From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59045) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aYVLe-0008Jg-MH for qemu-devel@nongnu.org; Wed, 24 Feb 2016 04:03:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aYVLb-000076-FB for qemu-devel@nongnu.org; Wed, 24 Feb 2016 04:03:06 -0500 Received: from [59.151.112.132] (port=5840 helo=heian.cn.fujitsu.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aYVLZ-0008UE-3J for qemu-devel@nongnu.org; Wed, 24 Feb 2016 04:03:03 -0500 References: <1454655023-29701-1-git-send-email-zhangchen.fnst@cn.fujitsu.com> <56C52F61.1070702@redhat.com> <56C577BC.4060901@cn.fujitsu.com> <56CD2606.7030102@redhat.com> From: Zhang Chen Message-ID: <56CD71DD.6040900@cn.fujitsu.com> Date: Wed, 24 Feb 2016 17:03:25 +0800 MIME-Version: 1.0 In-Reply-To: <56CD2606.7030102@redhat.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] net/filter-redirector:Add filter-redirector List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jason Wang , qemu devel Cc: zhanghailiang , Li Zhijian , Gui jianfeng , "eddie.dong" , "Dr. David Alan Gilbert" , Yang Hongyang On 02/24/2016 11:39 AM, Jason Wang wrote: > > On 02/18/2016 03:50 PM, Zhang Chen wrote: >> >> On 02/18/2016 10:41 AM, Jason Wang wrote: >>> On 02/05/2016 02:50 PM, Zhang Chen wrote: >>>> From: ZhangChen >>>> >>>> Filter-redirector is a netfilter plugin. >>>> It gives qemu the ability to redirect net packet. >>>> redirector can redirect filter's net packet to outdev. >>>> and redirect indev's packet to filter. >>>> >>>> filter >>>> + >>>> | >>>> | >>>> redirector | >>>> +-------------------------+ >>>> | | | >>>> | | | >>>> | | | >>>> indev +----------------+ +----------------> outdev >>>> | | | >>>> | | | >>>> | | | >>>> +-------------------------+ >>>> | >>>> | >>>> v >>>> filter >> v >> >> change it to filter ........ filter ...... guest >> It's may more clearly expressed. >> >>>> usage: >>>> >>>> -netdev tap,id=hn0 >>>> -chardev socket,id=s0,host=ip_primary,port=X,server,nowait >>>> -chardev socket,id=s1,host=ip_primary,port=Y,server,nowait >>>> -filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1 >>>> >>>> Signed-off-by: ZhangChen >>>> Signed-off-by: Wen Congyang >>>> --- >>> Thanks a lot for the patch. Like mirror, let's design a unit-test for >>> this. And what's more, is there any chance to unify the codes? (At least >>> parts of the codes could be reused). >> We can make filter-redirector based on filter-mirror. >> if you want to use redirector ,you must open mirror before. >> like this: >> >> -netdev tap,id=hn0 >> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait >> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,redirector=on,outdev=mirror0 >> >> -filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0 >> >> How about this? > This looks like a burden for user who just want to use redirector. Maybe > we can do : > > - Still two type of filters but sharing a single state. > - Using a internal flag to differ mirrors from redirectors? Good idea~ I will change it in next version. > >> >>>> net/Makefile.objs | 1 + >>>> net/filter-redirector.c | 245 >>>> ++++++++++++++++++++++++++++++++++++++++++++++++ >>>> qemu-options.hx | 6 ++ >>>> vl.c | 3 +- >>>> 4 files changed, 254 insertions(+), 1 deletion(-) >>>> create mode 100644 net/filter-redirector.c >>>> >>>> diff --git a/net/Makefile.objs b/net/Makefile.objs >>>> index 5fa2f97..f4290a5 100644 >>>> --- a/net/Makefile.objs >>>> +++ b/net/Makefile.objs >>>> @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o >>>> common-obj-$(CONFIG_NETMAP) += netmap.o >>>> common-obj-y += filter.o >>>> common-obj-y += filter-buffer.o >>>> +common-obj-y += filter-redirector.o >>>> diff --git a/net/filter-redirector.c b/net/filter-redirector.c >>>> new file mode 100644 >>>> index 0000000..364e463 >>>> --- /dev/null >>>> +++ b/net/filter-redirector.c >>>> @@ -0,0 +1,245 @@ >>>> +/* >>>> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. >>>> + * Copyright (c) 2016 FUJITSU LIMITED >>>> + * Copyright (c) 2016 Intel Corporation >>>> + * >>>> + * Author: Zhang Chen >>>> + * >>>> + * This work is licensed under the terms of the GNU GPL, version 2 or >>>> + * later. See the COPYING file in the top-level directory. >>>> + */ >>>> + >>>> +#include "net/filter.h" >>>> +#include "net/net.h" >>>> +#include "qemu-common.h" >>>> +#include "qapi/qmp/qerror.h" >>>> +#include "qapi-visit.h" >>>> +#include "qom/object.h" >>>> +#include "qemu/main-loop.h" >>>> +#include "qemu/error-report.h" >>>> +#include "trace.h" >>>> +#include "sysemu/char.h" >>>> +#include "qemu/iov.h" >>>> +#include "qemu/sockets.h" >>>> + >>>> +#define FILTER_REDIRECTOR(obj) \ >>>> + OBJECT_CHECK(RedirectorState, (obj), TYPE_FILTER_REDIRECTOR) >>>> + >>>> +#define TYPE_FILTER_REDIRECTOR "filter-redirector" >>>> +#define REDIRECT_HEADER_LEN sizeof(uint32_t) >>>> + >>>> +typedef struct RedirectorState { >>>> + NetFilterState parent_obj; >>>> + NetQueue *incoming_queue;/* guest normal net queue */ >>> The comment looks unless and maybe even wrong when queue=rx? >> We design redirector that indev's data always be passed to guest finally. >> so, It's no relation between the queue=rx/tx/all. just related to >> indev = xxx. >> we need incoming_queue to inject packet from indev. > So what happens if queue=rx or you want to forbid queue=rx for redirector? > If queue=rx, filter-redirector will get the packet that guest send, then redirect to outdev(if none, do nothing). but queue=rx/tx/all not related to indev. please look the flow chart below. queue=xxx just work for one way(filter->outdev). filter + | | redirector | +-------------------------+ | | | | | | | | | indev +----------------+ +----------------> outdev | | | | | | | | | +-------------------------+ | | v filter | | v filter ........ filter ...... guest > > . > -- Thanks zhangchen