qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC 0/1] Add BPF suuport to Qemu

From: Sameeh Jubran
Subject: Re: [Qemu-devel] [RFC 0/1] Add BPF suuport to Qemu
Date: Tue, 19 Jun 2018 17:37:10 +0300 
This patch is actually a preparation for an upcoming patch set that I want
to integrate into virtio-net which implements the RSS feature. (
https://lists.oasis-open.org/archives/virtio-dev/201805/msg00024.html)
So there is a use case. The rationale behind this is to distinguish the
infrastructure preparation needed for the BPF from the actual RSS feature
implementation.

On Tue, Jun 19, 2018 at 4:49 PM, Daniel P. Berrangé <address@hidden>
wrote:

> On Tue, Jun 19, 2018 at 04:21:59PM +0300, Sameeh Jubran wrote:
> > From: Sameeh Jubran <address@hidden>
> >
> > The Berkeley Packet Filter has been in the kernel for a while now and I
> > think it is time that it is introduced to Qemu. This patch is an
> > infrastructure for any future usage of the BPF in Qemu.
> >
> > It is important to note that the tun driver had started supporting using
> > BPF programs through ioctls (TUNSETSTEERINGEBPF and TUNSETFILTEREBPF).
> >
> > At first, instead of adding the syscall wrappers, I wanted to integrate
> libbpf
> > library which resides in the Linux source tree under tools/lib/bpf. It
> appears
> > to be that by default it compiles to x64 on x64 arch - which can't be
> > integrated into Qemu  - and my attempts to compile the 32 bit versions
> have
> > failed. What's more interesting is that the vendors don't provide this
> library
> > in any package, which makes this library a nasty dependency.
> >
> > Please share your thoughts :)
>
> IMHO there should be example usage illustrated for some part of QEMU
> before we add any general infrastructure, as you can't really do a
> useful design evaluation without understanding its usage.
>
> It isn't clear that QEMU is neccessarily the best place to even do it, if
> the intended usage is to provide network traffic firewalling for guest
> NICs. eg libvirt already provides a firewalling system based on iptables,
> that could have an BPFilter implementation added to it.
>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    https://www.flickr.com/photos/
> dberrange :|
> |: https://libvirt.org         -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/
> dberrange :|
>



-- 
Respectfully,
*Sameeh Jubran*
*Linkedin <https://il.linkedin.com/pub/sameeh-jubran/87/747/a8a>*
*Software Engineer @ Daynix <http://www.daynix.com>.*
reply via email to
[Prev in Thread] Current Thread [Next in Thread]