iptables branch, iptables-next, updated. v1.4.8-30-g2d59208

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Fri Jul 23 16:15:45 CEST 2010 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "iptables".

The branch, iptables-next has been updated
       via  2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3 (commit)
      from  59ccf53b9414d998afd6169cb2d6ba0f3c249081 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3
Author: Eric Dumazet <eric.dumazet at gmail.com>
Date:   Fri Jul 23 16:15:14 2010 +0200

    extension: add xt_cpu match
    
    Kernel 2.6.36 supports xt_cpu match
    
    In some situations a CPU match permits a better spreading of
    connections, or select targets only for a given cpu.
    
    With Remote Packet Steering or multiqueue NIC and appropriate IRQ
    affinities, we can distribute trafic on available cpus, per session.
    (all RX packets for a given flow are handled by a given cpu)
    
    Some legacy applications being not SMP friendly, one way to scale a
    server is to run multiple copies of them.
    
    Instead of randomly choosing an instance, we can use the cpu number as a
    key so that softirq handler for a whole instance is running on a single
    cpu, maximizing cache effects in TCP/UDP stacks.
    
    Using NAT for example, a four ways machine might run four copies of
    server application, using a separate listening port for each instance,
    but still presenting an unique external port :
    
    iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \
            -j REDIRECT --to-port 8080
    
    iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \
            -j REDIRECT --to-port 8081
    
    iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \
            -j REDIRECT --to-port 8082
    
    iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \
            -j REDIRECT --to-port 8083
    
    Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
    Signed-off-by: Patrick McHardy <kaber at trash.net>

-----------------------------------------------------------------------

Summary of changes:
 extensions/libxt_cpu.c           |   98 ++++++++++++++++++++++++++++++++++++++
 extensions/libxt_cpu.man         |   16 ++++++
 include/linux/netfilter/xt_cpu.h |   11 ++++
 3 files changed, 125 insertions(+), 0 deletions(-)
 create mode 100644 extensions/libxt_cpu.c
 create mode 100644 extensions/libxt_cpu.man
 create mode 100644 include/linux/netfilter/xt_cpu.h


hooks/post-receive
-- 
iptables

More information about the netfilter-cvslog mailing list