From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57672) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKjlZ-0001VA-IB for qemu-devel@nongnu.org; Thu, 30 Jul 2015 05:04:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZKjlU-0005Sm-8v for qemu-devel@nongnu.org; Thu, 30 Jul 2015 05:04:41 -0400 Received: from [59.151.112.132] (port=33293 helo=heian.cn.fujitsu.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKjlT-0005RI-86 for qemu-devel@nongnu.org; Thu, 30 Jul 2015 05:04:36 -0400 Message-ID: <55B9E89F.3010106@cn.fujitsu.com> Date: Thu, 30 Jul 2015 17:04:31 +0800 From: Yang Hongyang MIME-Version: 1.0 References: <1438167116-29270-1-git-send-email-yanghy@cn.fujitsu.com> <1438167116-29270-10-git-send-email-yanghy@cn.fujitsu.com> <55B9B269.3030709@redhat.com> <55B9C898.8090406@cn.fujitsu.com> <55B9E30E.8070804@redhat.com> In-Reply-To: <55B9E30E.8070804@redhat.com> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 09/12] netfilter: add a netbuffer filter List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jason Wang , qemu-devel@nongnu.org Cc: thuth@redhat.com, stefanha@redhat.com, zhang.zhanghailiang@huawei.com, mrhines@linux.vnet.ibm.com On 07/30/2015 04:40 PM, Jason Wang wrote: > > > On 07/30/2015 02:47 PM, Yang Hongyang wrote: >> On 07/30/2015 01:13 PM, Jason Wang wrote: >> [...] >>>> + >>>> +#include "net/filter.h" >>>> +#include "net/queue.h" >>>> +#include "filters.h" >>>> +#include "qemu-common.h" >>>> +#include "qemu/error-report.h" >>>> + >>>> +typedef struct FILTERBUFFERState { >>>> + NetFilterState nf; >>>> + NetClientState dummy; /* used to send buffered packets */ >>> >>> Why need this? Couldn't we just infer this from NetFilterState? >> >> Because we use existing API qemu_send_packet_async/raw to send >> packet, it takes an NetClientState as the first argument sender, >> and use sender->peer->incoming_queue as the dest queue, so in order to >> make this API work, we need to use this dummy NC and init it's >> peer to our dest(which is the network backend) >> Another way is to call qemu_net_queue_send(netdev->incoming_queue,...) >> directly, we still need a NetClientState *sender param, can not >> use NetFilterState. > > I think this is my meaning. Use NetFilterState->netdev. Problem is NetFilterState->netdev is our destination, we need a sender... if we use this, packet will be sent back to NIC... > >> This dummy NC also been checked in filter_buffer_receive to avoid >> buffering >> packet been sent by ourself. >> > > I don't get why this is needed. Who is going to queue a packet in dummy > NC, consider it was not peered by any others? There's nothing in the dummy NC except the dummy->peer = NetFilterState->netdev This dummy NC only used to as a sender param of the existing APIs which send packets. When a buffered packet been sent, we shouldn't buffer it again, we cann't use any existing NC (packet->sender or NetFilterState->netdev) as the sender because otherwise we can't distinguish if the packet is a buffered packet sent by ourself. >>> >>>> + NetQueue *incoming_queue; >>>> + NetQueue *inflight_queue; >>>> +} FILTERBUFFERState; >>>> + >>>> +static void packet_send_completed(NetClientState *nc, ssize_t len) >>>> +{ >>>> + return; >>>> +} >>>> + >>>> +static void filter_buffer_flush(NetFilterState *nf) >>>> +{ >>>> + FILTERBUFFERState *s = DO_UPCAST(FILTERBUFFERState, nf, nf); >>>> + NetQueue *queue = s->inflight_queue; >>>> + NetPacket *packet; >>>> + >>>> + while (queue && !QTAILQ_EMPTY(&queue->packets)) { >>>> + packet = QTAILQ_FIRST(&queue->packets); >>>> + QTAILQ_REMOVE(&queue->packets, packet, entry); >>>> + queue->nq_count--; >>>> + >>>> + if (packet->flags & QEMU_NET_PACKET_FLAG_RAW) { >>>> + qemu_send_packet_raw(&s->dummy, packet->data, >>>> packet->size); >>>> + } else { >>>> + qemu_send_packet_async(&s->dummy, packet->data, >>>> packet->size, >>>> + packet->sent_cb); >>>> + } >>>> + >>>> + /* >>>> + * now that we pass the packet to >>>> sender->peer->incoming_queue, we >>>> + * don't care the reture value here, because the peer's >>>> queue will >>>> + * take care of this packet >>>> + */ >>>> + g_free(packet); >>>> + } >>>> + >>>> + if (queue && QTAILQ_EMPTY(&queue->packets)) { >>> >>> Under what condition queue->packet could be not empty here? >> >> You're right, this check is nonsense. can be dropped. >> >>> And I don't >>> get the point that why a inflight_queue is needed. >> >> maybe squash the interval patch here will make it clear? >> > > Yes, maybe. > >>> >>>> + g_free(queue); >>>> + s->inflight_queue = NULL; >>>> + } >>>> +} >>>> + >>>> +/* filter APIs */ >>>> +static ssize_t filter_buffer_receive(NetFilterState *nf, >>>> + NetClientState *sender, >>>> + unsigned flags, >>>> + const uint8_t *data, >>>> + size_t size) >>>> +{ >>>> + FILTERBUFFERState *s = DO_UPCAST(FILTERBUFFERState, nf, nf); >>>> + NetQueue *queue = s->incoming_queue; >>>> + >>>> + if (!sender->info) { >>>> + /* This must be a dummy NetClientState, do nothing */ >>>> + return 0; >>>> + } >>>> + >>>> + if (sender->info->type == NET_CLIENT_OPTIONS_KIND_NIC) { >>>> + /* we only buffer guest output packets */ >>>> + qemu_net_queue_append(queue, sender, flags, data, size, >>>> + packet_send_completed); >>> >>> This may brings some confusion for user. Since the name is 'netbuffer'. >>> Maybe we can change the filter to be ingress or out or both? Like: >>> >>> -device virtio-net-pci,id=virtio0 >>> -netfilter buffer,id=filter0,dev=virtio0,interval=1000,type=out >>> >>> Then we can just try to enqueue the packet when virtio-net-pci is >>> sender? >>> >>>> + /* Now that we have buffered the packet, return sucess */ >>>> + return size; >>>> + } >>>> + >>>> + return 0; >>>> +} >>>> + >>>> +static void filter_buffer_cleanup(NetFilterState *nf) >>>> +{ >>>> + FILTERBUFFERState *s = DO_UPCAST(FILTERBUFFERState, nf, nf); >>>> + >>>> + /* flush inflight packets */ >>>> + filter_buffer_flush(nf); >>>> + /* flush incoming packets */ >>>> + s->inflight_queue = s->incoming_queue; >>>> + s->incoming_queue = NULL; >>>> + filter_buffer_flush(nf); >>>> + >>>> + return; >>>> +} >>>> + >>>> + >>>> +static NetFilterInfo net_filter_buffer_info = { >>>> + .type = NET_FILTER_OPTIONS_KIND_BUFFER, >>>> + .size = sizeof(FILTERBUFFERState), >>>> + .receive = filter_buffer_receive, >>>> + .cleanup = filter_buffer_cleanup, >>>> +}; >>>> + >>>> +int net_init_filter_buffer(const NetFilterOptions *opts, const char >>>> *name, >>>> + NetClientState *netdev, Error **errp) >>>> +{ >>>> + NetFilterState *nf; >>>> + FILTERBUFFERState *s; >>>> + >>>> + assert(opts->kind == NET_FILTER_OPTIONS_KIND_BUFFER); >>>> + >>>> + nf = qemu_new_net_filter(&net_filter_buffer_info, netdev, >>>> "buffer", name); >>>> + s = DO_UPCAST(FILTERBUFFERState, nf, nf); >>>> + /* >>>> + * we need the dummy NetClientState to send packets in order to >>>> avoid >>>> + * receive packets again. >>>> + * we are buffering guest output packets, our buffered packets >>>> should be >>>> + * sent to real network backend, so dummy's peer should be that >>>> backend. >>>> + */ >>>> + s->dummy.peer = netdev; >>>> + s->incoming_queue = qemu_new_net_queue(nf); >>>> + >>>> + return 0; >>>> +} >>>> diff --git a/net/filter.c b/net/filter.c >>>> index 50fb837..e741e2a 100644 >>>> --- a/net/filter.c >>>> +++ b/net/filter.c >>>> @@ -18,6 +18,7 @@ >>>> >>>> #include "net/filter.h" >>>> #include "net/net.h" >>>> +#include "filters.h" >>>> >>>> static QTAILQ_HEAD(, NetFilterState) net_filters; >>>> >>>> @@ -152,6 +153,7 @@ typedef int (NetFilterInit)(const >>>> NetFilterOptions *opts, >>>> >>>> static >>>> NetFilterInit * const >>>> net_filter_init_fun[NET_FILTER_OPTIONS_KIND_MAX] = { >>>> + [NET_FILTER_OPTIONS_KIND_BUFFER] = net_init_filter_buffer, >>>> }; >>>> >>>> static int net_filter_init1(const NetFilter *netfilter, Error **errp) >>>> diff --git a/net/filters.h b/net/filters.h >>>> new file mode 100644 >>>> index 0000000..6c249b8 >>>> --- /dev/null >>>> +++ b/net/filters.h >>>> @@ -0,0 +1,17 @@ >>>> +/* >>>> + * Copyright (c) 2015 FUJITSU LIMITED >>>> + * >>>> + * This work is licensed under the terms of the GNU GPL, version 2 or >>>> + * later. See the COPYING file in the top-level directory. >>>> + */ >>>> + >>>> +#ifndef QEMU_NET_FILTERS_H >>>> +#define QEMU_NET_FILTERS_H >>>> + >>>> +#include "net/net.h" >>>> +#include "net/filter.h" >>>> + >>>> +int net_init_filter_buffer(const NetFilterOptions *opts, const char >>>> *name, >>>> + NetClientState *netdev, Error **errp); >>>> + >>>> +#endif /* QEMU_NET_FILTERS_H */ >>>> diff --git a/qapi-schema.json b/qapi-schema.json >>>> index 1fc6390..67e00a0 100644 >>>> --- a/qapi-schema.json >>>> +++ b/qapi-schema.json >>>> @@ -2577,6 +2577,16 @@ >>>> { 'command': 'netfilter_del', 'data': {'id': 'str'} } >>>> >>>> ## >>>> +# @NetFilterBufferOptions >>>> +# >>>> +# a netbuffer filter for network backend. >>>> +# >>>> +# Since 2.5 >>>> +## >>>> +{ 'struct': 'NetFilterBufferOptions', >>>> + 'data': { } } >>>> + >>>> +## >>>> # @NetFilterOptions >>>> # >>>> # A discriminated record of network filters. >>>> @@ -2585,7 +2595,8 @@ >>>> # >>>> ## >>>> { 'union': 'NetFilterOptions', >>>> - 'data': { } } >>>> + 'data': { >>>> + 'buffer': 'NetFilterBufferOptions'} } >>>> >>>> ## >>>> # @NetFilter >>> >>> . >>> >> > > . > -- Thanks, Yang.