From fdccce4596218e49ca4d0f5d4b3f0c453bd99ba0 Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:14 +0800 Subject: init/cleanup of netfilter object Add a netfilter object based on QOM. A netfilter is attached to a netdev, captures all network packets that pass through the netdev. When we delete the netdev, we also delete the netfilter object attached to it, because if the netdev is removed, the filter which attached to it is useless. Signed-off-by: Yang Hongyang Reviewed-by: Markus Armbruster Signed-off-by: Jason Wang --- include/net/filter.h | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ include/net/net.h | 1 + include/qemu/typedefs.h | 1 + 3 files changed, 63 insertions(+) create mode 100644 include/net/filter.h (limited to 'include') diff --git a/include/net/filter.h b/include/net/filter.h new file mode 100644 index 0000000..be27dee --- /dev/null +++ b/include/net/filter.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2015 FUJITSU LIMITED + * Author: Yang Hongyang + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + */ + +#ifndef QEMU_NET_FILTER_H +#define QEMU_NET_FILTER_H + +#include "qom/object.h" +#include "qemu-common.h" +#include "qemu/typedefs.h" +#include "net/queue.h" + +#define TYPE_NETFILTER "netfilter" +#define NETFILTER(obj) \ + OBJECT_CHECK(NetFilterState, (obj), TYPE_NETFILTER) +#define NETFILTER_GET_CLASS(obj) \ + OBJECT_GET_CLASS(NetFilterClass, (obj), TYPE_NETFILTER) +#define NETFILTER_CLASS(klass) \ + OBJECT_CLASS_CHECK(NetFilterClass, (klass), TYPE_NETFILTER) + +typedef void (FilterSetup) (NetFilterState *nf, Error **errp); +typedef void (FilterCleanup) (NetFilterState *nf); +/* + * Return: + * 0: finished handling the packet, we should continue + * size: filter stolen this packet, we stop pass this packet further + */ +typedef ssize_t (FilterReceiveIOV)(NetFilterState *nc, + NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + NetPacketSent *sent_cb); + +typedef struct NetFilterClass { + ObjectClass parent_class; + + /* optional */ + FilterSetup *setup; + FilterCleanup *cleanup; + /* mandatory */ + FilterReceiveIOV *receive_iov; +} NetFilterClass; + + +struct NetFilterState { + /* private */ + Object parent; + + /* protected */ + char *netdev_id; + NetClientState *netdev; + NetFilterDirection direction; + QTAILQ_ENTRY(NetFilterState) next; +}; + +#endif /* QEMU_NET_FILTER_H */ diff --git a/include/net/net.h b/include/net/net.h index 6a6cbef..36e5fab 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -92,6 +92,7 @@ struct NetClientState { NetClientDestructor *destructor; unsigned int queue_index; unsigned rxfilter_notify_enabled:1; + QTAILQ_HEAD(, NetFilterState) filters; }; typedef struct NICState { diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h index 3a835ff..ee1ce1d 100644 --- a/include/qemu/typedefs.h +++ b/include/qemu/typedefs.h @@ -45,6 +45,7 @@ typedef struct Monitor Monitor; typedef struct MouseTransformInfo MouseTransformInfo; typedef struct MSIMessage MSIMessage; typedef struct NetClientState NetClientState; +typedef struct NetFilterState NetFilterState; typedef struct NICInfo NICInfo; typedef struct PcGuestInfo PcGuestInfo; typedef struct PCIBridge PCIBridge; -- cgit v1.1 From e64c770d1fa859bd8ee583d339b085fe345ac02b Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:15 +0800 Subject: netfilter: hook packets before net queue send Capture packets that will be sent. Signed-off-by: Yang Hongyang Reviewed-by: Thomas Huth Signed-off-by: Jason Wang --- include/net/filter.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include') diff --git a/include/net/filter.h b/include/net/filter.h index be27dee..db035b6 100644 --- a/include/net/filter.h +++ b/include/net/filter.h @@ -58,4 +58,12 @@ struct NetFilterState { QTAILQ_ENTRY(NetFilterState) next; }; +ssize_t qemu_netfilter_receive(NetFilterState *nf, + NetFilterDirection direction, + NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + NetPacketSent *sent_cb); + #endif /* QEMU_NET_FILTER_H */ -- cgit v1.1 From fefe2a78abde932e0f340b21bded2c86def1d242 Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:16 +0800 Subject: net: merge qemu_deliver_packet and qemu_deliver_packet_iov qemu_deliver_packet_iov already have the compat delivery, we can drop qemu_deliver_packet. Signed-off-by: Yang Hongyang Signed-off-by: Jason Wang --- include/net/net.h | 5 ----- 1 file changed, 5 deletions(-) (limited to 'include') diff --git a/include/net/net.h b/include/net/net.h index 36e5fab..7af3e15 100644 --- a/include/net/net.h +++ b/include/net/net.h @@ -152,11 +152,6 @@ void qemu_check_nic_model(NICInfo *nd, const char *model); int qemu_find_nic_model(NICInfo *nd, const char * const *models, const char *default_model); -ssize_t qemu_deliver_packet(NetClientState *sender, - unsigned flags, - const uint8_t *data, - size_t size, - void *opaque); ssize_t qemu_deliver_packet_iov(NetClientState *sender, unsigned flags, const struct iovec *iov, -- cgit v1.1 From 3e033a46a7e39ea31e15f1b53402df990977115a Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:17 +0800 Subject: net/queue: introduce NetQueueDeliverFunc net/queue.c has logic to send/queue/flush packets but a qemu_deliver_packet_iov() call is hardcoded. Abstract this func so that we can use our own deliver function in netfilter. Signed-off-by: Yang Hongyang Cc: Stefan Hajnoczi Signed-off-by: Jason Wang --- include/net/queue.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/queue.h b/include/net/queue.h index fc02b33..b4a7183 100644 --- a/include/net/queue.h +++ b/include/net/queue.h @@ -34,7 +34,18 @@ typedef void (NetPacketSent) (NetClientState *sender, ssize_t ret); #define QEMU_NET_PACKET_FLAG_NONE 0 #define QEMU_NET_PACKET_FLAG_RAW (1<<0) -NetQueue *qemu_new_net_queue(void *opaque); +/* Returns: + * >0 - success + * 0 - queue packet for future redelivery + * <0 - failure (discard packet) + */ +typedef ssize_t (NetQueueDeliverFunc)(NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + void *opaque); + +NetQueue *qemu_new_net_queue(NetQueueDeliverFunc *deliver, void *opaque); void qemu_del_net_queue(NetQueue *queue); -- cgit v1.1 From 7ef7bc8586fb0d41742a896b532c7afa2bbb7f84 Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:18 +0800 Subject: netfilter: add an API to pass the packet to next filter add an API qemu_netfilter_pass_to_next() to pass the packet to next filter. Signed-off-by: Yang Hongyang Reviewed-by: Thomas Huth Signed-off-by: Jason Wang --- include/net/filter.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/net/filter.h b/include/net/filter.h index db035b6..5639976 100644 --- a/include/net/filter.h +++ b/include/net/filter.h @@ -66,4 +66,11 @@ ssize_t qemu_netfilter_receive(NetFilterState *nf, int iovcnt, NetPacketSent *sent_cb); +/* pass the packet to the next filter */ +ssize_t qemu_netfilter_pass_to_next(NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + void *opaque); + #endif /* QEMU_NET_FILTER_H */ -- cgit v1.1 From a4960f52e7f402a4b7402ace204283de7b9d4879 Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:19 +0800 Subject: netfilter: print filter info associate with the netdev When execute "info network", print filter info also. add a info_str member to NetFilterState, store specific filters info. Signed-off-by: Yang Hongyang Signed-off-by: Jason Wang --- include/net/filter.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/net/filter.h b/include/net/filter.h index 5639976..2deda36 100644 --- a/include/net/filter.h +++ b/include/net/filter.h @@ -55,6 +55,7 @@ struct NetFilterState { char *netdev_id; NetClientState *netdev; NetFilterDirection direction; + char info_str[256]; QTAILQ_ENTRY(NetFilterState) next; }; -- cgit v1.1 From b68c7f76926dee3f234ccee88f3167b640d9318e Mon Sep 17 00:00:00 2001 From: Yang Hongyang Date: Wed, 7 Oct 2015 11:52:20 +0800 Subject: net/queue: export qemu_net_queue_append_iov This will be used by buffer filter implementation later to queue packets. Signed-off-by: Yang Hongyang Reviewed-by: Thomas Huth Signed-off-by: Jason Wang --- include/net/queue.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/net/queue.h b/include/net/queue.h index b4a7183..5469fdb 100644 --- a/include/net/queue.h +++ b/include/net/queue.h @@ -47,6 +47,13 @@ typedef ssize_t (NetQueueDeliverFunc)(NetClientState *sender, NetQueue *qemu_new_net_queue(NetQueueDeliverFunc *deliver, void *opaque); +void qemu_net_queue_append_iov(NetQueue *queue, + NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + NetPacketSent *sent_cb); + void qemu_del_net_queue(NetQueue *queue); ssize_t qemu_net_queue_send(NetQueue *queue, -- cgit v1.1