This patch add an netfilter abstract object, captures all network packets on associated netdev. Also implement a concrete filter buffer based on this abstract object. the "buffer" netfilter could be used by VM FT solutions like MicroCheckpointing, to buffer/release packets. Or to simulate packet delay.
You can also get the series from: https://github.com/macrosheep/qemu/tree/netfilter-v11 Usage: -netdev tap,id=bn0 -device e1000,netdev=bn0 -object filter-buffer,id=f0,netdev=bn0,chain=in,interval=1000 dynamically add/remove netfilters: object_add filter-buffer,id=f0,netdev=bn0,chain=in,interval=1000 object_del f0 NOTE: interval's scale is microsecond. chain is optional, and is one of in|out|all, default is "all". "in" means this filter will receive packets sent to the @netdev "out" means this filter will receive packets sent from the @netdev "all" means this filter will receive packets both sent to/from the @netdev v11: - address Jason&Daniel's comments - add multiqueue support, the last 2 patches - rebased to the latest master v10: - Reimplemented using QOM (suggested by stefan) - Do not export NetQueue internals (suggested by stefan) - see individual patch for detail v9: - squash command description and help to patch 1&3 - qapi changes according to Markus&Eric's comments - see individual patch for detail v8: - some minor fixes according to Thomas's comments - rebased to the latest master branch v7: - print filter info when execute 'info network' - addressed Jason's comments v6: - add multiqueue support, please see individual patch for detail v5: - add a sent_cb param to filter receive_iov api - squash the 4th patch into patch 3 - remove dummy sent_cb (buffer filter) - addressed Jason's other comments, see individual patches for detail v4: - get rid of struct Filter - squash the 4th patch into patch 2 - fix qemu_netfilter_pass_to_next_iov - get rid of bh (buffer filter) - release the packet to next filter instead of to receiver (buffer filter) v3: - add an api to pass the packet to next filter - remove netfilters when delete netdev - add qtest testcases for netfilter - addressed comments from Jason v2: - add a chain option to netfilter object - move the hook place earlier, before net_queue_send - drop the unused api in buffer filter - squash buffer filter patches into one - remove receive() api from netfilter, only receive_iov() is enough - addressed comments from Jason&Thomas v1: initial patch. Yang Hongyang (12): qmp: delete qemu opts when delete an object init/cleanup of netfilter object netfilter: hook packets before net queue send net: merge qemu_deliver_packet and qemu_deliver_packet_iov net/queue: introduce NetQueueDeliverFunc netfilter: add an API to pass the packet to next filter netfilter: print filter info associate with the netdev net/queue: export qemu_net_queue_append_iov netfilter: add a netbuffer filter tests: add test cases for netfilter object netfilter/multiqueue: introduce netfilter name netfilter: add multiqueue support include/net/filter.h | 76 ++++++++++++ include/net/net.h | 6 +- include/net/queue.h | 20 +++- include/qemu/typedefs.h | 1 + net/Makefile.objs | 2 + net/filter-buffer.c | 170 +++++++++++++++++++++++++++ net/filter.c | 306 ++++++++++++++++++++++++++++++++++++++++++++++++ net/net.c | 108 +++++++++++++---- net/queue.c | 24 ++-- qapi-schema.json | 18 +++ qemu-options.hx | 18 +++ qmp.c | 4 + tests/.gitignore | 1 + tests/Makefile | 2 + tests/test-netfilter.c | 200 +++++++++++++++++++++++++++++++ vl.c | 18 ++- 16 files changed, 927 insertions(+), 47 deletions(-) create mode 100644 include/net/filter.h create mode 100644 net/filter-buffer.c create mode 100644 net/filter.c create mode 100644 tests/test-netfilter.c -- 1.9.1
