From: Jason Wang <jasowang@redhat.com>
To: Yang Hongyang <yanghy@cn.fujitsu.com>, qemu-devel@nongnu.org
Cc: thuth@redhat.com, stefanha@redhat.com
Subject: Re: [Qemu-devel] [PATCH] RFC/net: Add a net filter
Date: Mon, 27 Jul 2015 16:01:07 +0800 [thread overview]
Message-ID: <55B5E543.8050505@redhat.com> (raw)
In-Reply-To: <55B5E1A4.9010100@cn.fujitsu.com>
On 07/27/2015 03:45 PM, Yang Hongyang wrote:
> On 07/27/2015 03:31 PM, Jason Wang wrote:
>>
>>
>> On 07/27/2015 03:00 PM, Yang Hongyang wrote:
>>>
>>>
>>> On 07/27/2015 02:39 PM, Jason Wang wrote:
>>>>
>>>>
>>>> On 07/27/2015 01:27 PM, Yang Hongyang wrote:
>>>>> On 07/23/2015 01:59 PM, Jason Wang wrote:
>>>>>>
>>>>>>
>>>>>> On 07/22/2015 06:55 PM, Yang Hongyang wrote:
>>>>>>> This patch add a net filter between network backend and NIC
>>>>>>> devices.
>>>>>>> All packets will pass by this filter.
>>>>>>> TODO:
>>>>>>> multiqueue support.
>>>>>>> plugin support.
>>>>>>>
>>>>>>> +--------------+ +-------------+
>>>>>>> +----------+ | filter | |frontend(NIC)|
>>>>>>> | real | | | | |
>>>>>>> | network <--+backend <-------+ |
>>>>>>> | backend | | peer +-------> peer |
>>>>>>> +----------+ +--------------+ +-------------+
>>>>>>>
>>>>>>> Usage:
>>>>>>> -netdev tap,id=bn0 # you can use whatever backend as needed
>>>>>>> -netdev filter,id=f0,backend=bn0,plugin=dump
>>>>>>> -device e1000,netdev=f0
>>>>>>>
>>>>>>> Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
>>>>>>
>>>>>> Hi:
>>>>>>
>>>>>> Several questions:
>>>>>>
>>>>>> - Looks like we can do more than filter, so may be something like
>>>>>> traffic control or other is more suitable?
>>>>>
>>>>> The filter is just a transparent proxy of a backend if no filter
>>>>> plugin
>>>>> is inserted. It just by pass all packets. Capture all traffic is the
>>>>> purpose
>>>>> of the filter. As long as we have an entry to capture all packets, we
>>>>> can do more, this is what a filter plugin will do. There are some use
>>>>> cases
>>>>> I can think of:
>>>>> - dump, by using filter, we can dump either output/input packets.
>>>>> - buffer, to buffer/release packets, this feature can be used when
>>>>> using
>>>>> macrocheckpoing. Or other Remus like VM FT solutions. You
>>>>> can
>>>>> also supply an interval to a buffer plugin, which will
>>>>> release
>>>>> packets by interval.
>>>>
>>>> This sounds like traffic shaping.
>>>>
>>>>> May be other use cases based on this special backend.
>>>>>
>>>>>> - What's the advantages of introducing a new type of netdev? As far
>>>>>> as I
>>>>>> can see, just replace the dump function in Tomas' series with a
>>>>>> configurable function pointer will do the trick? (Probably with some
>>>>>> monitor commands). And then you won't even need to deal with vnet
>>>>>> hder
>>>>>> and offload stuffs?
>>>>>
>>>>> I think dump function focus on every netdev, it adds an
>>>>> dump_enabled to
>>>>> NetClientState, and dump the packet when the netdev receive been
>>>>> called,
>>>>> This filter function more focus on packets between backend/frontend,
>>>>> it's kind of an injection to the network packets flow.
>>>>> So the semantics are different I think.
>>>>
>>>> Yes, their functions are different. But the packet paths are similar,
>>>> both require the packets go through themselves before reaching the
>>>> peers. So simply passing the packets to the filter function before
>>>> calling nc->info->receive{_raw}() in qemu_deliver_packet() will also
>>>> work?
>>>
>>> I think this won't work for the buffer case? If we want the buffer case
>>> to work under this, we should modify the generic netdev layer code, to
>>> check the return value of the filter function call.
>>
>> But checking return value is rather simpler than a new netdev type,
>> isn't it?
>
> But how to implement a plugin which suppose to do the actual work on
> the packets?
Well, the filter get the packets, so it can do everything it wants.
> how to configure params related to the plugin? different
> plugins may need different params, implement as another netdev?
I belive qmp can do this? something like -filter dump,id=f0,len=10000?
>
>>
>>> And it is not as
>>> extensible as we abstract the filter function to a netdev, We can
>>> flexibly add/remove/change filter plugins on the fly.
>>
>> I don't see why we lose the flexibility like what I suggested. Actually,
>> implement it through a netdev will complex this. E.g:
>>
>> -netdev tap,id=bn0 # you can use whatever backend as needed
>> -netdev filter,id=f0,backend=bn0,plugin=dump
>> -device e1000,netdev=f0
>>
>> How did you remove filter id=f0? Looks like you need also remove
>> e1000 nic?
>
> No, when remove filter, we restore the connection between network
> backend and
> NIC. Just like filter does not ever exists.
But e1000's peer is f0. You mean you will modify the peer pointer during
filter removing? Sounds scary.
>
>>
>>
>>
>> .
>>
>
next prev parent reply other threads:[~2015-07-27 8:01 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-13 7:39 [Qemu-devel] [PATCH v2 0/5] For QEMU 2.5: Network traffic dumping for -netdev devices Thomas Huth
2015-07-13 7:39 ` [Qemu-devel] [PATCH v2 1/5] net/dump: Add support for receive_iov function Thomas Huth
2015-07-13 7:39 ` [Qemu-devel] [PATCH v2 2/5] net/dump: Move DumpState into NetClientState Thomas Huth
2015-07-13 7:39 ` [Qemu-devel] [PATCH v2 3/5] net/dump: Rework net-dump init functions Thomas Huth
2015-07-13 7:39 ` [Qemu-devel] [PATCH v2 4/5] net/dump: Add dump option for netdev devices Thomas Huth
2015-07-13 7:39 ` [Qemu-devel] [PATCH v2 5/5] qemu options: Add information about dumpfile to help text Thomas Huth
2015-07-22 6:35 ` [Qemu-devel] [PATCH v2 0/5] For QEMU 2.5: Network traffic dumping for -netdev devices Jason Wang
2015-07-22 10:52 ` Yang Hongyang
2015-07-22 10:55 ` [Qemu-devel] [PATCH] RFC/net: Add a net filter Yang Hongyang
2015-07-22 11:06 ` Daniel P. Berrange
2015-07-22 15:16 ` Yang Hongyang
2015-07-22 13:05 ` Thomas Huth
2015-07-22 15:06 ` Yang Hongyang
2015-07-22 13:26 ` Stefan Hajnoczi
2015-07-22 14:57 ` Yang Hongyang
2015-07-23 11:57 ` Stefan Hajnoczi
2015-07-23 5:59 ` Jason Wang
2015-07-27 5:27 ` Yang Hongyang
2015-07-27 6:02 ` Yang Hongyang
2015-07-27 6:39 ` Jason Wang
2015-07-27 7:00 ` Yang Hongyang
2015-07-27 7:31 ` Jason Wang
2015-07-27 7:45 ` Yang Hongyang
2015-07-27 8:01 ` Jason Wang [this message]
2015-07-27 8:39 ` Yang Hongyang
2015-07-27 9:16 ` Jason Wang
2015-07-27 10:03 ` Yang Hongyang
2015-07-28 3:28 ` Jason Wang
2015-07-28 4:00 ` Yang Hongyang
2015-07-28 8:52 ` Yang Hongyang
2015-07-28 9:19 ` Yang Hongyang
2015-07-28 9:30 ` Jason Wang
2015-07-28 9:41 ` Yang Hongyang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55B5E543.8050505@redhat.com \
--to=jasowang@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
--cc=yanghy@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).