[Qemu-devel] [PATCH V3 0/2] net/filter-mirror:add filter-mirror and unit test

[Qemu-devel] [PATCH V3 0/2] net/filter-mirror:add filter-mirror and unit test

[Zhang Chen]

From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>

Filter-mirror is a netfilter plugin.
It gives qemu the ability to copy and mirror guest's
net packet. we output packet to chardev.


v3:
 - Add filter-mirror unit test according
   to Jason's comments
 - Address zhanghailiang's comments.
 - Address Jason's comments.

v2:
 - Address zhanghailiang's comments.
 - Address Eric Blake's comments.
 - Address Yang Hongyang's comments.
 - Address Dave's comments.

v1:
 initial patch.


ZhangChen (2):
  net/filter-mirror:Add filter-mirror
  tests/test-filter-mirror:add filter-mirror unit test

 net/Makefile.objs          |   1 +
 net/filter-mirror.c        | 171 +++++++++++++++++++++++++++
 qemu-options.hx            |   5 +
 tests/.gitignore           |   1 +
 tests/Makefile             |   2 +
 tests/test-filter-mirror.c | 285 +++++++++++++++++++++++++++++++++++++++++++++
 vl.c                       |   3 +-
 7 files changed, 467 insertions(+), 1 deletion(-)
 create mode 100644 net/filter-mirror.c
 create mode 100644 tests/test-filter-mirror.c

-- 
1.9.1

[Qemu-devel] [PATCH V3 1/2] net/filter-mirror:Add filter-mirror

[Zhang Chen]

From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>

Filter-mirror is a netfilter plugin.
It gives qemu the ability to copy and mirror guest's
net packet. we output packet to chardev.

usage:

-netdev tap,id=hn0
-chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait
-filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0

Signed-off-by: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 net/Makefile.objs   |   1 +
 net/filter-mirror.c | 171 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 qemu-options.hx     |   5 ++
 vl.c                |   3 +-
 4 files changed, 179 insertions(+), 1 deletion(-)
 create mode 100644 net/filter-mirror.c

diff --git a/net/Makefile.objs b/net/Makefile.objs
index 5fa2f97..de06ebe 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o
 common-obj-$(CONFIG_NETMAP) += netmap.o
 common-obj-y += filter.o
 common-obj-y += filter-buffer.o
+common-obj-y += traffic-mirror.o
diff --git a/net/filter-mirror.c b/net/filter-mirror.c
new file mode 100644
index 0000000..87ccaf5
--- /dev/null
+++ b/net/filter-mirror.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "net/filter.h"
+#include "net/net.h"
+#include "qemu-common.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi-visit.h"
+#include "qom/object.h"
+#include "qemu/main-loop.h"
+#include "qemu/error-report.h"
+#include "trace.h"
+#include "sysemu/char.h"
+#include "qemu/iov.h"
+#include "qemu/sockets.h"
+
+#define FILTER_MIRROR(obj) \
+    OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
+
+#define TYPE_FILTER_MIRROR "filter-mirror"
+
+typedef struct MirrorState {
+    NetFilterState parent_obj;
+    char *outdev;
+    CharDriverState *chr_out;
+} MirrorState;
+
+static ssize_t filter_mirror_send(NetFilterState *nf,
+                                   const struct iovec *iov,
+                                   int iovcnt)
+{
+    MirrorState *s = FILTER_MIRROR(nf);
+    ssize_t ret = 0;
+    ssize_t size = 0;
+    uint32_t len =  0;
+    char *buf;
+
+    size = iov_size(iov, iovcnt);
+    len = htonl(size);
+    if (!size) {
+        return 0;
+    }
+
+    buf = g_malloc0(size);
+    iov_to_buf(iov, iovcnt, 0, buf, size);
+    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len, sizeof(len));
+    if (ret < 0) {
+        g_free(buf);
+        return ret;
+    }
+
+    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)buf, size);
+    g_free(buf);
+    return ret;
+}
+
+static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
+                                         NetClientState *sender,
+                                         unsigned flags,
+                                         const struct iovec *iov,
+                                         int iovcnt,
+                                         NetPacketSent *sent_cb)
+{
+    ssize_t ret = 0;
+
+    ret = filter_mirror_send(nf, iov, iovcnt);
+    if (ret < 0) {
+        error_report("filter_mirror_send failed");
+    }
+
+    return 0;
+}
+
+static void filter_mirror_cleanup(NetFilterState *nf)
+{
+    MirrorState *s = FILTER_MIRROR(nf);
+
+    if (s->chr_out) {
+        qemu_chr_fe_release(s->chr_out);
+    }
+}
+
+static void filter_mirror_setup(NetFilterState *nf, Error **errp)
+{
+    MirrorState *s = FILTER_MIRROR(nf);
+
+    if (!s->outdev) {
+        error_setg(errp, "filter filter mirror needs 'outdev' "
+                "property set");
+        return;
+    }
+
+    s->chr_out = qemu_chr_find(s->outdev);
+    if (s->chr_out == NULL) {
+        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
+                  "Device '%s' not found", s->outdev);
+        return;
+    }
+
+    if (qemu_chr_fe_claim(s->chr_out) != 0) {
+        error_setg(errp, QERR_DEVICE_IN_USE, s->outdev);
+        return;
+    }
+}
+
+static void filter_mirror_class_init(ObjectClass *oc, void *data)
+{
+    NetFilterClass *nfc = NETFILTER_CLASS(oc);
+
+    nfc->setup = filter_mirror_setup;
+    nfc->cleanup = filter_mirror_cleanup;
+    nfc->receive_iov = filter_mirror_receive_iov;
+}
+
+static char *filter_mirror_get_outdev(Object *obj, Error **errp)
+{
+    MirrorState *s = FILTER_MIRROR(obj);
+
+    return g_strdup(s->outdev);
+}
+
+static void
+filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
+{
+    MirrorState *s = FILTER_MIRROR(obj);
+
+    g_free(s->outdev);
+    s->outdev = g_strdup(value);
+    if (!s->outdev) {
+        error_setg(errp, "filter filter mirror needs 'outdev' "
+                "property set");
+        return;
+    }
+}
+
+static void filter_mirror_init(Object *obj)
+{
+    object_property_add_str(obj, "outdev", filter_mirror_get_outdev,
+                            filter_mirror_set_outdev, NULL);
+}
+
+static void filter_mirror_fini(Object *obj)
+{
+    MirrorState *s = FILTER_MIRROR(obj);
+
+    g_free(s->outdev);
+}
+
+static const TypeInfo filter_mirror_info = {
+    .name = TYPE_FILTER_MIRROR,
+    .parent = TYPE_NETFILTER,
+    .class_init = filter_mirror_class_init,
+    .instance_init = filter_mirror_init,
+    .instance_finalize = filter_mirror_fini,
+    .instance_size = sizeof(MirrorState),
+};
+
+static void register_types(void)
+{
+    type_register_static(&filter_mirror_info);
+}
+
+type_init(register_types);
diff --git a/qemu-options.hx b/qemu-options.hx
index f31a240..89fa0c1 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3745,6 +3745,11 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter.
 @option{tx}: the filter is attached to the transmit queue of the netdev,
              where it will receive packets sent by the netdev.
 
+@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
+
+filter-mirror on netdev @var{netdevid},mirror net packet to outdev.
+queue @var{all|rx|tx} is an option that can be applied to filter-mirror.
+
 @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
 
 Dump the network traffic on netdev @var{dev} to the file specified by
diff --git a/vl.c b/vl.c
index f043009..1596833 100644
--- a/vl.c
+++ b/vl.c
@@ -2801,7 +2801,8 @@ static bool object_create_initial(const char *type)
      * they depend on netdevs already existing
      */
     if (g_str_equal(type, "filter-buffer") ||
-        g_str_equal(type, "filter-dump")) {
+        g_str_equal(type, "filter-dump") ||
+        g_str_equal(type, "filter-mirror")) {
         return false;
     }
 
-- 
1.9.1

[Qemu-devel] [PATCH V3 2/2] tests/test-filter-mirror:add filter-mirror unit test

[Zhang Chen]

From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>

Using qtest qmp interface to implement following cases:
1) add/remove filter-mirror
2) add a filter-mirror then delete the netdev
3) add/remove more than one filter-mirrors
4) add more than one filter-mirrors and then delete the netdev
5) add filter-mirror with:
   -object filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0

   then inject packet from the socket connected to qtest-bn0,
   filter-mirror will copy and mirror the packet to mirror0.
   we read packet from mirror0 and then compare to what we inject.
   del filter-mirror.

we start qemu with:
-netdev socket,id=qtest-bn0,listen=127.0.0.1:9005
-device e1000,netdev=qtest-bn0,id=qtest-e0
-chardev socket,id=mirror0,host=127.0.0.1,port=9003,server,nowait
-chardev socket,id=mirror1,host=127.0.0.1,port=9004,server,nowait

Signed-off-by: zhangchen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
---
 tests/.gitignore           |   1 +
 tests/Makefile             |   2 +
 tests/test-filter-mirror.c | 285 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 288 insertions(+)
 create mode 100644 tests/test-filter-mirror.c

diff --git a/tests/.gitignore b/tests/.gitignore
index 787c95c..10df017 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -63,5 +63,6 @@ test-write-threshold
 test-x86-cpuid
 test-xbzrle
 test-netfilter
+test-filter-mirror
 *-test
 qapi-schema/*.test.*
diff --git a/tests/Makefile b/tests/Makefile
index 650e654..e56c514 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -212,6 +212,7 @@ ifeq ($(CONFIG_VHOST_NET_TEST_i386),)
 check-qtest-x86_64-$(CONFIG_VHOST_NET_TEST_x86_64) += tests/vhost-user-test$(EXESUF)
 endif
 check-qtest-i386-y += tests/test-netfilter$(EXESUF)
+check-qtest-i386-y += tests/test-filter-mirror$(EXESUF)
 check-qtest-x86_64-y = $(check-qtest-i386-y)
 gcov-files-i386-y += i386-softmmu/hw/timer/mc146818rtc.c
 gcov-files-x86_64-y = $(subst i386-softmmu/,x86_64-softmmu/,$(gcov-files-i386-y))
@@ -563,6 +564,7 @@ tests/qemu-iotests/socket_scm_helper$(EXESUF): tests/qemu-iotests/socket_scm_hel
 tests/test-qemu-opts$(EXESUF): tests/test-qemu-opts.o $(test-util-obj-y)
 tests/test-write-threshold$(EXESUF): tests/test-write-threshold.o $(test-block-obj-y)
 tests/test-netfilter$(EXESUF): tests/test-netfilter.o $(qtest-obj-y)
+tests/test-filter-mirror$(EXESUF): tests/test-filter-mirror.o $(qtest-obj-y)
 tests/ivshmem-test$(EXESUF): tests/ivshmem-test.o contrib/ivshmem-server/ivshmem-server.o $(libqos-pc-obj-y)
 tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o
 
diff --git a/tests/test-filter-mirror.c b/tests/test-filter-mirror.c
new file mode 100644
index 0000000..f8dd20b
--- /dev/null
+++ b/tests/test-filter-mirror.c
@@ -0,0 +1,285 @@
+/*
+ * QTest testcase for filter-mirror
+ *
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Author: Zhang chen <zhangchen.fnst@cn.fujitsu.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include <glib.h>
+#include "libqtest.h"
+#include "qemu/iov.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+
+/* add a netfilter to a netdev and then remove it */
+
+static void add_one_netfilter(void)
+{
+    QDict *response;
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f0',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror0'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'object-del',"
+                   " 'arguments': {"
+                   "   'id': 'qtest-f0'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+}
+
+/* add a netfilter to a netdev and then remove the netdev */
+static void remove_netdev_with_one_netfilter(void)
+{
+    QDict *response;
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f0',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror0'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'netdev_del',"
+                   " 'arguments': {"
+                   "   'id': 'qtest-bn0'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    /* add back the netdev */
+    response = qmp("{'execute': 'netdev_add',"
+                   " 'arguments': {"
+                   "   'type': 'socket',"
+                   "   'id': 'qtest-bn0',"
+                   "   'listen': '127.0.0.1:9005'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+}
+
+/* add multi(2) netfilters to a netdev and then remove them */
+static void add_multi_netfilter(void)
+{
+    QDict *response;
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f0',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror0'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f1',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror1'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'object-del',"
+                   " 'arguments': {"
+                   "   'id': 'qtest-f0'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'object-del',"
+                   " 'arguments': {"
+                   "   'id': 'qtest-f1'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+}
+
+/* add multi(2) netfilters to a netdev and then remove the netdev */
+static void remove_netdev_with_multi_netfilter(void)
+{
+    QDict *response;
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f0',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror0'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f1',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror1'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    response = qmp("{'execute': 'netdev_del',"
+                   " 'arguments': {"
+                   "   'id': 'qtest-bn0'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    /* add back the netdev */
+    response = qmp("{'execute': 'netdev_add',"
+                   " 'arguments': {"
+                   "   'type': 'socket',"
+                   "   'id': 'qtest-bn0',"
+                   "   'listen': '127.0.0.1:9005'"
+                   "}}");
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+}
+
+static void test_mirror(void)
+{
+    QDict *response;
+
+    response = qmp("{'execute': 'object-add',"
+                   " 'arguments': {"
+                   "   'qom-type': 'filter-mirror',"
+                   "   'id': 'qtest-f0',"
+                   "   'props': {"
+                   "     'netdev': 'qtest-bn0',"
+                   "     'queue': 'tx',"
+                   "     'outdev': 'mirror0'"
+                   "}}}");
+
+    g_assert(response);
+    g_assert(!qdict_haskey(response, "error"));
+    QDECREF(response);
+
+    int send_sock;
+    uint32_t ret = 0;
+    char send_buf[] = "Hello! filter-mirror~";
+    uint32_t size = sizeof(send_buf);
+    size = htonl(size);
+
+    send_sock = inet_connect("127.0.0.1:9005", NULL);
+    if (send_sock < 0) {
+        error_report("test_mirror connect send_sock 127.0.0.1:9005 failed");
+        return;
+    }
+
+    if (fork() == 0) {
+        int recv_sock;
+        uint32_t len = 0;
+        char *recv_buf;
+
+        recv_sock = inet_connect("127.0.0.1:9003", NULL);
+        if (recv_sock < 0) {
+            error_report("test_mirror connect recv_sock 127.0.0.1:9003 failed");
+            exit(1);
+        }
+        ret = qemu_recv(recv_sock, &len, sizeof(len), 0);
+        g_assert_cmpint(ret, ==, sizeof(len));
+        len = ntohl(len);
+
+        g_assert_cmpint(len, ==, sizeof(send_buf));
+        recv_buf = g_malloc0(len);
+        ret = qemu_recv(recv_sock, recv_buf, len, 0);
+        g_assert_cmpstr(recv_buf, ==, send_buf);
+
+        g_free(recv_buf);
+        close(recv_sock);
+        exit(0);
+    }
+
+    usleep(5000);
+    struct iovec iov[] = {
+        {
+            .iov_base = &size,
+            .iov_len = sizeof(size),
+        }, {
+            .iov_base = send_buf,
+            .iov_len = sizeof(send_buf),
+        },
+    };
+    ret = iov_send(send_sock, iov, 2, 0, sizeof(size) + sizeof(send_buf));
+    g_assert_cmpint(ret, ==, sizeof(send_buf) + sizeof(size));
+    close(send_sock);
+
+    response = qmp("{'execute': 'object-del',"
+                   " 'arguments': {"
+                   "   'id': 'qtest-f0'"
+                   "}}");
+}
+
+int main(int argc, char **argv)
+{
+    int ret;
+
+    g_test_init(&argc, &argv, NULL);
+
+    qtest_add_func("/netfilter/test-mirror", test_mirror);
+    qtest_add_func("/netfilter/addremove_one", add_one_netfilter);
+    qtest_add_func("/netfilter/addremove_multi", add_multi_netfilter);
+    qtest_add_func("/netfilter/remove_netdev_one",
+                   remove_netdev_with_one_netfilter);
+    qtest_add_func("/netfilter/remove_netdev_multi",
+                   remove_netdev_with_multi_netfilter);
+
+    qtest_start("-netdev socket,id=qtest-bn0,listen=127.0.0.1:9005 "
+                 "-device e1000,netdev=qtest-bn0,id=qtest-e0 "
+                 "-chardev socket,id=mirror0,host=127.0.0.1,port=9003,server,nowait "
+                 "-chardev socket,id=mirror1,host=127.0.0.1,port=9004,server,nowait ");
+    ret = g_test_run();
+    qtest_end();
+
+    return ret;
+}
-- 
1.9.1

Re: [Qemu-devel] [PATCH V3 1/2] net/filter-mirror:Add filter-mirror

[Zhang Chen]

On 02/04/2016 03:43 PM, Zhang Chen wrote:
> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>
> Filter-mirror is a netfilter plugin.
> It gives qemu the ability to copy and mirror guest's
> net packet. we output packet to chardev.
>
> usage:
>
> -netdev tap,id=hn0
> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait
> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0
>
> Signed-off-by: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>   net/Makefile.objs   |   1 +
>   net/filter-mirror.c | 171 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>   qemu-options.hx     |   5 ++
>   vl.c                |   3 +-
>   4 files changed, 179 insertions(+), 1 deletion(-)
>   create mode 100644 net/filter-mirror.c
>
> diff --git a/net/Makefile.objs b/net/Makefile.objs
> index 5fa2f97..de06ebe 100644
> --- a/net/Makefile.objs
> +++ b/net/Makefile.objs
> @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o
>   common-obj-$(CONFIG_NETMAP) += netmap.o
>   common-obj-y += filter.o
>   common-obj-y += filter-buffer.o
> +common-obj-y += traffic-mirror.o

s/traffic-mirror.o/filter-mirror.o/     rebase error....

> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> new file mode 100644
> index 0000000..87ccaf5
> --- /dev/null
> +++ b/net/filter-mirror.c
> @@ -0,0 +1,171 @@
> +/*
> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
> + * Copyright (c) 2016 FUJITSU LIMITED
> + * Copyright (c) 2016 Intel Corporation
> + *
> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later.  See the COPYING file in the top-level directory.
> + */
> +
> +#include "net/filter.h"
> +#include "net/net.h"
> +#include "qemu-common.h"
> +#include "qapi/qmp/qerror.h"
> +#include "qapi-visit.h"
> +#include "qom/object.h"
> +#include "qemu/main-loop.h"
> +#include "qemu/error-report.h"
> +#include "trace.h"
> +#include "sysemu/char.h"
> +#include "qemu/iov.h"
> +#include "qemu/sockets.h"
> +
> +#define FILTER_MIRROR(obj) \
> +    OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
> +
> +#define TYPE_FILTER_MIRROR "filter-mirror"
> +
> +typedef struct MirrorState {
> +    NetFilterState parent_obj;
> +    char *outdev;
> +    CharDriverState *chr_out;
> +} MirrorState;
> +
> +static ssize_t filter_mirror_send(NetFilterState *nf,
> +                                   const struct iovec *iov,
> +                                   int iovcnt)
> +{
> +    MirrorState *s = FILTER_MIRROR(nf);
> +    ssize_t ret = 0;
> +    ssize_t size = 0;
> +    uint32_t len =  0;
> +    char *buf;
> +
> +    size = iov_size(iov, iovcnt);
> +    len = htonl(size);
> +    if (!size) {
> +        return 0;
> +    }
> +
> +    buf = g_malloc0(size);
> +    iov_to_buf(iov, iovcnt, 0, buf, size);
> +    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len, sizeof(len));
> +    if (ret < 0) {
> +        g_free(buf);
> +        return ret;
> +    }
> +
> +    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)buf, size);
> +    g_free(buf);
> +    return ret;
> +}
> +
> +static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
> +                                         NetClientState *sender,
> +                                         unsigned flags,
> +                                         const struct iovec *iov,
> +                                         int iovcnt,
> +                                         NetPacketSent *sent_cb)
> +{
> +    ssize_t ret = 0;
> +
> +    ret = filter_mirror_send(nf, iov, iovcnt);
> +    if (ret < 0) {
> +        error_report("filter_mirror_send failed");
> +    }
> +
> +    return 0;
> +}
> +
> +static void filter_mirror_cleanup(NetFilterState *nf)
> +{
> +    MirrorState *s = FILTER_MIRROR(nf);
> +
> +    if (s->chr_out) {
> +        qemu_chr_fe_release(s->chr_out);
> +    }
> +}
> +
> +static void filter_mirror_setup(NetFilterState *nf, Error **errp)
> +{
> +    MirrorState *s = FILTER_MIRROR(nf);
> +
> +    if (!s->outdev) {
> +        error_setg(errp, "filter filter mirror needs 'outdev' "
> +                "property set");
> +        return;
> +    }
> +
> +    s->chr_out = qemu_chr_find(s->outdev);
> +    if (s->chr_out == NULL) {
> +        error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
> +                  "Device '%s' not found", s->outdev);
> +        return;
> +    }
> +
> +    if (qemu_chr_fe_claim(s->chr_out) != 0) {
> +        error_setg(errp, QERR_DEVICE_IN_USE, s->outdev);
> +        return;
> +    }
> +}
> +
> +static void filter_mirror_class_init(ObjectClass *oc, void *data)
> +{
> +    NetFilterClass *nfc = NETFILTER_CLASS(oc);
> +
> +    nfc->setup = filter_mirror_setup;
> +    nfc->cleanup = filter_mirror_cleanup;
> +    nfc->receive_iov = filter_mirror_receive_iov;
> +}
> +
> +static char *filter_mirror_get_outdev(Object *obj, Error **errp)
> +{
> +    MirrorState *s = FILTER_MIRROR(obj);
> +
> +    return g_strdup(s->outdev);
> +}
> +
> +static void
> +filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
> +{
> +    MirrorState *s = FILTER_MIRROR(obj);
> +
> +    g_free(s->outdev);
> +    s->outdev = g_strdup(value);
> +    if (!s->outdev) {
> +        error_setg(errp, "filter filter mirror needs 'outdev' "
> +                "property set");
> +        return;
> +    }
> +}
> +
> +static void filter_mirror_init(Object *obj)
> +{
> +    object_property_add_str(obj, "outdev", filter_mirror_get_outdev,
> +                            filter_mirror_set_outdev, NULL);
> +}
> +
> +static void filter_mirror_fini(Object *obj)
> +{
> +    MirrorState *s = FILTER_MIRROR(obj);
> +
> +    g_free(s->outdev);
> +}
> +
> +static const TypeInfo filter_mirror_info = {
> +    .name = TYPE_FILTER_MIRROR,
> +    .parent = TYPE_NETFILTER,
> +    .class_init = filter_mirror_class_init,
> +    .instance_init = filter_mirror_init,
> +    .instance_finalize = filter_mirror_fini,
> +    .instance_size = sizeof(MirrorState),
> +};
> +
> +static void register_types(void)
> +{
> +    type_register_static(&filter_mirror_info);
> +}
> +
> +type_init(register_types);
> diff --git a/qemu-options.hx b/qemu-options.hx
> index f31a240..89fa0c1 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3745,6 +3745,11 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter.
>   @option{tx}: the filter is attached to the transmit queue of the netdev,
>                where it will receive packets sent by the netdev.
>   
> +@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
> +
> +filter-mirror on netdev @var{netdevid},mirror net packet to outdev.
> +queue @var{all|rx|tx} is an option that can be applied to filter-mirror.
> +
>   @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
>   
>   Dump the network traffic on netdev @var{dev} to the file specified by
> diff --git a/vl.c b/vl.c
> index f043009..1596833 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -2801,7 +2801,8 @@ static bool object_create_initial(const char *type)
>        * they depend on netdevs already existing
>        */
>       if (g_str_equal(type, "filter-buffer") ||
> -        g_str_equal(type, "filter-dump")) {
> +        g_str_equal(type, "filter-dump") ||
> +        g_str_equal(type, "filter-mirror")) {
>           return false;
>       }
>   

-- 
Thanks
zhangchen

Re: [Qemu-devel] [PATCH V3 1/2] net/filter-mirror:Add filter-mirror

[Jason Wang]

On 02/04/2016 05:00 PM, Zhang Chen wrote:
>
>
> On 02/04/2016 03:43 PM, Zhang Chen wrote:
>> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>
>> Filter-mirror is a netfilter plugin.
>> It gives qemu the ability to copy and mirror guest's
>> net packet. we output packet to chardev.

To make it compact, how about "It gives qemu the ability to mirror
packets to a chardev."?

>>
>> usage:
>>
>> -netdev tap,id=hn0
>> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait
>> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0

An issue with mirror (and dump) is that it can not work correctly with
the netdev that has a vnet header. Need to fix this, a possible solution
is to checksum the buffer and strip the header before passing it to a
chardev.

>>
>> Signed-off-by: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
>> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>> ---
>>   net/Makefile.objs   |   1 +
>>   net/filter-mirror.c | 171
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>   qemu-options.hx     |   5 ++
>>   vl.c                |   3 +-
>>   4 files changed, 179 insertions(+), 1 deletion(-)
>>   create mode 100644 net/filter-mirror.c
>>
>> diff --git a/net/Makefile.objs b/net/Makefile.objs
>> index 5fa2f97..de06ebe 100644
>> --- a/net/Makefile.objs
>> +++ b/net/Makefile.objs
>> @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o
>>   common-obj-$(CONFIG_NETMAP) += netmap.o
>>   common-obj-y += filter.o
>>   common-obj-y += filter-buffer.o
>> +common-obj-y += traffic-mirror.o
>
> s/traffic-mirror.o/filter-mirror.o/     rebase error....
>
>> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
>> new file mode 100644
>> index 0000000..87ccaf5
>> --- /dev/null
>> +++ b/net/filter-mirror.c
>> @@ -0,0 +1,171 @@
>> +/*
>> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
>> + * Copyright (c) 2016 FUJITSU LIMITED
>> + * Copyright (c) 2016 Intel Corporation
>> + *
>> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or
>> + * later.  See the COPYING file in the top-level directory.
>> + */
>> +
>> +#include "net/filter.h"
>> +#include "net/net.h"
>> +#include "qemu-common.h"
>> +#include "qapi/qmp/qerror.h"
>> +#include "qapi-visit.h"
>> +#include "qom/object.h"
>> +#include "qemu/main-loop.h"
>> +#include "qemu/error-report.h"
>> +#include "trace.h"
>> +#include "sysemu/char.h"
>> +#include "qemu/iov.h"
>> +#include "qemu/sockets.h"
>> +
>> +#define FILTER_MIRROR(obj) \
>> +    OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
>> +
>> +#define TYPE_FILTER_MIRROR "filter-mirror"
>> +
>> +typedef struct MirrorState {
>> +    NetFilterState parent_obj;
>> +    char *outdev;
>> +    CharDriverState *chr_out;
>> +} MirrorState;
>> +
>> +static ssize_t filter_mirror_send(NetFilterState *nf,
>> +                                   const struct iovec *iov,
>> +                                   int iovcnt)
>> +{
>> +    MirrorState *s = FILTER_MIRROR(nf);
>> +    ssize_t ret = 0;
>> +    ssize_t size = 0;
>> +    uint32_t len =  0;
>> +    char *buf;
>> +
>> +    size = iov_size(iov, iovcnt);
>> +    len = htonl(size);
>> +    if (!size) {
>> +        return 0;
>> +    }
>> +
>> +    buf = g_malloc0(size);
>> +    iov_to_buf(iov, iovcnt, 0, buf, size);
>> +    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len,
>> sizeof(len));
>> +    if (ret < 0) {

I believe we should also fail when ret < sizeof(len) and modify the
caller check in filter_mirror_iov(). To make this a little bit easier,
there's no need to return ssize_t here (otherwise, caller need to call
iov_size() before checking the return value), just return 0 for success
and -EFXXX for failure.

Other looks good.

Re: [Qemu-devel] [PATCH V3 2/2] tests/test-filter-mirror:add filter-mirror unit test

[Jason Wang]

On 02/04/2016 03:43 PM, Zhang Chen wrote:
> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>
> Using qtest qmp interface to implement following cases:
> 1) add/remove filter-mirror
> 2) add a filter-mirror then delete the netdev
> 3) add/remove more than one filter-mirrors
> 4) add more than one filter-mirrors and then delete the netdev

The steps here is rather similar to test-netfilter.c. Let's try to
generalize them instead of duplicating codes.

> 5) add filter-mirror with:
>    -object filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0
>
>    then inject packet from the socket connected to qtest-bn0,
>    filter-mirror will copy and mirror the packet to mirror0.
>    we read packet from mirror0 and then compare to what we inject.
>    del filter-mirror.
>
> we start qemu with:
> -netdev socket,id=qtest-bn0,listen=127.0.0.1:9005
> -device e1000,netdev=qtest-bn0,id=qtest-e0
> -chardev socket,id=mirror0,host=127.0.0.1,port=9003,server,nowait
> -chardev socket,id=mirror1,host=127.0.0.1,port=9004,server,nowait

Hardcoded port is not good here since it may cause false positive
(consider the tests may be trigged by lots of automated script both
upstream and downstream). A better solution is using socketpair(2) and
passing pre-created fd(s) to file chardev.

>
> Signed-off-by: zhangchen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>

[...]

Re: [Qemu-devel] [PATCH V3 1/2] net/filter-mirror:Add filter-mirror

[Zhang Chen]

On 02/15/2016 01:23 PM, Jason Wang wrote:
>
> On 02/04/2016 05:00 PM, Zhang Chen wrote:
>>
>> On 02/04/2016 03:43 PM, Zhang Chen wrote:
>>> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>>
>>> Filter-mirror is a netfilter plugin.
>>> It gives qemu the ability to copy and mirror guest's
>>> net packet. we output packet to chardev.
> To make it compact, how about "It gives qemu the ability to mirror
> packets to a chardev."?

OK, will fix it in next version.

>>> usage:
>>>
>>> -netdev tap,id=hn0
>>> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait
>>> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0
> An issue with mirror (and dump) is that it can not work correctly with
> the netdev that has a vnet header. Need to fix this, a possible solution
> is to checksum the buffer and strip the header before passing it to a
> chardev.
>

Thanks, I don't consider about vnet, we will fix it in next version.

>>> Signed-off-by: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>>> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
>>> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>>> ---
>>>    net/Makefile.objs   |   1 +
>>>    net/filter-mirror.c | 171
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>    qemu-options.hx     |   5 ++
>>>    vl.c                |   3 +-
>>>    4 files changed, 179 insertions(+), 1 deletion(-)
>>>    create mode 100644 net/filter-mirror.c
>>>
>>> diff --git a/net/Makefile.objs b/net/Makefile.objs
>>> index 5fa2f97..de06ebe 100644
>>> --- a/net/Makefile.objs
>>> +++ b/net/Makefile.objs
>>> @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o
>>>    common-obj-$(CONFIG_NETMAP) += netmap.o
>>>    common-obj-y += filter.o
>>>    common-obj-y += filter-buffer.o
>>> +common-obj-y += traffic-mirror.o
>> s/traffic-mirror.o/filter-mirror.o/     rebase error....
>>
>>> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
>>> new file mode 100644
>>> index 0000000..87ccaf5
>>> --- /dev/null
>>> +++ b/net/filter-mirror.c
>>> @@ -0,0 +1,171 @@
>>> +/*
>>> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
>>> + * Copyright (c) 2016 FUJITSU LIMITED
>>> + * Copyright (c) 2016 Intel Corporation
>>> + *
>>> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>>> + *
>>> + * This work is licensed under the terms of the GNU GPL, version 2 or
>>> + * later.  See the COPYING file in the top-level directory.
>>> + */
>>> +
>>> +#include "net/filter.h"
>>> +#include "net/net.h"
>>> +#include "qemu-common.h"
>>> +#include "qapi/qmp/qerror.h"
>>> +#include "qapi-visit.h"
>>> +#include "qom/object.h"
>>> +#include "qemu/main-loop.h"
>>> +#include "qemu/error-report.h"
>>> +#include "trace.h"
>>> +#include "sysemu/char.h"
>>> +#include "qemu/iov.h"
>>> +#include "qemu/sockets.h"
>>> +
>>> +#define FILTER_MIRROR(obj) \
>>> +    OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
>>> +
>>> +#define TYPE_FILTER_MIRROR "filter-mirror"
>>> +
>>> +typedef struct MirrorState {
>>> +    NetFilterState parent_obj;
>>> +    char *outdev;
>>> +    CharDriverState *chr_out;
>>> +} MirrorState;
>>> +
>>> +static ssize_t filter_mirror_send(NetFilterState *nf,
>>> +                                   const struct iovec *iov,
>>> +                                   int iovcnt)
>>> +{
>>> +    MirrorState *s = FILTER_MIRROR(nf);
>>> +    ssize_t ret = 0;
>>> +    ssize_t size = 0;
>>> +    uint32_t len =  0;
>>> +    char *buf;
>>> +
>>> +    size = iov_size(iov, iovcnt);
>>> +    len = htonl(size);
>>> +    if (!size) {
>>> +        return 0;
>>> +    }
>>> +
>>> +    buf = g_malloc0(size);
>>> +    iov_to_buf(iov, iovcnt, 0, buf, size);
>>> +    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len,
>>> sizeof(len));
>>> +    if (ret < 0) {
> I believe we should also fail when ret < sizeof(len) and modify the
> caller check in filter_mirror_iov(). To make this a little bit easier,
> there's no need to return ssize_t here (otherwise, caller need to call
> iov_size() before checking the return value), just return 0 for success
> and -EFXXX for failure.

OK, will fix it in next version

Thanks
zhangchen

> Other looks good.
>
>
>
> .
>

-- 
Thanks
zhangchen

Re: [Qemu-devel] [PATCH V3 1/2] net/filter-mirror:Add filter-mirror

[Zhang Chen]

On 02/15/2016 03:06 PM, Zhang Chen wrote:
>
>
> On 02/15/2016 01:23 PM, Jason Wang wrote:
>>
>> On 02/04/2016 05:00 PM, Zhang Chen wrote:
>>>
>>> On 02/04/2016 03:43 PM, Zhang Chen wrote:
>>>> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>>>
>>>> Filter-mirror is a netfilter plugin.
>>>> It gives qemu the ability to copy and mirror guest's
>>>> net packet. we output packet to chardev.
>> To make it compact, how about "It gives qemu the ability to mirror
>> packets to a chardev."?
>
> OK, will fix it in next version.
>
>>>> usage:
>>>>
>>>> -netdev tap,id=hn0
>>>> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait
>>>> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0
>> An issue with mirror (and dump) is that it can not work correctly with
>> the netdev that has a vnet header. Need to fix this, a possible solution
>> is to checksum the buffer and strip the header before passing it to a
>> chardev.
>>
>
> Thanks, I don't consider about vnet, we will fix it in next version.
>

We have discussed for vnet in our team.  we think filter-mirror no need to
do some analysis packet job, just do mirror job. and other job put it on
other plugin like filter-writer and filter-compare. If we have two guest
that both have vnet header, mirror one guest's packet to anther one.
strip the header then mirror packet will result in errors. so let's strip
vnet header in other plugin. keep filter-mirror simple.the filter-redirector
is same as filter-mirror.

>>>> Signed-off-by: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>>>> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>
>>>> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>>>> ---
>>>>    net/Makefile.objs   |   1 +
>>>>    net/filter-mirror.c | 171
>>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>>    qemu-options.hx     |   5 ++
>>>>    vl.c                |   3 +-
>>>>    4 files changed, 179 insertions(+), 1 deletion(-)
>>>>    create mode 100644 net/filter-mirror.c
>>>>
>>>> diff --git a/net/Makefile.objs b/net/Makefile.objs
>>>> index 5fa2f97..de06ebe 100644
>>>> --- a/net/Makefile.objs
>>>> +++ b/net/Makefile.objs
>>>> @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o
>>>>    common-obj-$(CONFIG_NETMAP) += netmap.o
>>>>    common-obj-y += filter.o
>>>>    common-obj-y += filter-buffer.o
>>>> +common-obj-y += traffic-mirror.o
>>> s/traffic-mirror.o/filter-mirror.o/     rebase error....
>>>
>>>> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
>>>> new file mode 100644
>>>> index 0000000..87ccaf5
>>>> --- /dev/null
>>>> +++ b/net/filter-mirror.c
>>>> @@ -0,0 +1,171 @@
>>>> +/*
>>>> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
>>>> + * Copyright (c) 2016 FUJITSU LIMITED
>>>> + * Copyright (c) 2016 Intel Corporation
>>>> + *
>>>> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>>>> + *
>>>> + * This work is licensed under the terms of the GNU GPL, version 2 or
>>>> + * later.  See the COPYING file in the top-level directory.
>>>> + */
>>>> +
>>>> +#include "net/filter.h"
>>>> +#include "net/net.h"
>>>> +#include "qemu-common.h"
>>>> +#include "qapi/qmp/qerror.h"
>>>> +#include "qapi-visit.h"
>>>> +#include "qom/object.h"
>>>> +#include "qemu/main-loop.h"
>>>> +#include "qemu/error-report.h"
>>>> +#include "trace.h"
>>>> +#include "sysemu/char.h"
>>>> +#include "qemu/iov.h"
>>>> +#include "qemu/sockets.h"
>>>> +
>>>> +#define FILTER_MIRROR(obj) \
>>>> +    OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
>>>> +
>>>> +#define TYPE_FILTER_MIRROR "filter-mirror"
>>>> +
>>>> +typedef struct MirrorState {
>>>> +    NetFilterState parent_obj;
>>>> +    char *outdev;
>>>> +    CharDriverState *chr_out;
>>>> +} MirrorState;
>>>> +
>>>> +static ssize_t filter_mirror_send(NetFilterState *nf,
>>>> +                                   const struct iovec *iov,
>>>> +                                   int iovcnt)
>>>> +{
>>>> +    MirrorState *s = FILTER_MIRROR(nf);
>>>> +    ssize_t ret = 0;
>>>> +    ssize_t size = 0;
>>>> +    uint32_t len =  0;
>>>> +    char *buf;
>>>> +
>>>> +    size = iov_size(iov, iovcnt);
>>>> +    len = htonl(size);
>>>> +    if (!size) {
>>>> +        return 0;
>>>> +    }
>>>> +
>>>> +    buf = g_malloc0(size);
>>>> +    iov_to_buf(iov, iovcnt, 0, buf, size);
>>>> +    ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len,
>>>> sizeof(len));
>>>> +    if (ret < 0) {
>> I believe we should also fail when ret < sizeof(len) and modify the
>> caller check in filter_mirror_iov(). To make this a little bit easier,
>> there's no need to return ssize_t here (otherwise, caller need to call
>> iov_size() before checking the return value), just return 0 for success
>> and -EFXXX for failure.
>
> OK, will fix it in next version
>
> Thanks
> zhangchen
>
>> Other looks good.
>>
>>
>>
>> .
>>
>

-- 
Thanks
zhangchen

Re: [Qemu-devel] [PATCH V3 2/2] tests/test-filter-mirror:add filter-mirror unit test

[Zhang Chen]

On 02/15/2016 01:54 PM, Jason Wang wrote:
>
> On 02/04/2016 03:43 PM, Zhang Chen wrote:
>> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>
>> Using qtest qmp interface to implement following cases:
>> 1) add/remove filter-mirror
>> 2) add a filter-mirror then delete the netdev
>> 3) add/remove more than one filter-mirrors
>> 4) add more than one filter-mirrors and then delete the netdev
> The steps here is rather similar to test-netfilter.c. Let's try to
> generalize them instead of duplicating codes.

We consider that netfilter need a common test case to test common
function for all filter plugin. so we will remove it in this patch and
write anther patch for netfilter common test in futrue. and now
we will focus on filter-redirector, filter-rewriter and filter-compare.

>> 5) add filter-mirror with:
>>     -object filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0
>>
>>     then inject packet from the socket connected to qtest-bn0,
>>     filter-mirror will copy and mirror the packet to mirror0.
>>     we read packet from mirror0 and then compare to what we inject.
>>     del filter-mirror.
>>
>> we start qemu with:
>> -netdev socket,id=qtest-bn0,listen=127.0.0.1:9005
>> -device e1000,netdev=qtest-bn0,id=qtest-e0
>> -chardev socket,id=mirror0,host=127.0.0.1,port=9003,server,nowait
>> -chardev socket,id=mirror1,host=127.0.0.1,port=9004,server,nowait
> Hardcoded port is not good here since it may cause false positive
> (consider the tests may be trigged by lots of automated script both
> upstream and downstream). A better solution is using socketpair(2) and
> passing pre-created fd(s) to file chardev.

I will fix it in next patch

Thanks
zhangchen

>> Signed-off-by: zhangchen <zhangchen.fnst@cn.fujitsu.com>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>>
> [...]
>
>
> .
>

-- 
Thanks
zhangchen

Re: [Qemu-devel] [PATCH V3 1/2] net/filter-mirror:Add filter-mirror

[Jason Wang]

On 02/17/2016 11:53 AM, Zhang Chen wrote:
>
>
> On 02/15/2016 03:06 PM, Zhang Chen wrote:
>>
>>
>> On 02/15/2016 01:23 PM, Jason Wang wrote:
>>>
>>> On 02/04/2016 05:00 PM, Zhang Chen wrote:
>>>>
>>>> On 02/04/2016 03:43 PM, Zhang Chen wrote:
>>>>> From: ZhangChen <zhangchen.fnst@cn.fujitsu.com>
>>>>>
>>>>> Filter-mirror is a netfilter plugin.
>>>>> It gives qemu the ability to copy and mirror guest's
>>>>> net packet. we output packet to chardev.
>>> To make it compact, how about "It gives qemu the ability to mirror
>>> packets to a chardev."?
>>
>> OK, will fix it in next version.
>>
>>>>> usage:
>>>>>
>>>>> -netdev tap,id=hn0
>>>>> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait
>>>>> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0
>>> An issue with mirror (and dump) is that it can not work correctly with
>>> the netdev that has a vnet header. Need to fix this, a possible
>>> solution
>>> is to checksum the buffer and strip the header before passing it to a
>>> chardev.
>>>
>>
>> Thanks, I don't consider about vnet, we will fix it in next version.
>>
>
> We have discussed for vnet in our team.  we think filter-mirror no
> need to
> do some analysis packet job, just do mirror job. and other job put it on
> other plugin like filter-writer and filter-compare. If we have two guest
> that both have vnet header, mirror one guest's packet to anther one.
> strip the header then mirror packet will result in errors. so let's strip
> vnet header in other plugin. keep filter-mirror simple.the
> filter-redirector
> is same as filter-mirror. 

Ok, I'm also fine with this.