This patch add an netfilter abstract object, captures all network packets
on associated netdev. Also implement a concrete filter buffer based on
this abstract object. the "buffer" netfilter could be used by VM FT solutions
like MicroCheckpointing, to buffer/release packets. Or to simulate
packet delay.
You can also get the series from:
https://github.com/macrosheep/qemu/tree/netfilter-v10
Usage:
-netdev tap,id=bn0
-device e1000,netdev=bn0
-object filter-buffer,id=f0,netdev=bn0,chain=in,interval=1000
dynamically add/remove netfilters:
object_add filter-buffer,id=f0,netdev=bn0,chain=in,interval=1000
object_del f0
NOTE:
interval's scale is microsecond.
chain is optional, and is one of in|out|all, default is "all".
"in" means this filter will receive packets sent to the @netdev
"out" means this filter will receive packets sent from the @netdev
"all" means this filter will receive packets both sent to/from
the @netdev
TODO:
- multiqueue
v10:
- Reimplemented using QOM (suggested by stefan)
- Do not export NetQueue internals (suggested by stefan)
- see individual patch for detail
v9:
- squash command description and help to patch 1&3
- qapi changes according to Markus&Eric's comments
- see individual patch for detail
v8:
- some minor fixes according to Thomas's comments
- rebased to the latest master branch
v7:
- print filter info when execute 'info network'
- addressed Jason's comments
v6:
- add multiqueue support, please see individual patch for detail
v5:
- add a sent_cb param to filter receive_iov api
- squash the 4th patch into patch 3
- remove dummy sent_cb (buffer filter)
- addressed Jason's other comments, see individual patches for detail
v4:
- get rid of struct Filter
- squash the 4th patch into patch 2
- fix qemu_netfilter_pass_to_next_iov
- get rid of bh (buffer filter)
- release the packet to next filter instead of to receiver (buffer filter)
v3:
- add an api to pass the packet to next filter
- remove netfilters when delete netdev
- add qtest testcases for netfilter
- addressed comments from Jason
v2:
- add a chain option to netfilter object
- move the hook place earlier, before net_queue_send
- drop the unused api in buffer filter
- squash buffer filter patches into one
- remove receive() api from netfilter, only receive_iov() is enough
- addressed comments from Jason&Thomas
v1:
initial patch.
Yang Hongyang (10):
qmp: delete qemu opts when delete an object
init/cleanup of netfilter object
netfilter: hook packets before net queue send
net: merge qemu_deliver_packet and qemu_deliver_packet_iov
net/queue: introduce NetQueueDeliverFunc
netfilter: add an API to pass the packet to next filter
netfilter: print filter info associate with the netdev
net/queue: export qemu_net_queue_append_iov
netfilter: add a netbuffer filter
tests: add test cases for netfilter object
include/net/filter.h | 68 ++++++++++++++++
include/net/net.h | 6 +-
include/net/queue.h | 20 ++++-
include/qemu/typedefs.h | 1 +
net/Makefile.objs | 2 +
net/filter-buffer.c | 169 ++++++++++++++++++++++++++++++++++++++
net/filter.c | 213 ++++++++++++++++++++++++++++++++++++++++++++++++
net/net.c | 116 ++++++++++++++++++++------
net/queue.c | 24 ++++--
qapi-schema.json | 18 ++++
qemu-options.hx | 18 ++++
qmp.c | 4 +
tests/.gitignore | 1 +
tests/Makefile | 2 +
tests/test-netfilter.c | 200 +++++++++++++++++++++++++++++++++++++++++++++
vl.c | 18 ++--
16 files changed, 833 insertions(+), 47 deletions(-)
create mode 100644 include/net/filter.h
create mode 100644 net/filter-buffer.c
create mode 100644 net/filter.c
create mode 100644 tests/test-netfilter.c