diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-07-23 06:59:36 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-07-23 06:59:36 -0400 |
| commit | e8648a1fdb54da1f683784b36a17aa65ea56e931 (patch) | |
| tree | 66fd69f1987e4aba0025429b581d394e6db28af0 /include/linux/netfilter | |
| parent | 7f1c407579519e71a0dcadc05614fd98acec585e (diff) | |
netfilter: add xt_cpu match
In some situations a CPU match permits a better spreading of
connections, or select targets only for a given cpu.
With Remote Packet Steering or multiqueue NIC and appropriate IRQ
affinities, we can distribute trafic on available cpus, per session.
(all RX packets for a given flow is handled by a given cpu)
Some legacy applications being not SMP friendly, one way to scale a
server is to run multiple copies of them.
Instead of randomly choosing an instance, we can use the cpu number as a
key so that softirq handler for a whole instance is running on a single
cpu, maximizing cache effects in TCP/UDP stacks.
Using NAT for example, a four ways machine might run four copies of
server application, using a separate listening port for each instance,
but still presenting an unique external port :
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \
-j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \
-j REDIRECT --to-port 8081
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \
-j REDIRECT --to-port 8082
iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \
-j REDIRECT --to-port 8083
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux/netfilter')
| -rw-r--r-- | include/linux/netfilter/Kbuild | 3 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_cpu.h | 11 |
2 files changed, 13 insertions, 1 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index 0cb62c85718..edeeabdc150 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild | |||
| @@ -20,12 +20,13 @@ header-y += xt_TCPMSS.h | |||
| 20 | header-y += xt_TCPOPTSTRIP.h | 20 | header-y += xt_TCPOPTSTRIP.h |
| 21 | header-y += xt_TEE.h | 21 | header-y += xt_TEE.h |
| 22 | header-y += xt_TPROXY.h | 22 | header-y += xt_TPROXY.h |
| 23 | header-y += xt_cluster.h | ||
| 23 | header-y += xt_comment.h | 24 | header-y += xt_comment.h |
| 24 | header-y += xt_connbytes.h | 25 | header-y += xt_connbytes.h |
| 25 | header-y += xt_connlimit.h | 26 | header-y += xt_connlimit.h |
| 26 | header-y += xt_connmark.h | 27 | header-y += xt_connmark.h |
| 27 | header-y += xt_conntrack.h | 28 | header-y += xt_conntrack.h |
| 28 | header-y += xt_cluster.h | 29 | header-y += xt_cpu.h |
| 29 | header-y += xt_dccp.h | 30 | header-y += xt_dccp.h |
| 30 | header-y += xt_dscp.h | 31 | header-y += xt_dscp.h |
| 31 | header-y += xt_esp.h | 32 | header-y += xt_esp.h |
diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h new file mode 100644 index 00000000000..93c7f11d8f4 --- /dev/null +++ b/include/linux/netfilter/xt_cpu.h | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | #ifndef _XT_CPU_H | ||
| 2 | #define _XT_CPU_H | ||
| 3 | |||
| 4 | #include <linux/types.h> | ||
| 5 | |||
| 6 | struct xt_cpu_info { | ||
| 7 | __u32 cpu; | ||
| 8 | __u32 invert; | ||
| 9 | }; | ||
| 10 | |||
| 11 | #endif /*_XT_CPU_H*/ | ||