From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33993)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <yanghy@cn.fujitsu.com>) id 1ZL75Y-0000Z7-MR
	for qemu-devel@nongnu.org; Fri, 31 Jul 2015 05:58:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <yanghy@cn.fujitsu.com>) id 1ZL75T-0006We-Rn
	for qemu-devel@nongnu.org; Fri, 31 Jul 2015 05:58:52 -0400
Received: from [59.151.112.132] (port=28729 helo=heian.cn.fujitsu.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <yanghy@cn.fujitsu.com>) id 1ZL75S-0006UO-Vh
	for qemu-devel@nongnu.org; Fri, 31 Jul 2015 05:58:47 -0400
Message-ID: <55BB46D0.6030903@cn.fujitsu.com>
Date: Fri, 31 Jul 2015 17:58:40 +0800
From: Yang Hongyang <yanghy@cn.fujitsu.com>
MIME-Version: 1.0
References: <1438316014-8369-1-git-send-email-yanghy@cn.fujitsu.com>
	<1438316014-8369-6-git-send-email-yanghy@cn.fujitsu.com>
	<55BB1062.8000901@redhat.com> <55BB30C1.4090300@cn.fujitsu.com>
	<55BB3B3D.5000403@redhat.com>
In-Reply-To: <55BB3B3D.5000403@redhat.com>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2 5/9] netfilter: hook packets before net
	queue send
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jason Wang <jasowang@redhat.com>, qemu-devel@nongnu.org
Cc: thuth@redhat.com, zhang.zhanghailiang@huawei.com, lizhijian@cn.fujitsu.com, mrhines@linux.vnet.ibm.com, stefanha@redhat.com

On 07/31/2015 05:09 PM, Jason Wang wrote:
>
>
> On 07/31/2015 04:24 PM, Yang Hongyang wrote:
>>
>>
>> On 07/31/2015 02:06 PM, Jason Wang wrote:
>>>
>>>
>>> On 07/31/2015 12:13 PM, Yang Hongyang wrote:
>>>> Capture packets that will be sent.
>>>>
>>>> Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>
>>>> ---
>>>>    include/net/filter.h |  8 +++++++
>>>>    net/filter.c         |  1 +
>>>>    net/net.c            | 67
>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++-
>>>>    3 files changed, 75 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/include/net/filter.h b/include/net/filter.h
>>>> index 1b6f896..93579c1 100644
>>>> --- a/include/net/filter.h
>>>> +++ b/include/net/filter.h
>>>> @@ -19,11 +19,19 @@ enum {
>>>>    };
>>>>
>>>>    typedef void (FilterCleanup) (NetFilterState *);
>>>> +/*
>>>> + * Return:
>>>> + *   0: finished handling the packet, we should continue
>>>> + *   size: filter stolen this packet, we stop pass this packet further
>>>> + */
>>>> +typedef ssize_t (FilterReceiveIOV)(NetFilterState *, NetClientState
>>>> *sender,
>>>> +                                   unsigned flags, const struct
>>>> iovec *, int);
>>>>
>>>>    typedef struct NetFilterInfo {
>>>>        NetFilterOptionsKind type;
>>>>        size_t size;
>>>>        FilterCleanup *cleanup;
>>>> +    FilterReceiveIOV *receive_iov;
>>>
>>> Please move this to patch 2.
>>
>> Ok, thanks!
>>
>>>
>>>>    } NetFilterInfo;
>>>>
>>>>    struct NetFilterState {
>>>> diff --git a/net/filter.c b/net/filter.c
>>>> index b3a2285..1ae9344 100644
>>>> --- a/net/filter.c
>>>> +++ b/net/filter.c
>>>> @@ -29,6 +29,7 @@ NetFilterState *qemu_new_net_filter(NetFilterInfo
>>>> *info,
>>>>        NetFilterState *nf;
>>>>
>>>>        assert(info->size >= sizeof(NetFilterState));
>>>> +    assert(info->receive_iov);
>>>>
>>>>        nf = g_malloc0(info->size);
>>>>        nf->info = info;
>>>> diff --git a/net/net.c b/net/net.c
>>>> index 22748e0..b55d934 100644
>>>> --- a/net/net.c
>>>> +++ b/net/net.c
>>>> @@ -24,6 +24,7 @@
>>>>    #include "config-host.h"
>>>>
>>>>    #include "net/net.h"
>>>> +#include "net/filter.h"
>>>>    #include "clients.h"
>>>>    #include "hub.h"
>>>>    #include "net/slirp.h"
>>>> @@ -592,6 +593,42 @@ int qemu_can_send_packet(NetClientState *sender)
>>>>        return 1;
>>>>    }
>>>>
>>>> +static ssize_t filter_receive_iov(NetClientState *nc, int chain,
>>>> +                                  NetClientState *sender,
>>>> +                                  unsigned flags,
>>>> +                                  const struct iovec *iov,
>>>> +                                  int iovcnt) {
>>>> +    ssize_t ret = 0;
>>>> +    Filter *filter = NULL;
>>>> +    NetFilterState *nf = NULL;
>>>> +    ssize_t size = iov_size(iov, iovcnt);
>>>> +
>>>> +    QTAILQ_FOREACH(filter, &nc->filters, next) {
>>>> +        nf = filter->nf;
>>>> +        if (nf->chain == chain || nf->chain == NET_FILTER_ALL) {
>>>> +            ret = nf->info->receive_iov(nf, sender, flags, iov,
>>>> iovcnt);
>>>> +            if (ret == size) {
>>>> +                return ret;
>>>> +            }
>>>> +        }
>>>> +    }
>>>
>>> So if a packet is being stolen or blocked by one filter, it could only
>>> be flushed to destination? I think we need an API to flush it into next
>>> filter.
>>
>> Yes, we could, just call next filter's receive_iov, do I need to
>> introduce
>> the API now in this series? or introduce later when we actually need it?
>
> Consider it is a public API. better in this patch.

Ok, thanks, will add a patch to do this.

> .
>

-- 
Thanks,
Yang.