d3:7f:73
indev=2 payload_len=40

entering callback

pkt received

queue0 hw_protocol=0x0800 hook=1 id=1 hw_src_addr=fc:4d:d4:d3:7f:73
indev=2 payload_len=40

entering callback

pkt received

queue0 hw_protocol=0x0800 hook=1 id=2 hw_src_addr=fc:4d:d4:d3:7f:73
indev=2 payload_len=40

entering callback

pkt received

queue0 hw_protocol=0x0800 hook=1 id=3 hw_src_addr=fc:4d:d4:f1:e1:5f indev=2 payload_len=78

entering callback

[varun@exp2 ~]$ ./queue1

opening library handle

unbinding existing nf_queue handler for AF_INET (if any)

binding nfnetlink_queue as nf_queue handler for AF_INET

binding this socket to queue ‘1’

setting copy_packet mode

Please let me know if more information is required.

Regards varun