From: Jason Wang <jasowang@redhat.com>
To: Yang Hongyang <yanghy@cn.fujitsu.com>, qemu-devel@nongnu.org
Cc: thuth@redhat.com, zhang.zhanghailiang@huawei.com,
lizhijian@cn.fujitsu.com, mrhines@linux.vnet.ibm.com,
stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH v2 5/9] netfilter: hook packets before net queue send
Date: Fri, 31 Jul 2015 14:06:26 +0800 [thread overview]
Message-ID: <55BB1062.8000901@redhat.com> (raw)
In-Reply-To: <1438316014-8369-6-git-send-email-yanghy@cn.fujitsu.com>
On 07/31/2015 12:13 PM, Yang Hongyang wrote:
> Capture packets that will be sent.
>
> Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
> ---
> include/net/filter.h | 8 +++++++
> net/filter.c | 1 +
> net/net.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++-
> 3 files changed, 75 insertions(+), 1 deletion(-)
>
> diff --git a/include/net/filter.h b/include/net/filter.h
> index 1b6f896..93579c1 100644
> --- a/include/net/filter.h
> +++ b/include/net/filter.h
> @@ -19,11 +19,19 @@ enum {
> };
>
> typedef void (FilterCleanup) (NetFilterState *);
> +/*
> + * Return:
> + * 0: finished handling the packet, we should continue
> + * size: filter stolen this packet, we stop pass this packet further
> + */
> +typedef ssize_t (FilterReceiveIOV)(NetFilterState *, NetClientState *sender,
> + unsigned flags, const struct iovec *, int);
>
> typedef struct NetFilterInfo {
> NetFilterOptionsKind type;
> size_t size;
> FilterCleanup *cleanup;
> + FilterReceiveIOV *receive_iov;
Please move this to patch 2.
> } NetFilterInfo;
>
> struct NetFilterState {
> diff --git a/net/filter.c b/net/filter.c
> index b3a2285..1ae9344 100644
> --- a/net/filter.c
> +++ b/net/filter.c
> @@ -29,6 +29,7 @@ NetFilterState *qemu_new_net_filter(NetFilterInfo *info,
> NetFilterState *nf;
>
> assert(info->size >= sizeof(NetFilterState));
> + assert(info->receive_iov);
>
> nf = g_malloc0(info->size);
> nf->info = info;
> diff --git a/net/net.c b/net/net.c
> index 22748e0..b55d934 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -24,6 +24,7 @@
> #include "config-host.h"
>
> #include "net/net.h"
> +#include "net/filter.h"
> #include "clients.h"
> #include "hub.h"
> #include "net/slirp.h"
> @@ -592,6 +593,42 @@ int qemu_can_send_packet(NetClientState *sender)
> return 1;
> }
>
> +static ssize_t filter_receive_iov(NetClientState *nc, int chain,
> + NetClientState *sender,
> + unsigned flags,
> + const struct iovec *iov,
> + int iovcnt) {
> + ssize_t ret = 0;
> + Filter *filter = NULL;
> + NetFilterState *nf = NULL;
> + ssize_t size = iov_size(iov, iovcnt);
> +
> + QTAILQ_FOREACH(filter, &nc->filters, next) {
> + nf = filter->nf;
> + if (nf->chain == chain || nf->chain == NET_FILTER_ALL) {
> + ret = nf->info->receive_iov(nf, sender, flags, iov, iovcnt);
> + if (ret == size) {
> + return ret;
> + }
> + }
> + }
So if a packet is being stolen or blocked by one filter, it could only
be flushed to destination? I think we need an API to flush it into next
filter.
> +
> + return ret;
> +}
> +
> +static ssize_t filter_receive(NetClientState *nc, int chain,
> + NetClientState *sender,
> + unsigned flags,
> + const uint8_t *data,
> + size_t size) {
> + struct iovec iov = {
> + .iov_base = (void *)data,
> + .iov_len = size
> + };
> +
> + return filter_receive_iov(nc, chain, sender, flags, &iov, 1);
> +}
> +
> ssize_t qemu_deliver_packet(NetClientState *sender,
> unsigned flags,
> const uint8_t *data,
> @@ -663,6 +700,7 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
> NetPacketSent *sent_cb)
> {
> NetQueue *queue;
> + int ret;
>
> #ifdef DEBUG_NET
> printf("qemu_send_packet_async:\n");
> @@ -673,6 +711,18 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
> return size;
> }
>
> + /* Let filters handle the packet first */
> + ret = filter_receive(sender, NET_FILTER_OUT, sender, flags, buf, size);
> + if (ret == size) {
> + return size;
> + }
> +
> + ret = filter_receive(sender->peer, NET_FILTER_IN,
> + sender, flags, buf, size);
> + if (ret == size) {
> + return size;
> + }
> +
> queue = sender->peer->incoming_queue;
>
> return qemu_net_queue_send(queue, sender, flags, buf, size, sent_cb);
> @@ -743,9 +793,24 @@ ssize_t qemu_sendv_packet_async(NetClientState *sender,
> NetPacketSent *sent_cb)
> {
> NetQueue *queue;
> + int size = iov_size(iov, iovcnt);
> + int ret;
>
> if (sender->link_down || !sender->peer) {
> - return iov_size(iov, iovcnt);
> + return size;
> + }
> +
> + /* Let filters handle the packet first */
> + ret = filter_receive_iov(sender, NET_FILTER_OUT,
> + sender, QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt);
> + if (ret == size) {
> + return size;
> + }
> +
> + ret = filter_receive_iov(sender->peer, NET_FILTER_IN,
> + sender, QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt);
> + if (ret == size) {
> + return size;
> }
>
> queue = sender->peer->incoming_queue;
next prev parent reply other threads:[~2015-07-31 6:06 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-31 4:13 [Qemu-devel] [PATCH v2 0/9] For QEMU 2.5: Add a netfilter object and netbuffer filter Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 1/9] net: add a new object netfilter Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 2/9] init/cleanup of netfilter object Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 3/9] netfilter: add netfilter_{add|del} commands Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 4/9] net: add/remove filters from network backend Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 5/9] netfilter: hook packets before net queue send Yang Hongyang
2015-07-31 6:06 ` Jason Wang [this message]
2015-07-31 8:24 ` Yang Hongyang
2015-07-31 9:09 ` Jason Wang
2015-07-31 9:58 ` Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 6/9] net/queue: export qemu_net_queue_append_iov Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 7/9] move out net queue structs define Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 8/9] netfilter: add a netbuffer filter Yang Hongyang
2015-07-31 6:08 ` Jason Wang
2015-07-31 8:30 ` Yang Hongyang
2015-07-31 9:15 ` Jason Wang
2015-07-31 18:58 ` Dr. David Alan Gilbert
2015-08-03 1:10 ` Yang Hongyang
2015-07-31 4:13 ` [Qemu-devel] [PATCH v2 9/9] filter/buffer: update command description and help Yang Hongyang
2015-07-31 5:58 ` [Qemu-devel] [PATCH v2 0/9] For QEMU 2.5: Add a netfilter object and netbuffer filter Jason Wang
2015-07-31 8:20 ` Yang Hongyang
2015-07-31 9:08 ` Jason Wang
2015-07-31 9:51 ` Yang Hongyang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55BB1062.8000901@redhat.com \
--to=jasowang@redhat.com \
--cc=lizhijian@cn.fujitsu.com \
--cc=mrhines@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
--cc=yanghy@cn.fujitsu.com \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.