From: Li Zhijian <lizhijian@cn.fujitsu.com>
To: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>,
qemu devel <qemu-devel@nongnu.org>,
Jason Wang <jasowang@redhat.com>
Cc: zhanghailiang <zhang.zhanghailiang@huawei.com>,
Gui jianfeng <guijianfeng@cn.fujitsu.com>,
"eddie.dong" <eddie.dong@intel.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Yang Hongyang <hongyang.yang@easystack.cn>
Subject: Re: [Qemu-devel] [PATCH V2 2/3] net/filter-redirector:Add filter-redirector
Date: Tue, 1 Mar 2016 11:27:06 +0800 [thread overview]
Message-ID: <56D50C0A.3080809@cn.fujitsu.com> (raw)
In-Reply-To: <1456748635-1912-3-git-send-email-zhangchen.fnst@cn.fujitsu.com>
On 02/29/2016 08:23 PM, Zhang Chen wrote:
> Filter-redirector is a netfilter plugin.
> It gives qemu the ability to redirect net packet.
> redirector can redirect filter's net packet to outdev.
> and redirect indev's packet to filter.
>
> filter
> +
> |
> |
> redirector |
> +-------------------------+
> | | |
> | | |
> | | |
> indev +----------------+ +----------------> outdev
> | | |
> | | |
> | | |
> +-------------------------+
> |
> |
> v
> filter
> |
> |
> v
> filter------> guest
>
> usage:
>
> -netdev tap,id=hn0
> -chardev socket,id=s0,host=ip_primary,port=X,server,nowait
> -chardev socket,id=s1,host=ip_primary,port=Y,server,nowait
> -filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1
>
> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> ---
> net/Makefile.objs | 1 +
> net/filter-redirector.c | 216 ++++++++++++++++++++++++++++++++++++++++++++++++
> qemu-options.hx | 8 ++
> vl.c | 3 +-
> 4 files changed, 227 insertions(+), 1 deletion(-)
> create mode 100644 net/filter-redirector.c
>
> diff --git a/net/Makefile.objs b/net/Makefile.objs
> index b7c22fd..8af9932 100644
> --- a/net/Makefile.objs
> +++ b/net/Makefile.objs
> @@ -16,3 +16,4 @@ common-obj-$(CONFIG_NETMAP) += netmap.o
> common-obj-y += filter.o
> common-obj-y += filter-buffer.o
> common-obj-y += filter-mirror.o
> +common-obj-y += filter-redirector.o
> diff --git a/net/filter-redirector.c b/net/filter-redirector.c
> new file mode 100644
> index 0000000..d0eb76d
> --- /dev/null
> +++ b/net/filter-redirector.c
> @@ -0,0 +1,216 @@
> +/*
> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
> + * Copyright (c) 2016 FUJITSU LIMITED
> + * Copyright (c) 2016 Intel Corporation
> + *
> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later. See the COPYING file in the top-level directory.
> + */
> +
> +#include "net/filter-traffic.h"
> +
> +#define FILTER_REDIRECTOR(obj) \
> + OBJECT_CHECK(TrafficState, (obj), TYPE_FILTER_REDIRECTOR)
> +
> +#define TYPE_FILTER_REDIRECTOR "filter-redirector"
> +#define REDIRECT_HEADER_LEN sizeof(uint32_t)
> +
> +static int filter_redirector_send(NetFilterState *nf,
> + const struct iovec *iov,
> + int iovcnt)
> +{
> + return filter_traffic_send(nf, iov, iovcnt);
> +}
> +
> +static ssize_t filter_redirector_receive_iov(NetFilterState *nf,
> + NetClientState *sender,
> + unsigned flags,
> + const struct iovec *iov,
> + int iovcnt,
> + NetPacketSent *sent_cb)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(nf);
> + ssize_t ret = 0;
> +
> + if (s->chr_out) {
> + ret = filter_redirector_send(nf, iov, iovcnt);
> + if (ret < 0) {
> + error_report("filter_redirector_send failed");
> + }
> + return iov_size(iov, iovcnt);
> + } else {
> + return 0;
> + }
> +}
> +
> +static void filter_redirector_cleanup(NetFilterState *nf)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(nf);
> +
> + if (s->chr_in) {
> + qemu_chr_fe_release(s->chr_in);
> + }
> + if (s->chr_out) {
> + qemu_chr_fe_release(s->chr_out);
> + }
> +}
> +
> +static int redirector_chr_can_read(void *opaque)
> +{
> + return REDIRECT_HEADER_LEN;
> +}
> +
> +static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)
> +{
> + NetFilterState *nf = opaque;
> + TrafficState *s = FILTER_REDIRECTOR(nf);
> + uint32_t len;
> + int ret = 0;
> + uint8_t *recv_buf;
> + int offset = size;
> +
> + while (offset < REDIRECT_HEADER_LEN) {
> + ret = s->chr_in->chr_sync_read(s->chr_in, (uint8_t *)buf + offset,
> + REDIRECT_HEADER_LEN - offset);
> + if (ret == -1 && errno == EAGAIN) {
> + g_usleep(100);
> + }
> + offset += ret;
if 'ret' is a nagative value, you will cut 'offset'.
> + }
> +
> + memcpy(&len, buf, sizeof(len));
> + len = ntohl(len);
> +
> + if (len > 0 && len < NET_BUFSIZE) {
> + recv_buf = g_malloc(len);
> + ret = qemu_chr_fe_read_all(s->chr_in, recv_buf, len);
> + if (ret != len) {
> + error_report("filter-redirector recv buf failed");
> + g_free(recv_buf);
> + return;
> + }
> +
> + ret = qemu_net_queue_send(s->incoming_queue, nf->netdev,
> + 0, (const uint8_t *)recv_buf, len, NULL);
> + g_free(recv_buf);
> + if (ret < 0) {
> + error_report("filter-redirector out to guest failed");
> + }
> + } else {
> + error_report("filter-redirector recv len failed");
> + }
> +}
> +
> +static void filter_redirector_setup(NetFilterState *nf, Error **errp)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(nf);
> +
> + if (!s->indev && !s->outdev) {
> + error_setg(errp, "filter redirector needs 'indev' or "
> + "'outdev' at least one property set");
> + return;
> + } else if (s->indev == s->outdev) {
> + error_setg(errp, "filter redirector needs 'indev' and "
> + "'outdev' are not same");
> + return;
> + }
> +
> + if (s->indev) {
> + s->chr_in = qemu_chr_find(s->indev);
> + if (s->chr_in == NULL) {
> + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> + "IN Device '%s' not found", s->indev);
> + return;
> + }
> +
> + qemu_chr_fe_claim_no_fail(s->chr_in);
> + qemu_chr_add_handlers(s->chr_in, redirector_chr_can_read,
> + redirector_chr_read, NULL, nf);
> + }
> +
> + if (s->outdev) {
> + s->chr_out = qemu_chr_find(s->outdev);
> + if (s->chr_out == NULL) {
> + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> + "OUT Device '%s' not found", s->outdev);
> + return;
> + }
> + qemu_chr_fe_claim_no_fail(s->chr_out);
> + }
> + s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
Does just 'indev' need an incoming_queue ?
Best regards.
Li Zhijian
> +}
> +
> +static void filter_redirector_class_init(ObjectClass *oc, void *data)
> +{
> + NetFilterClass *nfc = NETFILTER_CLASS(oc);
> +
> + nfc->setup = filter_redirector_setup;
> + nfc->cleanup = filter_redirector_cleanup;
> + nfc->receive_iov = filter_redirector_receive_iov;
> +}
> +
> +static char *filter_redirector_get_indev(Object *obj, Error **errp)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(obj);
> +
> + return g_strdup(s->indev);
> +}
> +
> +static void
> +filter_redirector_set_indev(Object *obj, const char *value, Error **errp)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(obj);
> +
> + g_free(s->indev);
> + s->indev = g_strdup(value);
> +}
> +
> +static char *filter_redirector_get_outdev(Object *obj, Error **errp)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(obj);
> +
> + return g_strdup(s->outdev);
> +}
> +
> +static void
> +filter_redirector_set_outdev(Object *obj, const char *value, Error **errp)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(obj);
> +
> + g_free(s->outdev);
> + s->outdev = g_strdup(value);
> +}
> +
> +static void filter_redirector_init(Object *obj)
> +{
> + object_property_add_str(obj, "indev", filter_redirector_get_indev,
> + filter_redirector_set_indev, NULL);
> + object_property_add_str(obj, "outdev", filter_redirector_get_outdev,
> + filter_redirector_set_outdev, NULL);
> +}
> +
> +static void filter_redirector_fini(Object *obj)
> +{
> + TrafficState *s = FILTER_REDIRECTOR(obj);
> +
> + g_free(s->indev);
> + g_free(s->outdev);
> +}
> +
> +static const TypeInfo filter_redirector_info = {
> + .name = TYPE_FILTER_REDIRECTOR,
> + .parent = TYPE_NETFILTER,
> + .class_init = filter_redirector_class_init,
> + .instance_init = filter_redirector_init,
> + .instance_finalize = filter_redirector_fini,
> + .instance_size = sizeof(TrafficState),
> +};
> +
> +static void register_types(void)
> +{
> + type_register_static(&filter_redirector_info);
> +}
> +
> +type_init(register_types);
> diff --git a/qemu-options.hx b/qemu-options.hx
> index ca27863..84584e3 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3764,6 +3764,14 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter.
> filter-mirror on netdev @var{netdevid},mirror net packet to chardev
> @var{chardevid}
>
> +@item -object filter-redirector,id=@var{id},netdev=@var{netdevid},indev=@var{chardevid},
> +outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
> +
> +filter-redirector on netdev @var{netdevid},redirect filter's net packet to chardev
> +@var{chardevid},and redirect indev's packet to filter.
> +Create a filter-redirector we need to differ outdev id from indev id, id can not
> +be the same. we can just use indev or outdev, but at least one to be set.
> +
> @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
>
> Dump the network traffic on netdev @var{dev} to the file specified by
> diff --git a/vl.c b/vl.c
> index d68533a..c389a3f 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -2799,7 +2799,8 @@ static bool object_create_initial(const char *type)
> */
> if (g_str_equal(type, "filter-buffer") ||
> g_str_equal(type, "filter-dump") ||
> - g_str_equal(type, "filter-mirror")) {
> + g_str_equal(type, "filter-mirror") ||
> + g_str_equal(type, "filter-redirector")) {
> return false;
> }
>
>
next prev parent reply other threads:[~2016-03-01 3:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 12:23 [Qemu-devel] [PATCH V2 0/3] Introduce filter-redirector Zhang Chen
2016-02-29 12:23 ` [Qemu-devel] [PATCH V2 1/3] net/filter-traffic: add filter-traffic.h Zhang Chen
2016-03-01 3:02 ` Li Zhijian
2016-03-01 6:56 ` Zhang Chen
2016-03-02 6:19 ` Jason Wang
2016-03-02 7:25 ` Zhang Chen
2016-03-03 6:48 ` Jason Wang
2016-03-03 7:20 ` Zhang Chen
2016-03-03 7:24 ` Jason Wang
2016-03-03 8:19 ` Zhang Chen
2016-02-29 12:23 ` [Qemu-devel] [PATCH V2 2/3] net/filter-redirector:Add filter-redirector Zhang Chen
2016-03-01 3:27 ` Li Zhijian [this message]
2016-03-02 6:31 ` Jason Wang
2016-03-02 7:31 ` Zhang Chen
2016-02-29 12:23 ` [Qemu-devel] [PATCH V2 3/3] tests/test-filter-redirector: Add unit test for filter-redirector Zhang Chen
2016-03-02 6:47 ` Jason Wang
2016-03-04 6:18 ` Li Zhijian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56D50C0A.3080809@cn.fujitsu.com \
--to=lizhijian@cn.fujitsu.com \
--cc=dgilbert@redhat.com \
--cc=eddie.dong@intel.com \
--cc=guijianfeng@cn.fujitsu.com \
--cc=hongyang.yang@easystack.cn \
--cc=jasowang@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zhang.zhanghailiang@huawei.com \
--cc=zhangchen.fnst@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.