Re: [Qemu-devel] [PATCH 09/12] netfilter: add a netbuffer filter

[Yang Hongyang]

On 07/30/2015 01:13 PM, Jason Wang wrote:
[...]
> > +    if (sender->info->type == NET_CLIENT_OPTIONS_KIND_NIC) {
> > +        /* we only buffer guest output packets */
> > +        qemu_net_queue_append(queue, sender, flags, data, size,
> > +                              packet_send_completed);
>
> This may brings some confusion for user. Since the name is 'netbuffer'.
> Maybe we can change the filter to be ingress or out or both? Like:
>
> -device virtio-net-pci,id=virtio0
> -netfilter buffer,id=filter0,dev=virtio0,interval=1000,type=out
>
> Then we can just try to enqueue the packet when virtio-net-pci is sender?

A good idea, I also thought about this, but a question, should we make
this type option a mandatory to netfilter object or optional? if it's
optional, the default will be "all"

> > +        /* Now that we have buffered the packet, return sucess */
> > +        return size;
> > +    }
> > +
> > +    return 0;
> > +}
> > +
> > +static void filter_buffer_cleanup(NetFilterState *nf)
> > +{
> > +    FILTERBUFFERState *s = DO_UPCAST(FILTERBUFFERState, nf, nf);
> > +
> > +    /* flush inflight packets */
> > +    filter_buffer_flush(nf);
> > +    /* flush incoming packets */
> > +    s->inflight_queue = s->incoming_queue;
> > +    s->incoming_queue = NULL;
> > +    filter_buffer_flush(nf);
> > +
> > +    return;
> > +}
> > +
> > +
> > +static NetFilterInfo net_filter_buffer_info = {
> > +    .type = NET_FILTER_OPTIONS_KIND_BUFFER,
> > +    .size = sizeof(FILTERBUFFERState),
> > +    .receive = filter_buffer_receive,
> > +    .cleanup = filter_buffer_cleanup,
> > +};
> > +
> > +int net_init_filter_buffer(const NetFilterOptions *opts, const char *name,
> > +                           NetClientState *netdev, Error **errp)
> > +{
> > +    NetFilterState *nf;
> > +    FILTERBUFFERState *s;
> > +
> > +    assert(opts->kind == NET_FILTER_OPTIONS_KIND_BUFFER);
> > +
> > +    nf = qemu_new_net_filter(&net_filter_buffer_info, netdev, "buffer", name);
> > +    s = DO_UPCAST(FILTERBUFFERState, nf, nf);
> > +    /*
> > +     * we need the dummy NetClientState to send packets in order to avoid
> > +     * receive packets again.
> > +     * we are buffering guest output packets, our buffered packets should be
> > +     * sent to real network backend, so dummy's peer should be that backend.
> > +     */
> > +    s->dummy.peer = netdev;
> > +    s->incoming_queue = qemu_new_net_queue(nf);
> > +
> > +    return 0;
> > +}
> > diff --git a/net/filter.c b/net/filter.c
> > index 50fb837..e741e2a 100644
> > --- a/net/filter.c
> > +++ b/net/filter.c
> > @@ -18,6 +18,7 @@
> >
> >   #include "net/filter.h"
> >   #include "net/net.h"
> > +#include "filters.h"
> >
> >   static QTAILQ_HEAD(, NetFilterState) net_filters;
> >
> > @@ -152,6 +153,7 @@ typedef int (NetFilterInit)(const NetFilterOptions *opts,
> >
> >   static
> >   NetFilterInit * const net_filter_init_fun[NET_FILTER_OPTIONS_KIND_MAX] = {
> > +    [NET_FILTER_OPTIONS_KIND_BUFFER] = net_init_filter_buffer,
> >   };
> >
> >   static int net_filter_init1(const NetFilter *netfilter, Error **errp)
> > diff --git a/net/filters.h b/net/filters.h
> > new file mode 100644
> > index 0000000..6c249b8
> > --- /dev/null
> > +++ b/net/filters.h
> > @@ -0,0 +1,17 @@
> > +/*
> > + * Copyright (c) 2015 FUJITSU LIMITED
> > + *
> > + * This work is licensed under the terms of the GNU GPL, version 2 or
> > + * later.  See the COPYING file in the top-level directory.
> > + */
> > +
> > +#ifndef QEMU_NET_FILTERS_H
> > +#define QEMU_NET_FILTERS_H
> > +
> > +#include "net/net.h"
> > +#include "net/filter.h"
> > +
> > +int net_init_filter_buffer(const NetFilterOptions *opts, const char *name,
> > +                           NetClientState *netdev, Error **errp);
> > +
> > +#endif /* QEMU_NET_FILTERS_H */
> > diff --git a/qapi-schema.json b/qapi-schema.json
> > index 1fc6390..67e00a0 100644
> > --- a/qapi-schema.json
> > +++ b/qapi-schema.json
> > @@ -2577,6 +2577,16 @@
> >   { 'command': 'netfilter_del', 'data': {'id': 'str'} }
> >
> >   ##
> > +# @NetFilterBufferOptions
> > +#
> > +# a netbuffer filter for network backend.
> > +#
> > +# Since 2.5
> > +##
> > +{ 'struct': 'NetFilterBufferOptions',
> > +  'data': { } }
> > +
> > +##
> >   # @NetFilterOptions
> >   #
> >   # A discriminated record of network filters.
> > @@ -2585,7 +2595,8 @@
> >   #
> >   ##
> >   { 'union': 'NetFilterOptions',
> > -  'data': { } }
> > +  'data': {
> > +    'buffer':     'NetFilterBufferOptions'} }
> >
> >   ##
> >   # @NetFilter
>
> .

--
Thanks,
Yang.