On 07/31/2015 04:24 PM, Yang Hongyang wrote:
>
>
> On 07/31/2015 02:06 PM, Jason Wang wrote:
>>
>>
>> On 07/31/2015 12:13 PM, Yang Hongyang wrote:
>>> Capture packets that will be sent.
>>>
>>> Signed-off-by: Yang Hongyang <yan...@cn.fujitsu.com>
>>> ---
>>> include/net/filter.h | 8 +++++++
>>> net/filter.c | 1 +
>>> net/net.c | 67
>>> +++++++++++++++++++++++++++++++++++++++++++++++++++-
>>> 3 files changed, 75 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/include/net/filter.h b/include/net/filter.h
>>> index 1b6f896..93579c1 100644
>>> --- a/include/net/filter.h
>>> +++ b/include/net/filter.h
>>> @@ -19,11 +19,19 @@ enum {
>>> };
>>>
>>> typedef void (FilterCleanup) (NetFilterState *);
>>> +/*
>>> + * Return:
>>> + * 0: finished handling the packet, we should continue
>>> + * size: filter stolen this packet, we stop pass this packet further
>>> + */
>>> +typedef ssize_t (FilterReceiveIOV)(NetFilterState *, NetClientState
>>> *sender,
>>> + unsigned flags, const struct
>>> iovec *, int);
>>>
>>> typedef struct NetFilterInfo {
>>> NetFilterOptionsKind type;
>>> size_t size;
>>> FilterCleanup *cleanup;
>>> + FilterReceiveIOV *receive_iov;
>>
>> Please move this to patch 2.
>
> Ok, thanks!
>
>>
>>> } NetFilterInfo;
>>>
>>> struct NetFilterState {
>>> diff --git a/net/filter.c b/net/filter.c
>>> index b3a2285..1ae9344 100644
>>> --- a/net/filter.c
>>> +++ b/net/filter.c
>>> @@ -29,6 +29,7 @@ NetFilterState *qemu_new_net_filter(NetFilterInfo
>>> *info,
>>> NetFilterState *nf;
>>>
>>> assert(info->size >= sizeof(NetFilterState));
>>> + assert(info->receive_iov);
>>>
>>> nf = g_malloc0(info->size);
>>> nf->info = info;
>>> diff --git a/net/net.c b/net/net.c
>>> index 22748e0..b55d934 100644
>>> --- a/net/net.c
>>> +++ b/net/net.c
>>> @@ -24,6 +24,7 @@
>>> #include "config-host.h"
>>>
>>> #include "net/net.h"
>>> +#include "net/filter.h"
>>> #include "clients.h"
>>> #include "hub.h"
>>> #include "net/slirp.h"
>>> @@ -592,6 +593,42 @@ int qemu_can_send_packet(NetClientState *sender)
>>> return 1;
>>> }
>>>
>>> +static ssize_t filter_receive_iov(NetClientState *nc, int chain,
>>> + NetClientState *sender,
>>> + unsigned flags,
>>> + const struct iovec *iov,
>>> + int iovcnt) {
>>> + ssize_t ret = 0;
>>> + Filter *filter = NULL;
>>> + NetFilterState *nf = NULL;
>>> + ssize_t size = iov_size(iov, iovcnt);
>>> +
>>> + QTAILQ_FOREACH(filter, &nc->filters, next) {
>>> + nf = filter->nf;
>>> + if (nf->chain == chain || nf->chain == NET_FILTER_ALL) {
>>> + ret = nf->info->receive_iov(nf, sender, flags, iov,
>>> iovcnt);
>>> + if (ret == size) {
>>> + return ret;
>>> + }
>>> + }
>>> + }
>>
>> So if a packet is being stolen or blocked by one filter, it could only
>> be flushed to destination? I think we need an API to flush it into next
>> filter.
>
> Yes, we could, just call next filter's receive_iov, do I need to
> introduce
> the API now in this series? or introduce later when we actually need it?
Consider it is a public API. better in this patch.
