[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC 0/1] Add BPF suuport to Qemu
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-devel] [RFC 0/1] Add BPF suuport to Qemu |
|
Date: |
Tue, 19 Jun 2018 14:49:33 +0100 |
|
User-agent: |
Mutt/1.9.5 (2018-04-13) |
On Tue, Jun 19, 2018 at 04:21:59PM +0300, Sameeh Jubran wrote:
> From: Sameeh Jubran <address@hidden>
>
> The Berkeley Packet Filter has been in the kernel for a while now and I
> think it is time that it is introduced to Qemu. This patch is an
> infrastructure for any future usage of the BPF in Qemu.
>
> It is important to note that the tun driver had started supporting using
> BPF programs through ioctls (TUNSETSTEERINGEBPF and TUNSETFILTEREBPF).
>
> At first, instead of adding the syscall wrappers, I wanted to integrate libbpf
> library which resides in the Linux source tree under tools/lib/bpf. It appears
> to be that by default it compiles to x64 on x64 arch - which can't be
> integrated into Qemu - and my attempts to compile the 32 bit versions have
> failed. What's more interesting is that the vendors don't provide this library
> in any package, which makes this library a nasty dependency.
>
> Please share your thoughts :)
IMHO there should be example usage illustrated for some part of QEMU
before we add any general infrastructure, as you can't really do a
useful design evaluation without understanding its usage.
It isn't clear that QEMU is neccessarily the best place to even do it, if
the intended usage is to provide network traffic firewalling for guest
NICs. eg libvirt already provides a firewalling system based on iptables,
that could have an BPFilter implementation added to it.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|