diff mbox

[V6,02/10] net/filter-mirror.c: Make filter mirror support vnet support.

Message ID 1496829322-17099-3-git-send-email-zhangchen.fnst@cn.fujitsu.com (mailing list archive)
State New, archived
Headers show

Commit Message

Zhang Chen June 7, 2017, 9:55 a.m. UTC
We add the vnet_hdr_support option for filter-mirror, default is disable.
If you use virtio-net-pci net driver, please enable it.
You can use it for example:
-object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0,vnet_hdr_support

If have vnet_hdr_support flag, we will change the send packet format from
struct {int size; const uint8_t buf[];} to {int size; int vnet_hdr_len; const uint8_t buf[];}.
make other module(like colo-compare) know how to parse net packet correctly.

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
---
 net/filter-mirror.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++----
 qemu-options.hx     |  5 ++--
 2 files changed, 66 insertions(+), 8 deletions(-)

Comments

Jason Wang June 9, 2017, 6:08 a.m. UTC | #1
On 2017年06月07日 17:55, Zhang Chen wrote:
> We add the vnet_hdr_support option for filter-mirror, default is disable.

s/disable/disabled/

> If you use virtio-net-pci net driver, please enable it.
> You can use it for example:
> -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0,vnet_hdr_support
>
> If have vnet_hdr_support flag,

If it has

>   we will change the send packet format from

s/send/sending/

> struct {int size; const uint8_t buf[];} to {int size; int vnet_hdr_len; const uint8_t buf[];}.
> make other module(like colo-compare) know how to parse net packet correctly.

Please double check the commit logs, some have obvious grammar issues.

>
> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> ---
>   net/filter-mirror.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++----
>   qemu-options.hx     |  5 ++--
>   2 files changed, 66 insertions(+), 8 deletions(-)
>
> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
> index 72fa7c2..50aa81b 100644
> --- a/net/filter-mirror.c
> +++ b/net/filter-mirror.c
> @@ -38,15 +38,17 @@ typedef struct MirrorState {
>       NetFilterState parent_obj;
>       char *indev;
>       char *outdev;
> +    bool vnet_hdr;
>       CharBackend chr_in;
>       CharBackend chr_out;
>       SocketReadState rs;
>   } MirrorState;
>   
> -static int filter_mirror_send(CharBackend *chr_out,
> +static int filter_mirror_send(MirrorState *s,
>                                 const struct iovec *iov,
>                                 int iovcnt)

This function were renamed to filter_send in your commit 
e05dc4cf56d70225fc76225a3fd7df9f7b8ca5f9 ("net/filter-mirror.c: Rename 
filter_mirror_send() and fix codestyle")

>   {
> +    NetFilterState *nf = NETFILTER(s);
>       int ret = 0;
>       ssize_t size = 0;
>       uint32_t len = 0;
> @@ -58,14 +60,43 @@ static int filter_mirror_send(CharBackend *chr_out,
>       }
>   
>       len = htonl(size);
> -    ret = qemu_chr_fe_write_all(chr_out, (uint8_t *)&len, sizeof(len));
> +    ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, sizeof(len));

This looks a independent change, please do it in another patch.

>       if (ret != sizeof(len)) {
>           goto err;
>       }
>   
> +    if (s->vnet_hdr) {
> +        /*
> +         * If vnet_hdr = on, we send vnet header len to make other
> +         * module(like colo-compare) know how to parse net
> +         * packet correctly.
> +         */
> +        ssize_t vnet_hdr_len;
> +
> +        /*
> +         * In anytime, nf->netdev and nf->netdev->peer both have a vnet_hdr_len,
> +         * Here we just find out which is we need. When filter set RX or TX
> +         * that the real vnet_hdr_len are different.
> +         */

Let's remove the comment and let code explain itself.

> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;

This can only work if e.g virtio-net set its own vnet_hdr_len. But looks 
like it use guest_hdr_len instead.

And using NET_FILTER_DIRECTION_ALL looks suspicious. Maybe we should 
accept sender from its caller and compare it with nf->netdev to get the 
correct direction.

> +        } else if (nf->direction == NET_FILTER_DIRECTION_TX) {
> +            vnet_hdr_len = nf->netdev->peer->vnet_hdr_len;

This looks wrong, TX means the packet were sent from netdev, we should 
care nf->netdev's hdrlen.

> +        } else {
> +            return 0;
> +        }
> +
> +        len = htonl(vnet_hdr_len);
> +        ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, sizeof(len));
> +        if (ret != sizeof(len)) {
> +            goto err;
> +        }
> +    }
> +
>       buf = g_malloc(size);
>       iov_to_buf(iov, iovcnt, 0, buf, size);
> -    ret = qemu_chr_fe_write_all(chr_out, (uint8_t *)buf, size);
> +    ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)buf, size);
>       g_free(buf);
>       if (ret != size) {
>           goto err;
> @@ -141,7 +172,7 @@ static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
>       MirrorState *s = FILTER_MIRROR(nf);
>       int ret;
>   
> -    ret = filter_mirror_send(&s->chr_out, iov, iovcnt);
> +    ret = filter_mirror_send(s, iov, iovcnt);
>       if (ret) {
>           error_report("filter_mirror_send failed(%s)", strerror(-ret));
>       }
> @@ -164,7 +195,7 @@ static ssize_t filter_redirector_receive_iov(NetFilterState *nf,
>       int ret;
>   
>       if (qemu_chr_fe_get_driver(&s->chr_out)) {
> -        ret = filter_mirror_send(&s->chr_out, iov, iovcnt);
> +        ret = filter_mirror_send(s, iov, iovcnt);
>           if (ret) {
>               error_report("filter_mirror_send failed(%s)", strerror(-ret));
>           }
> @@ -308,6 +339,13 @@ static char *filter_mirror_get_outdev(Object *obj, Error **errp)
>       return g_strdup(s->outdev);
>   }
>   
> +static bool filter_mirror_get_vnet_hdr(Object *obj, Error **errp)
> +{
> +    MirrorState *s = FILTER_MIRROR(obj);
> +
> +    return s->vnet_hdr;
> +}
> +
>   static void
>   filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
>   {
> @@ -322,6 +360,15 @@ filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
>       }
>   }
>   
> +static void filter_mirror_set_vnet_hdr(Object *obj,
> +                                       bool value,
> +                                       Error **errp)
> +{
> +    MirrorState *s = FILTER_MIRROR(obj);
> +
> +    s->vnet_hdr = value;
> +}
> +
>   static char *filter_redirector_get_outdev(Object *obj, Error **errp)
>   {
>       MirrorState *s = FILTER_REDIRECTOR(obj);
> @@ -340,8 +387,20 @@ filter_redirector_set_outdev(Object *obj, const char *value, Error **errp)
>   
>   static void filter_mirror_init(Object *obj)
>   {
> +    MirrorState *s = FILTER_MIRROR(obj);
> +
>       object_property_add_str(obj, "outdev", filter_mirror_get_outdev,
>                               filter_mirror_set_outdev, NULL);
> +
> +    /*
> +     * The vnet_hdr is disabled by default, if you want to enable
> +     * this option, you must enable all the option on related modules
> +     * (like other filter or colo-compare).
> +     */

This comment makes sense for docs but is useless here, let code explain 
itself.

Thanks

> +    s->vnet_hdr = false;
> +    object_property_add_bool(obj, "vnet_hdr_support",
> +                             filter_mirror_get_vnet_hdr,
> +                             filter_mirror_set_vnet_hdr, NULL);
>   }
>   
>   static void filter_redirector_init(Object *obj)
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 70c0ded..5c09fae 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -4024,10 +4024,9 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter.
>   @option{tx}: the filter is attached to the transmit queue of the netdev,
>                where it will receive packets sent by the netdev.
>   
> -@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
> +@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support]
>   
> -filter-mirror on netdev @var{netdevid},mirror net packet to chardev
> -@var{chardevid}
> +filter-mirror on netdev @var{netdevid},mirror net packet to chardev@var{chardevid}, if have the vnet_hdr_support flag, filter-mirror will mirror packet with vnet_hdr_len.
>   
>   @item -object filter-redirector,id=@var{id},netdev=@var{netdevid},indev=@var{chardevid},
>   outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
Zhang Chen June 12, 2017, 9:27 a.m. UTC | #2
On 06/09/2017 02:08 PM, Jason Wang wrote:
>
>
> On 2017年06月07日 17:55, Zhang Chen wrote:
>> We add the vnet_hdr_support option for filter-mirror, default is 
>> disable.
>
> s/disable/disabled/
>
>> If you use virtio-net-pci net driver, please enable it.
>> You can use it for example:
>> -object 
>> filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0,vnet_hdr_support
>>
>> If have vnet_hdr_support flag,
>
> If it has
>
>>   we will change the send packet format from
>
> s/send/sending/
>
>> struct {int size; const uint8_t buf[];} to {int size; int 
>> vnet_hdr_len; const uint8_t buf[];}.
>> make other module(like colo-compare) know how to parse net packet 
>> correctly.
>
> Please double check the commit logs, some have obvious grammar issues.

OK, I will fix the garmmar issues.

>
>>
>> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> ---
>>   net/filter-mirror.c | 69 
>> +++++++++++++++++++++++++++++++++++++++++++++++++----
>>   qemu-options.hx     |  5 ++--
>>   2 files changed, 66 insertions(+), 8 deletions(-)
>>
>> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
>> index 72fa7c2..50aa81b 100644
>> --- a/net/filter-mirror.c
>> +++ b/net/filter-mirror.c
>> @@ -38,15 +38,17 @@ typedef struct MirrorState {
>>       NetFilterState parent_obj;
>>       char *indev;
>>       char *outdev;
>> +    bool vnet_hdr;
>>       CharBackend chr_in;
>>       CharBackend chr_out;
>>       SocketReadState rs;
>>   } MirrorState;
>>   -static int filter_mirror_send(CharBackend *chr_out,
>> +static int filter_mirror_send(MirrorState *s,
>>                                 const struct iovec *iov,
>>                                 int iovcnt)
>
> This function were renamed to filter_send in your commit 
> e05dc4cf56d70225fc76225a3fd7df9f7b8ca5f9 ("net/filter-mirror.c: Rename 
> filter_mirror_send() and fix codestyle")

I will rebase the code for upstream.

>
>>   {
>> +    NetFilterState *nf = NETFILTER(s);
>>       int ret = 0;
>>       ssize_t size = 0;
>>       uint32_t len = 0;
>> @@ -58,14 +60,43 @@ static int filter_mirror_send(CharBackend *chr_out,
>>       }
>>         len = htonl(size);
>> -    ret = qemu_chr_fe_write_all(chr_out, (uint8_t *)&len, sizeof(len));
>> +    ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, 
>> sizeof(len));
>
> This looks a independent change, please do it in another patch.

OK.

>
>>       if (ret != sizeof(len)) {
>>           goto err;
>>       }
>>   +    if (s->vnet_hdr) {
>> +        /*
>> +         * If vnet_hdr = on, we send vnet header len to make other
>> +         * module(like colo-compare) know how to parse net
>> +         * packet correctly.
>> +         */
>> +        ssize_t vnet_hdr_len;
>> +
>> +        /*
>> +         * In anytime, nf->netdev and nf->netdev->peer both have a 
>> vnet_hdr_len,
>> +         * Here we just find out which is we need. When filter set 
>> RX or TX
>> +         * that the real vnet_hdr_len are different.
>> +         */
>
> Let's remove the comment and let code explain itself.

I will remove it in next version.

>
>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>
> This can only work if e.g virtio-net set its own vnet_hdr_len. But 
> looks like it use guest_hdr_len instead.

I see in hw/net/virtio-net.c use the "qemu_set_vnet_hdr_len(nc->peer, 
n->guest_hdr_len);" to
set the nf->netdev->vnet_hdr_len, any case not include here?

>
> And using NET_FILTER_DIRECTION_ALL looks suspicious. Maybe we should 
> accept sender from its caller and compare it with nf->netdev to get 
> the correct direction.
>
>> +        } else if (nf->direction == NET_FILTER_DIRECTION_TX) {
>> +            vnet_hdr_len = nf->netdev->peer->vnet_hdr_len;
>
> This looks wrong, TX means the packet were sent from netdev, we should 
> care nf->netdev's hdrlen.

I rethink and test the code, you are right. I will remove it.

>
>> +        } else {
>> +            return 0;
>> +        }
>> +
>> +        len = htonl(vnet_hdr_len);
>> +        ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, 
>> sizeof(len));
>> +        if (ret != sizeof(len)) {
>> +            goto err;
>> +        }
>> +    }
>> +
>>       buf = g_malloc(size);
>>       iov_to_buf(iov, iovcnt, 0, buf, size);
>> -    ret = qemu_chr_fe_write_all(chr_out, (uint8_t *)buf, size);
>> +    ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)buf, size);
>>       g_free(buf);
>>       if (ret != size) {
>>           goto err;
>> @@ -141,7 +172,7 @@ static ssize_t 
>> filter_mirror_receive_iov(NetFilterState *nf,
>>       MirrorState *s = FILTER_MIRROR(nf);
>>       int ret;
>>   -    ret = filter_mirror_send(&s->chr_out, iov, iovcnt);
>> +    ret = filter_mirror_send(s, iov, iovcnt);
>>       if (ret) {
>>           error_report("filter_mirror_send failed(%s)", strerror(-ret));
>>       }
>> @@ -164,7 +195,7 @@ static ssize_t 
>> filter_redirector_receive_iov(NetFilterState *nf,
>>       int ret;
>>         if (qemu_chr_fe_get_driver(&s->chr_out)) {
>> -        ret = filter_mirror_send(&s->chr_out, iov, iovcnt);
>> +        ret = filter_mirror_send(s, iov, iovcnt);
>>           if (ret) {
>>               error_report("filter_mirror_send failed(%s)", 
>> strerror(-ret));
>>           }
>> @@ -308,6 +339,13 @@ static char *filter_mirror_get_outdev(Object 
>> *obj, Error **errp)
>>       return g_strdup(s->outdev);
>>   }
>>   +static bool filter_mirror_get_vnet_hdr(Object *obj, Error **errp)
>> +{
>> +    MirrorState *s = FILTER_MIRROR(obj);
>> +
>> +    return s->vnet_hdr;
>> +}
>> +
>>   static void
>>   filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
>>   {
>> @@ -322,6 +360,15 @@ filter_mirror_set_outdev(Object *obj, const char 
>> *value, Error **errp)
>>       }
>>   }
>>   +static void filter_mirror_set_vnet_hdr(Object *obj,
>> +                                       bool value,
>> +                                       Error **errp)
>> +{
>> +    MirrorState *s = FILTER_MIRROR(obj);
>> +
>> +    s->vnet_hdr = value;
>> +}
>> +
>>   static char *filter_redirector_get_outdev(Object *obj, Error **errp)
>>   {
>>       MirrorState *s = FILTER_REDIRECTOR(obj);
>> @@ -340,8 +387,20 @@ filter_redirector_set_outdev(Object *obj, const 
>> char *value, Error **errp)
>>     static void filter_mirror_init(Object *obj)
>>   {
>> +    MirrorState *s = FILTER_MIRROR(obj);
>> +
>>       object_property_add_str(obj, "outdev", filter_mirror_get_outdev,
>>                               filter_mirror_set_outdev, NULL);
>> +
>> +    /*
>> +     * The vnet_hdr is disabled by default, if you want to enable
>> +     * this option, you must enable all the option on related modules
>> +     * (like other filter or colo-compare).
>> +     */
>
> This comment makes sense for docs but is useless here, let code 
> explain itself.

OK.

Thanks
Zhang Chen

>
> Thanks
>
>> +    s->vnet_hdr = false;
>> +    object_property_add_bool(obj, "vnet_hdr_support",
>> +                             filter_mirror_get_vnet_hdr,
>> +                             filter_mirror_set_vnet_hdr, NULL);
>>   }
>>     static void filter_redirector_init(Object *obj)
>> diff --git a/qemu-options.hx b/qemu-options.hx
>> index 70c0ded..5c09fae 100644
>> --- a/qemu-options.hx
>> +++ b/qemu-options.hx
>> @@ -4024,10 +4024,9 @@ queue @var{all|rx|tx} is an option that can be 
>> applied to any netfilter.
>>   @option{tx}: the filter is attached to the transmit queue of the 
>> netdev,
>>                where it will receive packets sent by the netdev.
>>   -@item -object 
>> filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
>> +@item -object 
>> filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support]
>>   -filter-mirror on netdev @var{netdevid},mirror net packet to chardev
>> -@var{chardevid}
>> +filter-mirror on netdev @var{netdevid},mirror net packet to 
>> chardev@var{chardevid}, if have the vnet_hdr_support flag, 
>> filter-mirror will mirror packet with vnet_hdr_len.
>>     @item -object 
>> filter-redirector,id=@var{id},netdev=@var{netdevid},indev=@var{chardevid},
>>   outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
>
>
>
> .
>
Jason Wang June 13, 2017, 9:14 a.m. UTC | #3
On 2017年06月12日 17:27, Zhang Chen wrote:
>>
>>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>>
>> This can only work if e.g virtio-net set its own vnet_hdr_len. But 
>> looks like it use guest_hdr_len instead.
>
> I see in hw/net/virtio-net.c use the "qemu_set_vnet_hdr_len(nc->peer, 
> n->guest_hdr_len);" to
> set the nf->netdev->vnet_hdr_len, any case not include here? 

You mean:

         if (peer_has_vnet_hdr(n) &&
             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
             n->host_hdr_len = n->guest_hdr_len;
         }

?

 From the code, it only set peer's vnet header when peer supports 
vnet_hdr up to n->guest_hdr_len. If peer can't, virtio-net will strip 
the header.

Thanks
Zhang Chen June 14, 2017, 8:04 a.m. UTC | #4
On 06/13/2017 05:14 PM, Jason Wang wrote:
>
>
> On 2017年06月12日 17:27, Zhang Chen wrote:
>>>
>>>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>>>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>>>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>>>
>>> This can only work if e.g virtio-net set its own vnet_hdr_len. But 
>>> looks like it use guest_hdr_len instead.
>>
>> I see in hw/net/virtio-net.c use the "qemu_set_vnet_hdr_len(nc->peer, 
>> n->guest_hdr_len);" to
>> set the nf->netdev->vnet_hdr_len, any case not include here? 
>
> You mean:
>
>         if (peer_has_vnet_hdr(n) &&
>             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
>             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
>             n->host_hdr_len = n->guest_hdr_len;
>         }
>
> ?
>
> From the code, it only set peer's vnet header when peer supports 
> vnet_hdr up to n->guest_hdr_len. If peer can't, virtio-net will strip 
> the header.

So, We should get the n->guest_hdr_len in another way? like set a new 
parameter in NetClientState?
Any suggestion about it?

Thanks
Zhang Chen

>
> Thanks
>
>
>
Jason Wang June 15, 2017, 4:31 a.m. UTC | #5
On 2017年06月14日 16:04, Zhang Chen wrote:
>
>
> On 06/13/2017 05:14 PM, Jason Wang wrote:
>>
>>
>> On 2017年06月12日 17:27, Zhang Chen wrote:
>>>>
>>>>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>>>>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>>>>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>>>>
>>>> This can only work if e.g virtio-net set its own vnet_hdr_len. But 
>>>> looks like it use guest_hdr_len instead.
>>>
>>> I see in hw/net/virtio-net.c use the 
>>> "qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);" to
>>> set the nf->netdev->vnet_hdr_len, any case not include here? 
>>
>> You mean:
>>
>>         if (peer_has_vnet_hdr(n) &&
>>             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
>>             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
>>             n->host_hdr_len = n->guest_hdr_len;
>>         }
>>
>> ?
>>
>> From the code, it only set peer's vnet header when peer supports 
>> vnet_hdr up to n->guest_hdr_len. If peer can't, virtio-net will strip 
>> the header.
>
> So, We should get the n->guest_hdr_len in another way? like set a new 
> parameter in NetClientState?
> Any suggestion about it?
>
> Thanks
> Zhang Chen

Rethink about this, a question is do we really care guest vnet header 
len? During guest transmission, when packet reaches netfilter. The 
vnet_header should have been stripped to netdev->vnet_hdr_len.

I still think use nf->netdev->vnet_hdr_len is sufficient.

Thanks

>
>>
>> Thanks
>>
>>
>>
>
Zhang Chen June 15, 2017, 8:10 a.m. UTC | #6
On 06/15/2017 12:31 PM, Jason Wang wrote:
>
>
> On 2017年06月14日 16:04, Zhang Chen wrote:
>>
>>
>> On 06/13/2017 05:14 PM, Jason Wang wrote:
>>>
>>>
>>> On 2017年06月12日 17:27, Zhang Chen wrote:
>>>>>
>>>>>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>>>>>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>>>>>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>>>>>
>>>>> This can only work if e.g virtio-net set its own vnet_hdr_len. But 
>>>>> looks like it use guest_hdr_len instead.
>>>>
>>>> I see in hw/net/virtio-net.c use the 
>>>> "qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);" to
>>>> set the nf->netdev->vnet_hdr_len, any case not include here? 
>>>
>>> You mean:
>>>
>>>         if (peer_has_vnet_hdr(n) &&
>>>             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
>>>             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
>>>             n->host_hdr_len = n->guest_hdr_len;
>>>         }
>>>
>>> ?
>>>
>>> From the code, it only set peer's vnet header when peer supports 
>>> vnet_hdr up to n->guest_hdr_len. If peer can't, virtio-net will 
>>> strip the header.
>>
>> So, We should get the n->guest_hdr_len in another way? like set a new 
>> parameter in NetClientState?
>> Any suggestion about it?
>>
>> Thanks
>> Zhang Chen
>
> Rethink about this, a question is do we really care guest vnet header 
> len? During guest transmission, when packet reaches netfilter. The 
> vnet_header should have been stripped to netdev->vnet_hdr_len.

But we use filter-redirector send packet to colo-compare that get the 
packet with the vnet header.

That is colo-compare see:

1241@1497507100.108799:colo_compare_pkt_info_src src/dst: 192.168.4.144 
s: seq/ack=2181260317/2075177759 res=0 flags=18 spkt_size: 95

1241@1497507100.108803:colo_compare_pkt_info_dst src/dst: 192.168.4.88 
d: seq/ack=2181260317/2075177759 res=0 flags=18 dpkt_size: 95

colo-compare ppkt: 0000:  01 00 00 00  00 00 22 00  10 00 00 00  12 14 
fc 1d ......".........
colo-compare ppkt: 0010:  1a 6b 52 54  00 12 34 56  08 00 45 00  00 45 
12 61 .kRT..4V..E..E.a
colo-compare ppkt: 0020:  40 00 40 06  9e 19 c0 a8  04 90 c0 a8  04 58 
04 d2 @.@..........X..
colo-compare ppkt: 0030:  ca 98 82 03  64 1d 7b b0  b3 1f 80 18  00 e3 
8a 70 ....d.{........p
colo-compare ppkt: 0040:  00 00 01 01  08 0a 00 00  5b fa 00 4d  f1 aa 
73 65 ........[..M..se
colo-compare ppkt: 0050:  72 76 65 72  20 67 65 74  20 69 74 20  34 36 
38    rver get it 468
colo-compare spkt: 0000:  01 00 00 00  00 00 22 00  10 00 00 00  12 14 
fc 1d ......".........
colo-compare spkt: 0010:  1a 6b 52 54  00 12 34 56  08 00 45 00  00 45 
12 61 .kRT..4V..E..E.a
colo-compare spkt: 0020:  40 00 40 06  9e 19 c0 a8  04 90 c0 a8  04 58 
04 d2 @.@..........X..
colo-compare spkt: 0030:  ca 98 82 03  64 1d 7b b0  b3 1f 80 18  00 e3 
8a 70 ....d.{........p
colo-compare spkt: 0040:  00 00 01 01  08 0a 00 00  5c 02 00 4d  f1 aa 
73 65 ........\..M..se
colo-compare spkt: 0050:  72 76 65 72  20 67 65 74  20 69 74 20  34 36 
38    rver get it 468

So, colo-compare need to know the vnet_hdr_len for skip this field, then 
colo-compare
can parse the net packet correctly.
Back to this patch, how should I fix it?

Thanks
Zhang Chen


>
> I still think use nf->netdev->vnet_hdr_len is sufficient.
>
> Thanks
>
>>
>>>
>>> Thanks
>>>
>>>
>>>
>>
>
>
>
> .
>
Jason Wang June 16, 2017, 2:17 a.m. UTC | #7
On 2017年06月15日 16:10, Zhang Chen wrote:
>
>
> On 06/15/2017 12:31 PM, Jason Wang wrote:
>>
>>
>> On 2017年06月14日 16:04, Zhang Chen wrote:
>>>
>>>
>>> On 06/13/2017 05:14 PM, Jason Wang wrote:
>>>>
>>>>
>>>> On 2017年06月12日 17:27, Zhang Chen wrote:
>>>>>>
>>>>>>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>>>>>>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>>>>>>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>>>>>>
>>>>>> This can only work if e.g virtio-net set its own vnet_hdr_len. 
>>>>>> But looks like it use guest_hdr_len instead.
>>>>>
>>>>> I see in hw/net/virtio-net.c use the 
>>>>> "qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);" to
>>>>> set the nf->netdev->vnet_hdr_len, any case not include here? 
>>>>
>>>> You mean:
>>>>
>>>>         if (peer_has_vnet_hdr(n) &&
>>>>             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
>>>>             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
>>>>             n->host_hdr_len = n->guest_hdr_len;
>>>>         }
>>>>
>>>> ?
>>>>
>>>> From the code, it only set peer's vnet header when peer supports 
>>>> vnet_hdr up to n->guest_hdr_len. If peer can't, virtio-net will 
>>>> strip the header.
>>>
>>> So, We should get the n->guest_hdr_len in another way? like set a 
>>> new parameter in NetClientState?
>>> Any suggestion about it?
>>>
>>> Thanks
>>> Zhang Chen
>>
>> Rethink about this, a question is do we really care guest vnet header 
>> len? During guest transmission, when packet reaches netfilter. The 
>> vnet_header should have been stripped to netdev->vnet_hdr_len.
>
> But we use filter-redirector send packet to colo-compare that get the 
> packet with the vnet header.
>
> That is colo-compare see:
>
> 1241@1497507100.108799:colo_compare_pkt_info_src src/dst: 
> 192.168.4.144 s: seq/ack=2181260317/2075177759 res=0 flags=18 
> spkt_size: 95
>
> 1241@1497507100.108803:colo_compare_pkt_info_dst src/dst: 192.168.4.88 
> d: seq/ack=2181260317/2075177759 res=0 flags=18 dpkt_size: 95
>
> colo-compare ppkt: 0000:  01 00 00 00  00 00 22 00  10 00 00 00 12 14 
> fc 1d ......".........
> colo-compare ppkt: 0010:  1a 6b 52 54  00 12 34 56  08 00 45 00 00 45 
> 12 61 .kRT..4V..E..E.a
> colo-compare ppkt: 0020:  40 00 40 06  9e 19 c0 a8  04 90 c0 a8 04 58 
> 04 d2 @.@..........X..
> colo-compare ppkt: 0030:  ca 98 82 03  64 1d 7b b0  b3 1f 80 18 00 e3 
> 8a 70 ....d.{........p
> colo-compare ppkt: 0040:  00 00 01 01  08 0a 00 00  5b fa 00 4d f1 aa 
> 73 65 ........[..M..se
> colo-compare ppkt: 0050:  72 76 65 72  20 67 65 74  20 69 74 20 34 36 
> 38    rver get it 468
> colo-compare spkt: 0000:  01 00 00 00  00 00 22 00  10 00 00 00 12 14 
> fc 1d ......".........
> colo-compare spkt: 0010:  1a 6b 52 54  00 12 34 56  08 00 45 00 00 45 
> 12 61 .kRT..4V..E..E.a
> colo-compare spkt: 0020:  40 00 40 06  9e 19 c0 a8  04 90 c0 a8 04 58 
> 04 d2 @.@..........X..
> colo-compare spkt: 0030:  ca 98 82 03  64 1d 7b b0  b3 1f 80 18 00 e3 
> 8a 70 ....d.{........p
> colo-compare spkt: 0040:  00 00 01 01  08 0a 00 00  5c 02 00 4d f1 aa 
> 73 65 ........\..M..se
> colo-compare spkt: 0050:  72 76 65 72  20 67 65 74  20 69 74 20 34 36 
> 38    rver get it 468
>
> So, colo-compare need to know the vnet_hdr_len for skip this field, 
> then colo-compare
> can parse the net packet correctly.
> Back to this patch, how should I fix it?

Let me explain a little bit more. What I mean is that we should care 
only about the vnet header len of netdev instead of guest.

On RX direction (guest transmission). If you look at 
virtio_net_flush_tx(), before calling qemu_sendv_packet_async() where 
the packet can reach netfilers, virtio-net will copy only the parts that 
host is interested. So what we can see in e.g filter-mirror is netdev's 
vnet_hdr_len which is not guaranteed to be equal to guest hdr len.

On TX direction, the packet will reach netfilter before it reaches 
virtio-net backend, so the vnet header is also netdev's vnet_hdr_len.

Does this explain?

Thanks

>
> Thanks
> Zhang Chen
>
>
>>
>> I still think use nf->netdev->vnet_hdr_len is sufficient.
>>
>> Thanks
>>
>>>
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>> .
>>
>
Zhang Chen June 16, 2017, 8:36 a.m. UTC | #8
On 06/16/2017 10:17 AM, Jason Wang wrote:
>
>
> On 2017年06月15日 16:10, Zhang Chen wrote:
>>
>>
>> On 06/15/2017 12:31 PM, Jason Wang wrote:
>>>
>>>
>>> On 2017年06月14日 16:04, Zhang Chen wrote:
>>>>
>>>>
>>>> On 06/13/2017 05:14 PM, Jason Wang wrote:
>>>>>
>>>>>
>>>>> On 2017年06月12日 17:27, Zhang Chen wrote:
>>>>>>>
>>>>>>>> +        if (nf->direction == NET_FILTER_DIRECTION_RX ||
>>>>>>>> +            nf->direction == NET_FILTER_DIRECTION_ALL) {
>>>>>>>> +            vnet_hdr_len = nf->netdev->vnet_hdr_len;
>>>>>>>
>>>>>>> This can only work if e.g virtio-net set its own vnet_hdr_len. 
>>>>>>> But looks like it use guest_hdr_len instead.
>>>>>>
>>>>>> I see in hw/net/virtio-net.c use the 
>>>>>> "qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);" to
>>>>>> set the nf->netdev->vnet_hdr_len, any case not include here? 
>>>>>
>>>>> You mean:
>>>>>
>>>>>         if (peer_has_vnet_hdr(n) &&
>>>>>             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
>>>>>             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
>>>>>             n->host_hdr_len = n->guest_hdr_len;
>>>>>         }
>>>>>
>>>>> ?
>>>>>
>>>>> From the code, it only set peer's vnet header when peer supports 
>>>>> vnet_hdr up to n->guest_hdr_len. If peer can't, virtio-net will 
>>>>> strip the header.
>>>>
>>>> So, We should get the n->guest_hdr_len in another way? like set a 
>>>> new parameter in NetClientState?
>>>> Any suggestion about it?
>>>>
>>>> Thanks
>>>> Zhang Chen
>>>
>>> Rethink about this, a question is do we really care guest vnet 
>>> header len? During guest transmission, when packet reaches 
>>> netfilter. The vnet_header should have been stripped to 
>>> netdev->vnet_hdr_len.
>>
>> But we use filter-redirector send packet to colo-compare that get the 
>> packet with the vnet header.
>>
>> That is colo-compare see:
>>
>> 1241@1497507100.108799:colo_compare_pkt_info_src src/dst: 
>> 192.168.4.144 s: seq/ack=2181260317/2075177759 res=0 flags=18 
>> spkt_size: 95
>>
>> 1241@1497507100.108803:colo_compare_pkt_info_dst src/dst: 
>> 192.168.4.88 d: seq/ack=2181260317/2075177759 res=0 flags=18 
>> dpkt_size: 95
>>
>> colo-compare ppkt: 0000:  01 00 00 00  00 00 22 00  10 00 00 00 12 14 
>> fc 1d ......".........
>> colo-compare ppkt: 0010:  1a 6b 52 54  00 12 34 56  08 00 45 00 00 45 
>> 12 61 .kRT..4V..E..E.a
>> colo-compare ppkt: 0020:  40 00 40 06  9e 19 c0 a8  04 90 c0 a8 04 58 
>> 04 d2 @.@..........X..
>> colo-compare ppkt: 0030:  ca 98 82 03  64 1d 7b b0  b3 1f 80 18 00 e3 
>> 8a 70 ....d.{........p
>> colo-compare ppkt: 0040:  00 00 01 01  08 0a 00 00  5b fa 00 4d f1 aa 
>> 73 65 ........[..M..se
>> colo-compare ppkt: 0050:  72 76 65 72  20 67 65 74  20 69 74 20 34 36 
>> 38    rver get it 468
>> colo-compare spkt: 0000:  01 00 00 00  00 00 22 00  10 00 00 00 12 14 
>> fc 1d ......".........
>> colo-compare spkt: 0010:  1a 6b 52 54  00 12 34 56  08 00 45 00 00 45 
>> 12 61 .kRT..4V..E..E.a
>> colo-compare spkt: 0020:  40 00 40 06  9e 19 c0 a8  04 90 c0 a8 04 58 
>> 04 d2 @.@..........X..
>> colo-compare spkt: 0030:  ca 98 82 03  64 1d 7b b0  b3 1f 80 18 00 e3 
>> 8a 70 ....d.{........p
>> colo-compare spkt: 0040:  00 00 01 01  08 0a 00 00  5c 02 00 4d f1 aa 
>> 73 65 ........\..M..se
>> colo-compare spkt: 0050:  72 76 65 72  20 67 65 74  20 69 74 20 34 36 
>> 38    rver get it 468
>>
>> So, colo-compare need to know the vnet_hdr_len for skip this field, 
>> then colo-compare
>> can parse the net packet correctly.
>> Back to this patch, how should I fix it?
>
> Let me explain a little bit more. What I mean is that we should care 
> only about the vnet header len of netdev instead of guest.
>
> On RX direction (guest transmission). If you look at 
> virtio_net_flush_tx(), before calling qemu_sendv_packet_async() where 
> the packet can reach netfilers, virtio-net will copy only the parts 
> that host is interested. So what we can see in e.g filter-mirror is 
> netdev's vnet_hdr_len which is not guaranteed to be equal to guest hdr 
> len.
>

If I understand correctly, should I copy the n->needs_vnet_hdr_swap flag 
to NetClientState ?
Then, e.g filter-mirror can read the flag to decide the vnet_hdr_len 
value to send.


> On TX direction, the packet will reach netfilter before it reaches 
> virtio-net backend, so the vnet header is also netdev's vnet_hdr_len.
>
> Does this explain?

Make sense.

Thanks
Zhang Chen

>
>
> Thanks
>
>>
>> Thanks
>> Zhang Chen
>>
>>
>>>
>>> I still think use nf->netdev->vnet_hdr_len is sufficient.
>>>
>>> Thanks
>>>
>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> .
>>>
>>
>
>
>
> .
>
diff mbox

Patch

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 72fa7c2..50aa81b 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -38,15 +38,17 @@  typedef struct MirrorState {
     NetFilterState parent_obj;
     char *indev;
     char *outdev;
+    bool vnet_hdr;
     CharBackend chr_in;
     CharBackend chr_out;
     SocketReadState rs;
 } MirrorState;
 
-static int filter_mirror_send(CharBackend *chr_out,
+static int filter_mirror_send(MirrorState *s,
                               const struct iovec *iov,
                               int iovcnt)
 {
+    NetFilterState *nf = NETFILTER(s);
     int ret = 0;
     ssize_t size = 0;
     uint32_t len = 0;
@@ -58,14 +60,43 @@  static int filter_mirror_send(CharBackend *chr_out,
     }
 
     len = htonl(size);
-    ret = qemu_chr_fe_write_all(chr_out, (uint8_t *)&len, sizeof(len));
+    ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, sizeof(len));
     if (ret != sizeof(len)) {
         goto err;
     }
 
+    if (s->vnet_hdr) {
+        /*
+         * If vnet_hdr = on, we send vnet header len to make other
+         * module(like colo-compare) know how to parse net
+         * packet correctly.
+         */
+        ssize_t vnet_hdr_len;
+
+        /*
+         * In anytime, nf->netdev and nf->netdev->peer both have a vnet_hdr_len,
+         * Here we just find out which is we need. When filter set RX or TX
+         * that the real vnet_hdr_len are different.
+         */
+        if (nf->direction == NET_FILTER_DIRECTION_RX ||
+            nf->direction == NET_FILTER_DIRECTION_ALL) {
+            vnet_hdr_len = nf->netdev->vnet_hdr_len;
+        } else if (nf->direction == NET_FILTER_DIRECTION_TX) {
+            vnet_hdr_len = nf->netdev->peer->vnet_hdr_len;
+        } else {
+            return 0;
+        }
+
+        len = htonl(vnet_hdr_len);
+        ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, sizeof(len));
+        if (ret != sizeof(len)) {
+            goto err;
+        }
+    }
+
     buf = g_malloc(size);
     iov_to_buf(iov, iovcnt, 0, buf, size);
-    ret = qemu_chr_fe_write_all(chr_out, (uint8_t *)buf, size);
+    ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)buf, size);
     g_free(buf);
     if (ret != size) {
         goto err;
@@ -141,7 +172,7 @@  static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
     MirrorState *s = FILTER_MIRROR(nf);
     int ret;
 
-    ret = filter_mirror_send(&s->chr_out, iov, iovcnt);
+    ret = filter_mirror_send(s, iov, iovcnt);
     if (ret) {
         error_report("filter_mirror_send failed(%s)", strerror(-ret));
     }
@@ -164,7 +195,7 @@  static ssize_t filter_redirector_receive_iov(NetFilterState *nf,
     int ret;
 
     if (qemu_chr_fe_get_driver(&s->chr_out)) {
-        ret = filter_mirror_send(&s->chr_out, iov, iovcnt);
+        ret = filter_mirror_send(s, iov, iovcnt);
         if (ret) {
             error_report("filter_mirror_send failed(%s)", strerror(-ret));
         }
@@ -308,6 +339,13 @@  static char *filter_mirror_get_outdev(Object *obj, Error **errp)
     return g_strdup(s->outdev);
 }
 
+static bool filter_mirror_get_vnet_hdr(Object *obj, Error **errp)
+{
+    MirrorState *s = FILTER_MIRROR(obj);
+
+    return s->vnet_hdr;
+}
+
 static void
 filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
 {
@@ -322,6 +360,15 @@  filter_mirror_set_outdev(Object *obj, const char *value, Error **errp)
     }
 }
 
+static void filter_mirror_set_vnet_hdr(Object *obj,
+                                       bool value,
+                                       Error **errp)
+{
+    MirrorState *s = FILTER_MIRROR(obj);
+
+    s->vnet_hdr = value;
+}
+
 static char *filter_redirector_get_outdev(Object *obj, Error **errp)
 {
     MirrorState *s = FILTER_REDIRECTOR(obj);
@@ -340,8 +387,20 @@  filter_redirector_set_outdev(Object *obj, const char *value, Error **errp)
 
 static void filter_mirror_init(Object *obj)
 {
+    MirrorState *s = FILTER_MIRROR(obj);
+
     object_property_add_str(obj, "outdev", filter_mirror_get_outdev,
                             filter_mirror_set_outdev, NULL);
+
+    /*
+     * The vnet_hdr is disabled by default, if you want to enable
+     * this option, you must enable all the option on related modules
+     * (like other filter or colo-compare).
+     */
+    s->vnet_hdr = false;
+    object_property_add_bool(obj, "vnet_hdr_support",
+                             filter_mirror_get_vnet_hdr,
+                             filter_mirror_set_vnet_hdr, NULL);
 }
 
 static void filter_redirector_init(Object *obj)
diff --git a/qemu-options.hx b/qemu-options.hx
index 70c0ded..5c09fae 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4024,10 +4024,9 @@  queue @var{all|rx|tx} is an option that can be applied to any netfilter.
 @option{tx}: the filter is attached to the transmit queue of the netdev,
              where it will receive packets sent by the netdev.
 
-@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid}[,queue=@var{all|rx|tx}]
+@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support]
 
-filter-mirror on netdev @var{netdevid},mirror net packet to chardev
-@var{chardevid}
+filter-mirror on netdev @var{netdevid},mirror net packet to chardev@var{chardevid}, if have the vnet_hdr_support flag, filter-mirror will mirror packet with vnet_hdr_len.
 
 @item -object filter-redirector,id=@var{id},netdev=@var{netdevid},indev=@var{chardevid},
 outdev=@var{chardevid}[,queue=@var{all|rx|tx}]