On Tue, Jun 19, 2018 at 04:21:59PM +0300, Sameeh Jubran wrote:
From: Sameeh Jubran <address@hidden>
The Berkeley Packet Filter has been in the kernel for a while now and I
think it is time that it is introduced to Qemu. This patch is an
infrastructure for any future usage of the BPF in Qemu.
It is important to note that the tun driver had started supporting using
BPF programs through ioctls (TUNSETSTEERINGEBPF and TUNSETFILTEREBPF).
At first, instead of adding the syscall wrappers, I wanted to integrate libbpf
library which resides in the Linux source tree under tools/lib/bpf. It appears
to be that by default it compiles to x64 on x64 arch - which can't be
integrated into Qemu - and my attempts to compile the 32 bit versions have
failed. What's more interesting is that the vendors don't provide this library
in any package, which makes this library a nasty dependency.
Please share your thoughts :)
IMHO there should be example usage illustrated for some part of QEMU
before we add any general infrastructure, as you can't really do a
useful design evaluation without understanding its usage.
It isn't clear that QEMU is neccessarily the best place to even do it, if
the intended usage is to provide network traffic firewalling for guest
NICs. eg libvirt already provides a firewalling system based on iptables,
that could have an BPFilter implementation added to it.