On 08/07/2015 10:46 AM, Yang Hongyang wrote: > add netfilter_{add|del} commands > This is mostly the same with netdev_{add|del} commands. > > When we delete the netdev, we also delete the netfilter object > attached to it, because if the netdev is removed, the filters > which attached to it is useless. > > Signed-off-by: Yang Hongyang <yan...@cn.fujitsu.com> > CC: Luiz Capitulino <lcapitul...@redhat.com> > CC: Markus Armbruster <arm...@redhat.com> > CC: Eric Blake <ebl...@redhat.com> > --- > v6: add multiqueue support (qemu_del_net_filter) > v5: squash "net: delete netfilter object when delete netdev" > --- > hmp-commands.hx | 30 +++++++++++++++ > hmp.c | 29 +++++++++++++++ > hmp.h | 4 ++ > include/net/filter.h | 3 ++ > monitor.c | 33 +++++++++++++++++ > net/filter.c | 101 > ++++++++++++++++++++++++++++++++++++++++++++++++++- > net/net.c | 10 +++++ > qapi-schema.json | 47 ++++++++++++++++++++++++ > qmp-commands.hx | 57 +++++++++++++++++++++++++++++ > 9 files changed, 313 insertions(+), 1 deletion(-) > > diff --git a/hmp-commands.hx b/hmp-commands.hx > index d3b7932..902e2d1 100644 > --- a/hmp-commands.hx > +++ b/hmp-commands.hx > @@ -1253,6 +1253,36 @@ Remove host network device. > ETEXI > > { > + .name = "netfilter_add", > + .args_type = "netfilter:O", > + .params = > "[type],id=str,netdev=str[,chain=in|out|all,prop=value][,...]", > + .help = "add netfilter", > + .mhandler.cmd = hmp_netfilter_add, > + .command_completion = netfilter_add_completion, > + }, > + > +STEXI > +@item netfilter_add > +@findex netfilter_add > +Add netfilter. > +ETEXI > + > + { > + .name = "netfilter_del", > + .args_type = "id:s", > + .params = "id", > + .help = "remove netfilter", > + .mhandler.cmd = hmp_netfilter_del, > + .command_completion = netfilter_del_completion, > + }, > + > +STEXI > +@item netfilter_del > +@findex netfilter_del > +Remove netfilter. > +ETEXI > + > + { > .name = "object_add", > .args_type = "object:O", > .params = "[qom-type=]type,id=str[,prop=value][,...]", > diff --git a/hmp.c b/hmp.c > index dcc66f1..09e3cda 100644 > --- a/hmp.c > +++ b/hmp.c > @@ -15,6 +15,7 @@ > > #include "hmp.h" > #include "net/net.h" > +#include "net/filter.h" > #include "net/eth.h" > #include "sysemu/char.h" > #include "sysemu/block-backend.h" > @@ -1599,6 +1600,34 @@ void hmp_netdev_del(Monitor *mon, const QDict *qdict) > hmp_handle_error(mon, &err); > } > > +void hmp_netfilter_add(Monitor *mon, const QDict *qdict) > +{ > + Error *err = NULL; > + QemuOpts *opts; > + > + opts = qemu_opts_from_qdict(qemu_find_opts("netfilter"), qdict, &err); > + if (err) { > + goto out; > + } > + > + netfilter_add(opts, &err); > + if (err) { > + qemu_opts_del(opts); > + } > + > +out: > + hmp_handle_error(mon, &err); > +} > + > +void hmp_netfilter_del(Monitor *mon, const QDict *qdict) > +{ > + const char *id = qdict_get_str(qdict, "id"); > + Error *err = NULL; > + > + qmp_netfilter_del(id, &err); > + hmp_handle_error(mon, &err); > +} > + > void hmp_object_add(Monitor *mon, const QDict *qdict) > { > Error *err = NULL; > diff --git a/hmp.h b/hmp.h > index 0cf4f2a..a21dbbb 100644 > --- a/hmp.h > +++ b/hmp.h > @@ -85,6 +85,8 @@ void hmp_device_del(Monitor *mon, const QDict *qdict); > void hmp_dump_guest_memory(Monitor *mon, const QDict *qdict); > void hmp_netdev_add(Monitor *mon, const QDict *qdict); > void hmp_netdev_del(Monitor *mon, const QDict *qdict); > +void hmp_netfilter_add(Monitor *mon, const QDict *qdict); > +void hmp_netfilter_del(Monitor *mon, const QDict *qdict); > void hmp_getfd(Monitor *mon, const QDict *qdict); > void hmp_closefd(Monitor *mon, const QDict *qdict); > void hmp_sendkey(Monitor *mon, const QDict *qdict); > @@ -112,6 +114,8 @@ void chardev_add_completion(ReadLineState *rs, int > nb_args, const char *str); > void set_link_completion(ReadLineState *rs, int nb_args, const char *str); > void netdev_add_completion(ReadLineState *rs, int nb_args, const char *str); > void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str); > +void netfilter_add_completion(ReadLineState *rs, int nb_args, const char > *str); > +void netfilter_del_completion(ReadLineState *rs, int nb_args, const char > *str); > void ringbuf_write_completion(ReadLineState *rs, int nb_args, const char > *str); > void watchdog_action_completion(ReadLineState *rs, int nb_args, > const char *str); > diff --git a/include/net/filter.h b/include/net/filter.h > index 7a858d8..f15d83d 100644 > --- a/include/net/filter.h > +++ b/include/net/filter.h > @@ -53,5 +53,8 @@ NetFilterState *qemu_new_net_filter(NetFilterInfo *info, > NetClientState *netdev, > const char *name, > int chain); > +void qemu_del_net_filter(NetFilterState *nf); > +void netfilter_add(QemuOpts *opts, Error **errp); > +void qmp_netfilter_add(QDict *qdict, QObject **ret, Error **errp); > > #endif /* QEMU_NET_FILTER_H */ > diff --git a/monitor.c b/monitor.c > index aeea2b5..d6b8f24 100644 > --- a/monitor.c > +++ b/monitor.c > @@ -31,6 +31,7 @@ > #include "hw/loader.h" > #include "exec/gdbstub.h" > #include "net/net.h" > +#include "net/filter.h" > #include "net/slirp.h" > #include "sysemu/char.h" > #include "ui/qemu-spice.h" > @@ -4193,6 +4194,21 @@ void netdev_add_completion(ReadLineState *rs, int > nb_args, const char *str) > } > } > [...] > +static int net_init_filter(void *dummy, QemuOpts *opts, Error **errp); > +void netfilter_add(QemuOpts *opts, Error **errp) > +{ > + net_init_filter(NULL, opts, errp); > +} > + > +void qmp_netfilter_add(QDict *qdict, QObject **ret, Error **errp) > +{ > + Error *local_err = NULL; > + QemuOptsList *opts_list; > + QemuOpts *opts; > + > + opts_list = qemu_find_opts_err("netfilter", &local_err); > + if (local_err) { > + goto out; > + } > + > + opts = qemu_opts_from_qdict(opts_list, qdict, &local_err); > + if (local_err) { > + goto out; > + } > + > + netfilter_add(opts, &local_err); > + if (local_err) { > + qemu_opts_del(opts); > + goto out; > + } > + > +out: > + error_propagate(errp, local_err); > +} > + > +void qmp_netfilter_del(const char *id, Error **errp) > +{ > + NetFilterState *nf; > + QemuOpts *opts; > + > + nf = qemu_find_netfilter(id); > + if (!nf) { > + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, > + "Device '%s' not found", id);
Should be "Filter '%s' not found" ? > + return; > + } > + > + opts = qemu_opts_find(qemu_find_opts_err("netfilter", NULL), id); > + if (!opts) { > + error_setg(errp, "Device '%s' is not a netfilter", id); Maybe "'%s' is not a filter" ? > + return; > + } > + > + qemu_del_net_filter(nf); > + qemu_opts_del(opts); How about moving qmp_opts_del() into qemu_del_net_filter() to avoid codes duplication?