From patchwork Wed Sep 9 07:24:37 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yang Hongyang X-Patchwork-Id: 515726 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 95CCC140180 for ; Wed, 9 Sep 2015 17:28:13 +1000 (AEST) Received: from localhost ([::1]:40395 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZZnf-0005Uu-JT for incoming@patchwork.ozlabs.org; Wed, 09 Sep 2015 03:28:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35170) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZZkj-0000mN-Id for qemu-devel@nongnu.org; Wed, 09 Sep 2015 03:25:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZZZki-0005QE-Lg for qemu-devel@nongnu.org; Wed, 09 Sep 2015 03:25:09 -0400 Received: from [59.151.112.132] (port=53279 helo=heian.cn.fujitsu.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZZZkg-000588-S3 for qemu-devel@nongnu.org; Wed, 09 Sep 2015 03:25:08 -0400 X-IronPort-AV: E=Sophos;i="5.15,520,1432569600"; d="scan'208";a="100509193" Received: from bogon (HELO edo.cn.fujitsu.com) ([10.167.33.5]) by heian.cn.fujitsu.com with ESMTP; 09 Sep 2015 15:27:59 +0800 Received: from G08CNEXCHPEKD02.g08.fujitsu.local (localhost.localdomain [127.0.0.1]) by edo.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id t897OnGm032211; Wed, 9 Sep 2015 15:24:49 +0800 Received: from localhost (10.167.226.223) by G08CNEXCHPEKD02.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP Server (TLS) id 14.3.181.6; Wed, 9 Sep 2015 15:25:01 +0800 From: Yang Hongyang To: Date: Wed, 9 Sep 2015 15:24:37 +0800 Message-ID: <1441783481-17698-7-git-send-email-yanghy@cn.fujitsu.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1441783481-17698-1-git-send-email-yanghy@cn.fujitsu.com> References: <1441783481-17698-1-git-send-email-yanghy@cn.fujitsu.com> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 59.151.112.132 Cc: thuth@redhat.com, zhang.zhanghailiang@huawei.com, lizhijian@cn.fujitsu.com, jasowang@redhat.com, armbru@redhat.com, stefanha@redhat.com, Yang Hongyang Subject: [Qemu-devel] [PATCH v10 06/10] netfilter: add an API to pass the packet to next filter X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org add an API qemu_netfilter_pass_to_next() to pass the packet to next filter. Signed-off-by: Yang Hongyang Reviewed-by: Thomas Huth --- v10: adjust as a NetQueueDeliverFunc v9: fix a bug when curr filter chain is all v5: fold params to NetPacket struct --- include/net/filter.h | 7 ++++++ net/filter.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/include/net/filter.h b/include/net/filter.h index 4557cb9..ed2bb66 100644 --- a/include/net/filter.h +++ b/include/net/filter.h @@ -57,4 +57,11 @@ struct NetFilterState { QTAILQ_ENTRY(NetFilterState) next; }; +/* pass the packet to the next filter */ +ssize_t qemu_netfilter_pass_to_next(NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + void *opaque); + #endif /* QEMU_NET_FILTER_H */ diff --git a/net/filter.c b/net/filter.c index 5192c6d..086f271 100644 --- a/net/filter.c +++ b/net/filter.c @@ -14,9 +14,69 @@ #include "net/net.h" #include "net/vhost_net.h" #include "qom/object_interfaces.h" +#include "qemu/iov.h" static QTAILQ_HEAD(, NetFilterState) net_filters; +ssize_t qemu_netfilter_pass_to_next(NetClientState *sender, + unsigned flags, + const struct iovec *iov, + int iovcnt, + void *opaque) +{ + int ret = 0; + int chain; + NetFilterState *nf = opaque; + NetFilterState *next = QTAILQ_NEXT(nf, next); + + if (!sender || !sender->peer) { + /* no receiver, or sender been deleted, no need to pass it further */ + goto out; + } + + if (nf->chain == NET_FILTER_CHAIN_ALL) { + if (sender == nf->netdev) { + /* This packet is sent by netdev itself */ + chain = NET_FILTER_CHAIN_OUT; + } else { + chain = NET_FILTER_CHAIN_IN; + } + } else { + chain = nf->chain; + } + + while (next) { + if (next->chain == chain || next->chain == NET_FILTER_CHAIN_ALL) { + /* + * if qemu_netfilter_pass_to_next been called, means that + * the packet has been hold by filter and has already retured size + * to the sender, so sent_cb shouldn't be called later, just + * pass NULL to next. + */ + ret = NETFILTER_GET_CLASS(OBJECT(next))->receive_iov( + next, sender, flags, iov, iovcnt, NULL); + if (ret) { + return ret; + } + } + next = QTAILQ_NEXT(next, next); + } + + /* + * We have gone through all filters, pass it to receiver. + * Do the valid check again incase sender or receiver been + * deleted while we go through filters. + */ + if (sender && sender->peer) { + return qemu_net_queue_send_iov(sender->peer->incoming_queue, + sender, flags, iov, iovcnt, NULL); + } + +out: + /* no receiver, or sender been deleted */ + return iov_size(iov, iovcnt); +} + static char *netfilter_get_netdev_id(Object *obj, Error **errp) { NetFilterState *nf = NETFILTER(obj);