* [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and unit test @ 2016-03-09 9:07 Zhang Chen 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror Zhang Chen 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 2/2] tests/test-filter-mirror:add filter-mirror unit test Zhang Chen 0 siblings, 2 replies; 6+ messages in thread From: Zhang Chen @ 2016-03-09 9:07 UTC (permalink / raw) To: qemu devel, Jason Wang Cc: Li Zhijian, Gui jianfeng, eddie.dong, zhanghailiang, Dr. David Alan Gilbert, Zhang Chen, Yang Hongyang Filter-mirror is a netfilter plugin. It gives qemu the ability to mirror packets to a chardev. v8: - The outdev of filter-mirror test changed from -chardev socket to -chardev pipe v7: - fix mktemp() to mkstemp() v6: - Address Jason's comments. v5: - Address Jason's comments. v4: - Address Jason's comments. v3: - Add filter-mirror unit test according to Jason's comments - Address zhanghailiang's comments. - Address Jason's comments. v2: - Address zhanghailiang's comments. - Address Eric Blake's comments. - Address Yang Hongyang's comments. - Address Dave's comments. v1: initial patch. Zhang Chen (2): net/filter-mirror:Add filter-mirror tests/test-filter-mirror:add filter-mirror unit test net/Makefile.objs | 1 + net/filter-mirror.c | 181 +++++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 5 ++ tests/.gitignore | 1 + tests/Makefile | 2 + tests/test-filter-mirror.c | 88 ++++++++++++++++++++++ vl.c | 3 +- 7 files changed, 280 insertions(+), 1 deletion(-) create mode 100644 net/filter-mirror.c create mode 100644 tests/test-filter-mirror.c -- 1.9.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror 2016-03-09 9:07 [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and unit test Zhang Chen @ 2016-03-09 9:07 ` Zhang Chen 2016-03-09 9:40 ` Wen Congyang 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 2/2] tests/test-filter-mirror:add filter-mirror unit test Zhang Chen 1 sibling, 1 reply; 6+ messages in thread From: Zhang Chen @ 2016-03-09 9:07 UTC (permalink / raw) To: qemu devel, Jason Wang Cc: Li Zhijian, Gui jianfeng, eddie.dong, zhanghailiang, Dr. David Alan Gilbert, Zhang Chen, Yang Hongyang Filter-mirror is a netfilter plugin. It gives qemu the ability to mirror packets to a chardev. usage: -netdev tap,id=hn0 -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0 Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com> --- net/Makefile.objs | 1 + net/filter-mirror.c | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 5 ++ vl.c | 3 +- 4 files changed, 189 insertions(+), 1 deletion(-) create mode 100644 net/filter-mirror.c diff --git a/net/Makefile.objs b/net/Makefile.objs index 5fa2f97..b7c22fd 100644 --- a/net/Makefile.objs +++ b/net/Makefile.objs @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o common-obj-$(CONFIG_NETMAP) += netmap.o common-obj-y += filter.o common-obj-y += filter-buffer.o +common-obj-y += filter-mirror.o diff --git a/net/filter-mirror.c b/net/filter-mirror.c new file mode 100644 index 0000000..ee13d94 --- /dev/null +++ b/net/filter-mirror.c @@ -0,0 +1,181 @@ +/* + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * Copyright (c) 2016 FUJITSU LIMITED + * Copyright (c) 2016 Intel Corporation + * + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + */ + +#include "net/filter.h" +#include "net/net.h" +#include "qemu-common.h" +#include "qapi/qmp/qerror.h" +#include "qapi-visit.h" +#include "qom/object.h" +#include "qemu/main-loop.h" +#include "qemu/error-report.h" +#include "trace.h" +#include "sysemu/char.h" +#include "qemu/iov.h" +#include "qemu/sockets.h" + +#define FILTER_MIRROR(obj) \ + OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR) + +#define TYPE_FILTER_MIRROR "filter-mirror" + +typedef struct MirrorState { + NetFilterState parent_obj; + char *outdev; + CharDriverState *chr_out; +} MirrorState; + +static int filter_mirror_send(NetFilterState *nf, + const struct iovec *iov, + int iovcnt) +{ + MirrorState *s = FILTER_MIRROR(nf); + int ret = 0; + ssize_t size = 0; + uint32_t len = 0; + char *buf; + + size = iov_size(iov, iovcnt); + if (!size) { + return 0; + } + + len = htonl(size); + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len, sizeof(len)); + if (ret != sizeof(len)) { + goto err; + } + + buf = g_malloc(size); + iov_to_buf(iov, iovcnt, 0, buf, size); + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)buf, size); + g_free(buf); + if (ret != size) { + goto err; + } + + return 0; + +err: + return ret < 0 ? ret : -EIO; +} + +static ssize_t filter_mirror_receive_iov(NetFilterState *nf, + NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + NetPacketSent *sent_cb) +{ + int ret; + + ret = filter_mirror_send(nf, iov, iovcnt); + if (ret) { + error_report("filter_mirror_send failed(%s)", strerror(-ret)); + } + + /* + * we don't hope this error interrupt the normal + * path of net packet, so we always return zero. + */ + return 0; +} + +static void filter_mirror_cleanup(NetFilterState *nf) +{ + MirrorState *s = FILTER_MIRROR(nf); + + if (s->chr_out) { + qemu_chr_fe_release(s->chr_out); + } +} + +static void filter_mirror_setup(NetFilterState *nf, Error **errp) +{ + MirrorState *s = FILTER_MIRROR(nf); + + if (!s->outdev) { + error_setg(errp, "filter filter mirror needs 'outdev' " + "property set"); + return; + } + + s->chr_out = qemu_chr_find(s->outdev); + if (s->chr_out == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Device '%s' not found", s->outdev); + return; + } + + if (qemu_chr_fe_claim(s->chr_out) != 0) { + error_setg(errp, QERR_DEVICE_IN_USE, s->outdev); + return; + } +} + +static void filter_mirror_class_init(ObjectClass *oc, void *data) +{ + NetFilterClass *nfc = NETFILTER_CLASS(oc); + + nfc->setup = filter_mirror_setup; + nfc->cleanup = filter_mirror_cleanup; + nfc->receive_iov = filter_mirror_receive_iov; +} + +static char *filter_mirror_get_outdev(Object *obj, Error **errp) +{ + MirrorState *s = FILTER_MIRROR(obj); + + return g_strdup(s->outdev); +} + +static void +filter_mirror_set_outdev(Object *obj, const char *value, Error **errp) +{ + MirrorState *s = FILTER_MIRROR(obj); + + g_free(s->outdev); + s->outdev = g_strdup(value); + if (!s->outdev) { + error_setg(errp, "filter filter mirror needs 'outdev' " + "property set"); + return; + } +} + +static void filter_mirror_init(Object *obj) +{ + object_property_add_str(obj, "outdev", filter_mirror_get_outdev, + filter_mirror_set_outdev, NULL); +} + +static void filter_mirror_fini(Object *obj) +{ + MirrorState *s = FILTER_MIRROR(obj); + + g_free(s->outdev); +} + +static const TypeInfo filter_mirror_info = { + .name = TYPE_FILTER_MIRROR, + .parent = TYPE_NETFILTER, + .class_init = filter_mirror_class_init, + .instance_init = filter_mirror_init, + .instance_finalize = filter_mirror_fini, + .instance_size = sizeof(MirrorState), +}; + +static void register_types(void) +{ + type_register_static(&filter_mirror_info); +} + +type_init(register_types); diff --git a/qemu-options.hx b/qemu-options.hx index 2f0465e..ca27863 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -3759,6 +3759,11 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter. @option{tx}: the filter is attached to the transmit queue of the netdev, where it will receive packets sent by the netdev. +@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}] + +filter-mirror on netdev @var{netdevid},mirror net packet to chardev +@var{chardevid} + @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] Dump the network traffic on netdev @var{dev} to the file specified by diff --git a/vl.c b/vl.c index 175ebcc..d68533a 100644 --- a/vl.c +++ b/vl.c @@ -2798,7 +2798,8 @@ static bool object_create_initial(const char *type) * they depend on netdevs already existing */ if (g_str_equal(type, "filter-buffer") || - g_str_equal(type, "filter-dump")) { + g_str_equal(type, "filter-dump") || + g_str_equal(type, "filter-mirror")) { return false; } -- 1.9.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror Zhang Chen @ 2016-03-09 9:40 ` Wen Congyang 2016-03-09 10:03 ` Zhang Chen 0 siblings, 1 reply; 6+ messages in thread From: Wen Congyang @ 2016-03-09 9:40 UTC (permalink / raw) To: Zhang Chen, qemu devel, Jason Wang Cc: zhanghailiang, Li Zhijian, Gui jianfeng, eddie.dong, Dr. David Alan Gilbert, Yang Hongyang On 03/09/2016 05:07 PM, Zhang Chen wrote: > Filter-mirror is a netfilter plugin. > It gives qemu the ability to mirror > packets to a chardev. > > usage: > > -netdev tap,id=hn0 > -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait > -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0 > > Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> > Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> > Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn> > Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com> > --- > net/Makefile.objs | 1 + > net/filter-mirror.c | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > qemu-options.hx | 5 ++ > vl.c | 3 +- > 4 files changed, 189 insertions(+), 1 deletion(-) > create mode 100644 net/filter-mirror.c > > diff --git a/net/Makefile.objs b/net/Makefile.objs > index 5fa2f97..b7c22fd 100644 > --- a/net/Makefile.objs > +++ b/net/Makefile.objs > @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o > common-obj-$(CONFIG_NETMAP) += netmap.o > common-obj-y += filter.o > common-obj-y += filter-buffer.o > +common-obj-y += filter-mirror.o > diff --git a/net/filter-mirror.c b/net/filter-mirror.c > new file mode 100644 > index 0000000..ee13d94 > --- /dev/null > +++ b/net/filter-mirror.c > @@ -0,0 +1,181 @@ > +/* > + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. > + * Copyright (c) 2016 FUJITSU LIMITED > + * Copyright (c) 2016 Intel Corporation > + * > + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> > + * > + * This work is licensed under the terms of the GNU GPL, version 2 or > + * later. See the COPYING file in the top-level directory. > + */ > + > +#include "net/filter.h" > +#include "net/net.h" > +#include "qemu-common.h" > +#include "qapi/qmp/qerror.h" > +#include "qapi-visit.h" > +#include "qom/object.h" > +#include "qemu/main-loop.h" > +#include "qemu/error-report.h" > +#include "trace.h" > +#include "sysemu/char.h" > +#include "qemu/iov.h" > +#include "qemu/sockets.h" > + > +#define FILTER_MIRROR(obj) \ > + OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR) > + > +#define TYPE_FILTER_MIRROR "filter-mirror" > + > +typedef struct MirrorState { > + NetFilterState parent_obj; > + char *outdev; > + CharDriverState *chr_out; > +} MirrorState; > + > +static int filter_mirror_send(NetFilterState *nf, > + const struct iovec *iov, > + int iovcnt) Please change the indent. Thanks Wen Congyang > +{ > + MirrorState *s = FILTER_MIRROR(nf); > + int ret = 0; > + ssize_t size = 0; > + uint32_t len = 0; > + char *buf; > + > + size = iov_size(iov, iovcnt); > + if (!size) { > + return 0; > + } > + > + len = htonl(size); > + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len, sizeof(len)); > + if (ret != sizeof(len)) { > + goto err; > + } > + > + buf = g_malloc(size); > + iov_to_buf(iov, iovcnt, 0, buf, size); > + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)buf, size); > + g_free(buf); > + if (ret != size) { > + goto err; > + } > + > + return 0; > + > +err: > + return ret < 0 ? ret : -EIO; > +} > + > +static ssize_t filter_mirror_receive_iov(NetFilterState *nf, > + NetClientState *sender, > + unsigned flags, > + const struct iovec *iov, > + int iovcnt, > + NetPacketSent *sent_cb) > +{ > + int ret; > + > + ret = filter_mirror_send(nf, iov, iovcnt); > + if (ret) { > + error_report("filter_mirror_send failed(%s)", strerror(-ret)); > + } > + > + /* > + * we don't hope this error interrupt the normal > + * path of net packet, so we always return zero. > + */ > + return 0; > +} > + > +static void filter_mirror_cleanup(NetFilterState *nf) > +{ > + MirrorState *s = FILTER_MIRROR(nf); > + > + if (s->chr_out) { > + qemu_chr_fe_release(s->chr_out); > + } > +} > + > +static void filter_mirror_setup(NetFilterState *nf, Error **errp) > +{ > + MirrorState *s = FILTER_MIRROR(nf); > + > + if (!s->outdev) { > + error_setg(errp, "filter filter mirror needs 'outdev' " > + "property set"); > + return; > + } > + > + s->chr_out = qemu_chr_find(s->outdev); > + if (s->chr_out == NULL) { > + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, > + "Device '%s' not found", s->outdev); > + return; > + } > + > + if (qemu_chr_fe_claim(s->chr_out) != 0) { > + error_setg(errp, QERR_DEVICE_IN_USE, s->outdev); > + return; > + } > +} > + > +static void filter_mirror_class_init(ObjectClass *oc, void *data) > +{ > + NetFilterClass *nfc = NETFILTER_CLASS(oc); > + > + nfc->setup = filter_mirror_setup; > + nfc->cleanup = filter_mirror_cleanup; > + nfc->receive_iov = filter_mirror_receive_iov; > +} > + > +static char *filter_mirror_get_outdev(Object *obj, Error **errp) > +{ > + MirrorState *s = FILTER_MIRROR(obj); > + > + return g_strdup(s->outdev); > +} > + > +static void > +filter_mirror_set_outdev(Object *obj, const char *value, Error **errp) > +{ > + MirrorState *s = FILTER_MIRROR(obj); > + > + g_free(s->outdev); > + s->outdev = g_strdup(value); > + if (!s->outdev) { > + error_setg(errp, "filter filter mirror needs 'outdev' " > + "property set"); > + return; > + } > +} > + > +static void filter_mirror_init(Object *obj) > +{ > + object_property_add_str(obj, "outdev", filter_mirror_get_outdev, > + filter_mirror_set_outdev, NULL); > +} > + > +static void filter_mirror_fini(Object *obj) > +{ > + MirrorState *s = FILTER_MIRROR(obj); > + > + g_free(s->outdev); > +} > + > +static const TypeInfo filter_mirror_info = { > + .name = TYPE_FILTER_MIRROR, > + .parent = TYPE_NETFILTER, > + .class_init = filter_mirror_class_init, > + .instance_init = filter_mirror_init, > + .instance_finalize = filter_mirror_fini, > + .instance_size = sizeof(MirrorState), > +}; > + > +static void register_types(void) > +{ > + type_register_static(&filter_mirror_info); > +} > + > +type_init(register_types); > diff --git a/qemu-options.hx b/qemu-options.hx > index 2f0465e..ca27863 100644 > --- a/qemu-options.hx > +++ b/qemu-options.hx > @@ -3759,6 +3759,11 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter. > @option{tx}: the filter is attached to the transmit queue of the netdev, > where it will receive packets sent by the netdev. > > +@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}] > + > +filter-mirror on netdev @var{netdevid},mirror net packet to chardev > +@var{chardevid} > + > @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] > > Dump the network traffic on netdev @var{dev} to the file specified by > diff --git a/vl.c b/vl.c > index 175ebcc..d68533a 100644 > --- a/vl.c > +++ b/vl.c > @@ -2798,7 +2798,8 @@ static bool object_create_initial(const char *type) > * they depend on netdevs already existing > */ > if (g_str_equal(type, "filter-buffer") || > - g_str_equal(type, "filter-dump")) { > + g_str_equal(type, "filter-dump") || > + g_str_equal(type, "filter-mirror")) { > return false; > } > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror 2016-03-09 9:40 ` Wen Congyang @ 2016-03-09 10:03 ` Zhang Chen 0 siblings, 0 replies; 6+ messages in thread From: Zhang Chen @ 2016-03-09 10:03 UTC (permalink / raw) To: Wen Congyang, qemu devel, Jason Wang Cc: zhanghailiang, Li Zhijian, Gui jianfeng, eddie.dong, Dr. David Alan Gilbert, Yang Hongyang On 03/09/2016 05:40 PM, Wen Congyang wrote: > On 03/09/2016 05:07 PM, Zhang Chen wrote: >> Filter-mirror is a netfilter plugin. >> It gives qemu the ability to mirror >> packets to a chardev. >> >> usage: >> >> -netdev tap,id=hn0 >> -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait >> -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0 >> >> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> >> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> >> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn> >> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com> >> --- >> net/Makefile.objs | 1 + >> net/filter-mirror.c | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++ >> qemu-options.hx | 5 ++ >> vl.c | 3 +- >> 4 files changed, 189 insertions(+), 1 deletion(-) >> create mode 100644 net/filter-mirror.c >> >> diff --git a/net/Makefile.objs b/net/Makefile.objs >> index 5fa2f97..b7c22fd 100644 >> --- a/net/Makefile.objs >> +++ b/net/Makefile.objs >> @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o >> common-obj-$(CONFIG_NETMAP) += netmap.o >> common-obj-y += filter.o >> common-obj-y += filter-buffer.o >> +common-obj-y += filter-mirror.o >> diff --git a/net/filter-mirror.c b/net/filter-mirror.c >> new file mode 100644 >> index 0000000..ee13d94 >> --- /dev/null >> +++ b/net/filter-mirror.c >> @@ -0,0 +1,181 @@ >> +/* >> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. >> + * Copyright (c) 2016 FUJITSU LIMITED >> + * Copyright (c) 2016 Intel Corporation >> + * >> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> >> + * >> + * This work is licensed under the terms of the GNU GPL, version 2 or >> + * later. See the COPYING file in the top-level directory. >> + */ >> + >> +#include "net/filter.h" >> +#include "net/net.h" >> +#include "qemu-common.h" >> +#include "qapi/qmp/qerror.h" >> +#include "qapi-visit.h" >> +#include "qom/object.h" >> +#include "qemu/main-loop.h" >> +#include "qemu/error-report.h" >> +#include "trace.h" >> +#include "sysemu/char.h" >> +#include "qemu/iov.h" >> +#include "qemu/sockets.h" >> + >> +#define FILTER_MIRROR(obj) \ >> + OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR) >> + >> +#define TYPE_FILTER_MIRROR "filter-mirror" >> + >> +typedef struct MirrorState { >> + NetFilterState parent_obj; >> + char *outdev; >> + CharDriverState *chr_out; >> +} MirrorState; >> + >> +static int filter_mirror_send(NetFilterState *nf, >> + const struct iovec *iov, >> + int iovcnt) > Please change the indent. Thanks fix it~~ > Thanks > Wen Congyang > >> +{ >> + MirrorState *s = FILTER_MIRROR(nf); >> + int ret = 0; >> + ssize_t size = 0; >> + uint32_t len = 0; >> + char *buf; >> + >> + size = iov_size(iov, iovcnt); >> + if (!size) { >> + return 0; >> + } >> + >> + len = htonl(size); >> + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len, sizeof(len)); >> + if (ret != sizeof(len)) { >> + goto err; >> + } >> + >> + buf = g_malloc(size); >> + iov_to_buf(iov, iovcnt, 0, buf, size); >> + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)buf, size); >> + g_free(buf); >> + if (ret != size) { >> + goto err; >> + } >> + >> + return 0; >> + >> +err: >> + return ret < 0 ? ret : -EIO; >> +} >> + >> +static ssize_t filter_mirror_receive_iov(NetFilterState *nf, >> + NetClientState *sender, >> + unsigned flags, >> + const struct iovec *iov, >> + int iovcnt, >> + NetPacketSent *sent_cb) >> +{ >> + int ret; >> + >> + ret = filter_mirror_send(nf, iov, iovcnt); >> + if (ret) { >> + error_report("filter_mirror_send failed(%s)", strerror(-ret)); >> + } >> + >> + /* >> + * we don't hope this error interrupt the normal >> + * path of net packet, so we always return zero. >> + */ >> + return 0; >> +} >> + >> +static void filter_mirror_cleanup(NetFilterState *nf) >> +{ >> + MirrorState *s = FILTER_MIRROR(nf); >> + >> + if (s->chr_out) { >> + qemu_chr_fe_release(s->chr_out); >> + } >> +} >> + >> +static void filter_mirror_setup(NetFilterState *nf, Error **errp) >> +{ >> + MirrorState *s = FILTER_MIRROR(nf); >> + >> + if (!s->outdev) { >> + error_setg(errp, "filter filter mirror needs 'outdev' " >> + "property set"); >> + return; >> + } >> + >> + s->chr_out = qemu_chr_find(s->outdev); >> + if (s->chr_out == NULL) { >> + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, >> + "Device '%s' not found", s->outdev); >> + return; >> + } >> + >> + if (qemu_chr_fe_claim(s->chr_out) != 0) { >> + error_setg(errp, QERR_DEVICE_IN_USE, s->outdev); >> + return; >> + } >> +} >> + >> +static void filter_mirror_class_init(ObjectClass *oc, void *data) >> +{ >> + NetFilterClass *nfc = NETFILTER_CLASS(oc); >> + >> + nfc->setup = filter_mirror_setup; >> + nfc->cleanup = filter_mirror_cleanup; >> + nfc->receive_iov = filter_mirror_receive_iov; >> +} >> + >> +static char *filter_mirror_get_outdev(Object *obj, Error **errp) >> +{ >> + MirrorState *s = FILTER_MIRROR(obj); >> + >> + return g_strdup(s->outdev); >> +} >> + >> +static void >> +filter_mirror_set_outdev(Object *obj, const char *value, Error **errp) >> +{ >> + MirrorState *s = FILTER_MIRROR(obj); >> + >> + g_free(s->outdev); >> + s->outdev = g_strdup(value); >> + if (!s->outdev) { >> + error_setg(errp, "filter filter mirror needs 'outdev' " >> + "property set"); >> + return; >> + } >> +} >> + >> +static void filter_mirror_init(Object *obj) >> +{ >> + object_property_add_str(obj, "outdev", filter_mirror_get_outdev, >> + filter_mirror_set_outdev, NULL); >> +} >> + >> +static void filter_mirror_fini(Object *obj) >> +{ >> + MirrorState *s = FILTER_MIRROR(obj); >> + >> + g_free(s->outdev); >> +} >> + >> +static const TypeInfo filter_mirror_info = { >> + .name = TYPE_FILTER_MIRROR, >> + .parent = TYPE_NETFILTER, >> + .class_init = filter_mirror_class_init, >> + .instance_init = filter_mirror_init, >> + .instance_finalize = filter_mirror_fini, >> + .instance_size = sizeof(MirrorState), >> +}; >> + >> +static void register_types(void) >> +{ >> + type_register_static(&filter_mirror_info); >> +} >> + >> +type_init(register_types); >> diff --git a/qemu-options.hx b/qemu-options.hx >> index 2f0465e..ca27863 100644 >> --- a/qemu-options.hx >> +++ b/qemu-options.hx >> @@ -3759,6 +3759,11 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter. >> @option{tx}: the filter is attached to the transmit queue of the netdev, >> where it will receive packets sent by the netdev. >> >> +@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}] >> + >> +filter-mirror on netdev @var{netdevid},mirror net packet to chardev >> +@var{chardevid} >> + >> @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] >> >> Dump the network traffic on netdev @var{dev} to the file specified by >> diff --git a/vl.c b/vl.c >> index 175ebcc..d68533a 100644 >> --- a/vl.c >> +++ b/vl.c >> @@ -2798,7 +2798,8 @@ static bool object_create_initial(const char *type) >> * they depend on netdevs already existing >> */ >> if (g_str_equal(type, "filter-buffer") || >> - g_str_equal(type, "filter-dump")) { >> + g_str_equal(type, "filter-dump") || >> + g_str_equal(type, "filter-mirror")) { >> return false; >> } >> >> > . > -- Thanks zhangchen ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH V8 2/2] tests/test-filter-mirror:add filter-mirror unit test 2016-03-09 9:07 [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and unit test Zhang Chen 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror Zhang Chen @ 2016-03-09 9:07 ` Zhang Chen 1 sibling, 0 replies; 6+ messages in thread From: Zhang Chen @ 2016-03-09 9:07 UTC (permalink / raw) To: qemu devel, Jason Wang Cc: Li Zhijian, Gui jianfeng, eddie.dong, zhanghailiang, Dr. David Alan Gilbert, Zhang Chen, Yang Hongyang In this unit test we will test the mirror function. start qemu with: -netdev socket,id=qtest-bn0,fd=sockfd -device e1000,netdev=qtest-bn0,id=qtest-e0 -chardev pipe,id=mirror0,path=filter-mirror.pipe.pid -object filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0 We inject packet to netdev socket id = qtest-bn0, filter-mirror will copy and mirror the packet to mirror0. we read packet from mirror0 and then compare to what we inject. Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> --- tests/.gitignore | 1 + tests/Makefile | 2 ++ tests/test-filter-mirror.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 tests/test-filter-mirror.c diff --git a/tests/.gitignore b/tests/.gitignore index 787c95c..10df017 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -63,5 +63,6 @@ test-write-threshold test-x86-cpuid test-xbzrle test-netfilter +test-filter-mirror *-test qapi-schema/*.test.* diff --git a/tests/Makefile b/tests/Makefile index 650e654..e56c514 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -212,6 +212,7 @@ ifeq ($(CONFIG_VHOST_NET_TEST_i386),) check-qtest-x86_64-$(CONFIG_VHOST_NET_TEST_x86_64) += tests/vhost-user-test$(EXESUF) endif check-qtest-i386-y += tests/test-netfilter$(EXESUF) +check-qtest-i386-y += tests/test-filter-mirror$(EXESUF) check-qtest-x86_64-y = $(check-qtest-i386-y) gcov-files-i386-y += i386-softmmu/hw/timer/mc146818rtc.c gcov-files-x86_64-y = $(subst i386-softmmu/,x86_64-softmmu/,$(gcov-files-i386-y)) @@ -563,6 +564,7 @@ tests/qemu-iotests/socket_scm_helper$(EXESUF): tests/qemu-iotests/socket_scm_hel tests/test-qemu-opts$(EXESUF): tests/test-qemu-opts.o $(test-util-obj-y) tests/test-write-threshold$(EXESUF): tests/test-write-threshold.o $(test-block-obj-y) tests/test-netfilter$(EXESUF): tests/test-netfilter.o $(qtest-obj-y) +tests/test-filter-mirror$(EXESUF): tests/test-filter-mirror.o $(qtest-obj-y) tests/ivshmem-test$(EXESUF): tests/ivshmem-test.o contrib/ivshmem-server/ivshmem-server.o $(libqos-pc-obj-y) tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o diff --git a/tests/test-filter-mirror.c b/tests/test-filter-mirror.c new file mode 100644 index 0000000..34351e3 --- /dev/null +++ b/tests/test-filter-mirror.c @@ -0,0 +1,88 @@ +/* + * QTest testcase for filter-mirror + * + * Copyright (c) 2016 FUJITSU LIMITED + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + */ + +#include <glib.h> +#include "libqtest.h" +#include "qemu/iov.h" +#include "qemu/sockets.h" +#include "qemu/error-report.h" +#include "qemu/main-loop.h" + +static void test_mirror(void) +{ +#ifndef _WIN32 +/* socketpair(PF_UNIX) which does not exist on windows */ + + int send_sock[2], recv_pipe; + char *cmdline; + uint32_t ret = 0, len = 0; + char send_buf[] = "Hello! filter-mirror~"; + char pipe_path[100]; + char *recv_buf; + uint32_t size = sizeof(send_buf); + size = htonl(size); + + ret = socketpair(PF_UNIX, SOCK_STREAM, 0, send_sock); + g_assert_cmpint(ret, !=, -1); + + sprintf(pipe_path, "filter-mirror.pipe.%d", getpid()); + ret = mkfifo(pipe_path, 0666); + g_assert_cmpint(ret, !=, -1); + cmdline = g_strdup_printf("-netdev socket,id=qtest-bn0,fd=%d " + "-device e1000,netdev=qtest-bn0,id=qtest-e0 " + "-chardev pipe,id=mirror0,path=%s " + "-object filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0 " + , send_sock[1], pipe_path); + qtest_start(cmdline); + g_free(cmdline); + + recv_pipe = open(pipe_path, O_RDONLY); + unlink(pipe_path); + + struct iovec iov[] = { + { + .iov_base = &size, + .iov_len = sizeof(size), + }, { + .iov_base = send_buf, + .iov_len = sizeof(send_buf), + }, + }; + ret = iov_send(send_sock[0], iov, 2, 0, sizeof(size) + sizeof(send_buf)); + g_assert_cmpint(ret, ==, sizeof(send_buf) + sizeof(size)); + + ret = read(recv_pipe, &len, sizeof(len)); + g_assert_cmpint(ret, ==, sizeof(len)); + len = ntohl(len); + + g_assert_cmpint(len, ==, sizeof(send_buf)); + recv_buf = g_malloc(len); + ret = read(recv_pipe, recv_buf, len); + g_assert_cmpstr(recv_buf, ==, send_buf); + + g_free(recv_buf); + close(recv_pipe); + close(send_sock[0]); + +#endif +} + +int main(int argc, char **argv) +{ + int ret; + + g_test_init(&argc, &argv, NULL); + + qtest_add_func("/netfilter/mirror", test_mirror); + ret = g_test_run(); + qtest_end(); + + return ret; +} -- 1.9.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and unit test @ 2016-03-09 10:06 Zhang Chen 2016-03-09 10:06 ` [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror Zhang Chen 0 siblings, 1 reply; 6+ messages in thread From: Zhang Chen @ 2016-03-09 10:06 UTC (permalink / raw) To: qemu devel, Jason Wang Cc: Li Zhijian, Gui jianfeng, eddie.dong, zhanghailiang, Dr. David Alan Gilbert, Zhang Chen, Yang Hongyang Filter-mirror is a netfilter plugin. It gives qemu the ability to mirror packets to a chardev. v8: - The outdev of filter-mirror test changed from -chardev socket to -chardev pipe v7: - fix mktemp() to mkstemp() v6: - Address Jason's comments. v5: - Address Jason's comments. v4: - Address Jason's comments. v3: - Add filter-mirror unit test according to Jason's comments - Address zhanghailiang's comments. - Address Jason's comments. v2: - Address zhanghailiang's comments. - Address Eric Blake's comments. - Address Yang Hongyang's comments. - Address Dave's comments. v1: initial patch. Zhang Chen (2): net/filter-mirror:Add filter-mirror tests/test-filter-mirror:add filter-mirror unit test net/Makefile.objs | 1 + net/filter-mirror.c | 181 +++++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 5 ++ tests/.gitignore | 1 + tests/Makefile | 2 + tests/test-filter-mirror.c | 88 ++++++++++++++++++++++ vl.c | 3 +- 7 files changed, 280 insertions(+), 1 deletion(-) create mode 100644 net/filter-mirror.c create mode 100644 tests/test-filter-mirror.c -- 1.9.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror 2016-03-09 10:06 [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and " Zhang Chen @ 2016-03-09 10:06 ` Zhang Chen 0 siblings, 0 replies; 6+ messages in thread From: Zhang Chen @ 2016-03-09 10:06 UTC (permalink / raw) To: qemu devel, Jason Wang Cc: Li Zhijian, Gui jianfeng, eddie.dong, zhanghailiang, Dr. David Alan Gilbert, Zhang Chen, Yang Hongyang Filter-mirror is a netfilter plugin. It gives qemu the ability to mirror packets to a chardev. usage: -netdev tap,id=hn0 -chardev socket,id=mirror0,host=ip_primary,port=X,server,nowait -filter-mirror,id=m0,netdev=hn0,queue=tx/rx/all,outdev=mirror0 Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn> Reviewed-by: zhanghailiang <zhang.zhanghailiang@huawei.com> --- net/Makefile.objs | 1 + net/filter-mirror.c | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 5 ++ vl.c | 3 +- 4 files changed, 189 insertions(+), 1 deletion(-) create mode 100644 net/filter-mirror.c diff --git a/net/Makefile.objs b/net/Makefile.objs index 5fa2f97..b7c22fd 100644 --- a/net/Makefile.objs +++ b/net/Makefile.objs @@ -15,3 +15,4 @@ common-obj-$(CONFIG_VDE) += vde.o common-obj-$(CONFIG_NETMAP) += netmap.o common-obj-y += filter.o common-obj-y += filter-buffer.o +common-obj-y += filter-mirror.o diff --git a/net/filter-mirror.c b/net/filter-mirror.c new file mode 100644 index 0000000..ee13d94 --- /dev/null +++ b/net/filter-mirror.c @@ -0,0 +1,181 @@ +/* + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * Copyright (c) 2016 FUJITSU LIMITED + * Copyright (c) 2016 Intel Corporation + * + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + */ + +#include "net/filter.h" +#include "net/net.h" +#include "qemu-common.h" +#include "qapi/qmp/qerror.h" +#include "qapi-visit.h" +#include "qom/object.h" +#include "qemu/main-loop.h" +#include "qemu/error-report.h" +#include "trace.h" +#include "sysemu/char.h" +#include "qemu/iov.h" +#include "qemu/sockets.h" + +#define FILTER_MIRROR(obj) \ + OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR) + +#define TYPE_FILTER_MIRROR "filter-mirror" + +typedef struct MirrorState { + NetFilterState parent_obj; + char *outdev; + CharDriverState *chr_out; +} MirrorState; + +static int filter_mirror_send(NetFilterState *nf, + const struct iovec *iov, + int iovcnt) +{ + MirrorState *s = FILTER_MIRROR(nf); + int ret = 0; + ssize_t size = 0; + uint32_t len = 0; + char *buf; + + size = iov_size(iov, iovcnt); + if (!size) { + return 0; + } + + len = htonl(size); + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)&len, sizeof(len)); + if (ret != sizeof(len)) { + goto err; + } + + buf = g_malloc(size); + iov_to_buf(iov, iovcnt, 0, buf, size); + ret = qemu_chr_fe_write_all(s->chr_out, (uint8_t *)buf, size); + g_free(buf); + if (ret != size) { + goto err; + } + + return 0; + +err: + return ret < 0 ? ret : -EIO; +} + +static ssize_t filter_mirror_receive_iov(NetFilterState *nf, + NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + NetPacketSent *sent_cb) +{ + int ret; + + ret = filter_mirror_send(nf, iov, iovcnt); + if (ret) { + error_report("filter_mirror_send failed(%s)", strerror(-ret)); + } + + /* + * we don't hope this error interrupt the normal + * path of net packet, so we always return zero. + */ + return 0; +} + +static void filter_mirror_cleanup(NetFilterState *nf) +{ + MirrorState *s = FILTER_MIRROR(nf); + + if (s->chr_out) { + qemu_chr_fe_release(s->chr_out); + } +} + +static void filter_mirror_setup(NetFilterState *nf, Error **errp) +{ + MirrorState *s = FILTER_MIRROR(nf); + + if (!s->outdev) { + error_setg(errp, "filter filter mirror needs 'outdev' " + "property set"); + return; + } + + s->chr_out = qemu_chr_find(s->outdev); + if (s->chr_out == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Device '%s' not found", s->outdev); + return; + } + + if (qemu_chr_fe_claim(s->chr_out) != 0) { + error_setg(errp, QERR_DEVICE_IN_USE, s->outdev); + return; + } +} + +static void filter_mirror_class_init(ObjectClass *oc, void *data) +{ + NetFilterClass *nfc = NETFILTER_CLASS(oc); + + nfc->setup = filter_mirror_setup; + nfc->cleanup = filter_mirror_cleanup; + nfc->receive_iov = filter_mirror_receive_iov; +} + +static char *filter_mirror_get_outdev(Object *obj, Error **errp) +{ + MirrorState *s = FILTER_MIRROR(obj); + + return g_strdup(s->outdev); +} + +static void +filter_mirror_set_outdev(Object *obj, const char *value, Error **errp) +{ + MirrorState *s = FILTER_MIRROR(obj); + + g_free(s->outdev); + s->outdev = g_strdup(value); + if (!s->outdev) { + error_setg(errp, "filter filter mirror needs 'outdev' " + "property set"); + return; + } +} + +static void filter_mirror_init(Object *obj) +{ + object_property_add_str(obj, "outdev", filter_mirror_get_outdev, + filter_mirror_set_outdev, NULL); +} + +static void filter_mirror_fini(Object *obj) +{ + MirrorState *s = FILTER_MIRROR(obj); + + g_free(s->outdev); +} + +static const TypeInfo filter_mirror_info = { + .name = TYPE_FILTER_MIRROR, + .parent = TYPE_NETFILTER, + .class_init = filter_mirror_class_init, + .instance_init = filter_mirror_init, + .instance_finalize = filter_mirror_fini, + .instance_size = sizeof(MirrorState), +}; + +static void register_types(void) +{ + type_register_static(&filter_mirror_info); +} + +type_init(register_types); diff --git a/qemu-options.hx b/qemu-options.hx index 2f0465e..ca27863 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -3759,6 +3759,11 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter. @option{tx}: the filter is attached to the transmit queue of the netdev, where it will receive packets sent by the netdev. +@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}] + +filter-mirror on netdev @var{netdevid},mirror net packet to chardev +@var{chardevid} + @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] Dump the network traffic on netdev @var{dev} to the file specified by diff --git a/vl.c b/vl.c index 175ebcc..d68533a 100644 --- a/vl.c +++ b/vl.c @@ -2798,7 +2798,8 @@ static bool object_create_initial(const char *type) * they depend on netdevs already existing */ if (g_str_equal(type, "filter-buffer") || - g_str_equal(type, "filter-dump")) { + g_str_equal(type, "filter-dump") || + g_str_equal(type, "filter-mirror")) { return false; } -- 1.9.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-03-09 10:06 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-03-09 9:07 [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and unit test Zhang Chen 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror Zhang Chen 2016-03-09 9:40 ` Wen Congyang 2016-03-09 10:03 ` Zhang Chen 2016-03-09 9:07 ` [Qemu-devel] [PATCH V8 2/2] tests/test-filter-mirror:add filter-mirror unit test Zhang Chen -- strict thread matches above, loose matches on Subject: below -- 2016-03-09 10:06 [Qemu-devel] [PATCH V8 0/2] net/filter-mirror:add filter-mirror and " Zhang Chen 2016-03-09 10:06 ` [Qemu-devel] [PATCH V8 1/2] net/filter-mirror:Add filter-mirror Zhang Chen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).