Run the loaded userspace ebpf program with the packet.
Signed-off-by: Zhang Chen <chen.zh...@intel.com>
---
net/filter-ubpf.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/net/filter-ubpf.c b/net/filter-ubpf.c
index c63a021759..554cc24d8f 100644
--- a/net/filter-ubpf.c
+++ b/net/filter-ubpf.c
@@ -20,6 +20,8 @@
#include "qemu/error-report.h"
#include "trace.h"
#include "ebpf/ubpf.h"
+#include "colo.h"
+#include "util.h"
#define TYPE_FILTER_UBPF "filter-ubpf"
OBJECT_DECLARE_SIMPLE_TYPE(FiliterUbpfState, FILTER_UBPF)
@@ -38,9 +40,43 @@ static ssize_t filter_ubpf_receive_iov(NetFilterState *nf,
int iovcnt,
NetPacketSent *sent_cb)
{
- /* TODO: handle packet by loaded userspace ebpf program */
+ FiliterUbpfState *s = FILTER_UBPF(nf);
+ size_t size;
+ char *buf;
+ Packet *pkt = NULL;
+ uint64_t result;
+
+ size = iov_size(iov, iovcnt);
+ if (!size) {
+ return 0;
+ }
+
+ buf = g_malloc(size);
+ if (unlikely(iov_to_buf(iov, iovcnt, 0, buf, size) != size)) {
+ g_free(buf);
+ return 0;
+ }
+
+ pkt = packet_new_nocopy(buf, size, 0);
- return 0;
+ if (parse_packet_early(pkt)) {
+ packet_destroy(pkt, NULL);
+ pkt = NULL;
+ return 0;
+ }
+
+ if (s->ip_mode) {
+ result = qemu_ubpf_run_once(&s->ubpf, pkt->ip, sizeof(struct ip));
+ } else {
+ result = qemu_ubpf_run_once(&s->ubpf, pkt->data, pkt->size);
+ }
+
+ /* If result == 1, means trigger the ebpf program rules */
+ if (result) {
+ return -1;
+ } else {
+ return 0;
+ }
}
static void filter_ubpf_cleanup(NetFilterState *nf)
--
2.25.1
