On 09/16/2015 06:15 AM, Yang Hongyang wrote: > Add a netfilter object based on QOM. > > A netfilter is attached to a netdev, captures all network packets > that pass through the netdev. When we delete the netdev, we also > delete the netfilter object attached to it, because if the netdev is > removed, the filter which attached to it is useless. > > QTAILQ_ENTRY next used by netdev, filter belongs to the specific netdev is > in this queue. > > Also init delayed object after net_init_clients, because netfilters need > to be initialized after net clients initialized. > > Signed-off-by: Yang Hongyang <yan...@cn.fujitsu.com> > ---
Interface review:
> +++ b/qapi-schema.json
> @@ -2551,6 +2551,24 @@
> 'opts': 'NetClientOptions' } }
>
> ##
> +# @NetFilterChain
> +#
> +# netfilter chain, a netfilter is attached to a netdev, captures the
> +# network packets of the netdev.
Grammar. Maybe:
This enum describes which packets are being tracked by a netfilter chain
attached as a filter to a netdev object.
> +#
> +# @all: the filter will receive packets both sent to/from the netdev, this
> +# is the default chain.
> +#
> +# @in: the filter will receive packets sent to the netdev.
> +#
> +# @out: the filter will receive packets sent from the netdev.
> +#
> +# Since 2.5
> +##
> +{ 'enum': 'NetFilterChain',
> + 'data': [ 'all', 'in', 'out' ] }
I don't see any other QMP usage of this enum anywhere in the series. Are
you planning on supporting QMP? If so, let's get that design discussion
started. If not, why not?
In particular, you may want to base things on top of my work to make QMP
'netdev_add' a full-fledged introspectible command (still pending some
qapi commits landing upstream):
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02602.html
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
