On 2015/7/24 18:55, Yang Hongyang wrote:
This patch add a net filter between network backend and NIC devices. All packets will pass by this filter. Also implement a netbuffer plugin for example, the netbuffer plugin could be used by VM FT solutions like Macrocheckpointing, to buffer/release packets. Based on this, dump plugin could be easily implemented.I've done some simple tests on this series, backend, tap,user NIC, e1000,virtio-net There's still some missing functions to be done, I've posted this early in order to gain more comments, thank you! TODO: multiqueue support. +--------------+ +-------------+ +----------+ | filter | |frontend(NIC)| | peer+--> | | | | network <--+backend <-------+ peer | | backend | | peer +-------> | +----------+ +--------------+ +-------------+ Usage: -netdev tap,id=bn0 # you can use whatever backend as needed -netdev filter,id=f0,backend=bn0 -netdev filter-<plugin>,id=p0,filter=f0 -device e1000,netdev=f0
Have you considered Daniel's suggestion ? Using the bellow style: -netfilter id=f0,plugin=dump -netdev tap,id=bn0,filter=f0 -device e1000,netdev=bn0 Considering the filter as a new 'netdev' seems to be unreasonable, Whenever we add a new plugin, we have to add a new member to 'NetClientOptions', there will be lots of 'filter' objects in NetClientOptions area. Besides when we want to describe a net device with several filter plugin for VM, it will become like: -netdev tap,id=bn0 -netdev filter,id=f0,backend=bn0 -netdev filter-<plugin-0>,id=p0,filter=f0 -netdev filter-<plugin-1>,id=p1,filter=f1 ... ... -device e1000,netdev=f0 Which is a little verbose for 'netdev' option. We'd better come to an agreement on the command line style for net filter :) Cc: Daniel P. Berrange <berra...@redhat.com> Thanks, zhanghailiang
NOTE: You can attach multiple plugins to the filter, dynamically add/remove filter and filter-<plugin>. The netbuffer plugin: Usage: -netdev tap,id=bn0 # you can use whatever backend as needed -netdev filter,id=f0,backend=bn0 -netdev filter-buffer,id=p0,filter=f0 -device e1000,netdev=f0 Will supply a public API to release the buffer. But there's no callers currently. To test this feature, it's quite simple, just use netdev_add filter-buffer,id=p0,filter=f0 to buffer packets, netdev_del p0 will release packets. You can also implement whatever plugin you needed based on this filter. Yang Hongyang (9): netdev: Add a net filter virtio-net: add filter support filter: remove plugins when remove filter filter: remove filter before remove network backend filter: add netbuffer plugin introduce qemu_find_net_clients_by_model net/queue: export qemu_net_queue_append move out net queue structs define add a public api to release buffer hw/net/virtio-net.c | 17 ++- include/net/filter.h | 21 ++++ include/net/net.h | 5 + include/net/queue.h | 26 ++++ net/Makefile.objs | 2 + net/clients.h | 6 + net/filter-buffer.c | 185 ++++++++++++++++++++++++++++ net/filter.c | 331 +++++++++++++++++++++++++++++++++++++++++++++++++++ net/net.c | 51 +++++++- net/queue.c | 31 +---- qapi-schema.json | 40 ++++++- 11 files changed, 679 insertions(+), 36 deletions(-) create mode 100644 include/net/filter.h create mode 100644 net/filter-buffer.c create mode 100644 net/filter.c
