diff mbox

[V2] net: awlays walk through filters reversely if traffic is outgress

Message ID 1453779972-22538-1-git-send-email-lizhijian@cn.fujitsu.com (mailing list archive)
State New, archived
Headers show

Commit Message

Li Zhijian Jan. 26, 2016, 3:46 a.m. UTC
Previously, if we attach more than filters for one netdev, IN/OUT traffic pass
through filters in the a same order.
ingress: netdev ->filter1 ->filter2 ->...filter[n] ->emulated device
outgress: emulated device ->filter1 ->filter2 ->...filter[n] ->netdev.

But some scenes, we hope filters handle the outgress traffic in a reverse order.
For example, in colo-proxy(will be implemented later), we have a redirector
filter and a colo-rewriter filter, we need the filter behavior like that:
ingress(->)/outgress(<-): <->redirector <->colo-rewriter <->emulated device

After this changes, outgress traffic always pass through filters in a reverse
order.

Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
---
 include/net/net.h |  4 +++-
 net/filter.c      | 21 +++++++++++++++++++--
 net/net.c         | 20 +++++++++++++++-----
 3 files changed, 37 insertions(+), 8 deletions(-)

Comments

Eric Blake Jan. 26, 2016, 3:55 a.m. UTC | #1
On 01/25/2016 08:46 PM, Li Zhijian wrote:

In the subject:

s/awlays/always/
s/reversely/in reverse/
s/outgress/egress/

> Previously, if we attach more than filters for one netdev, IN/OUT traffic pass
> through filters in the a same order.
> ingress: netdev ->filter1 ->filter2 ->...filter[n] ->emulated device
> outgress: emulated device ->filter1 ->filter2 ->...filter[n] ->netdev.

s/outgress/egress/

> 
> But some scenes, we hope filters handle the outgress traffic in a reverse order.
> For example, in colo-proxy(will be implemented later), we have a redirector

space before ( in English

> filter and a colo-rewriter filter, we need the filter behavior like that:
> ingress(->)/outgress(<-): <->redirector <->colo-rewriter <->emulated device
> 
> After this changes, outgress traffic always pass through filters in a reverse
> order.
> 
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
> ---
>  include/net/net.h |  4 +++-
>  net/filter.c      | 21 +++++++++++++++++++--
>  net/net.c         | 20 +++++++++++++++-----
>  3 files changed, 37 insertions(+), 8 deletions(-)
>
Yang Hongyang Jan. 26, 2016, 4:01 a.m. UTC | #2
On 01/26/2016 11:46 AM, Li Zhijian wrote:
> Previously, if we attach more than filters for one netdev, IN/OUT traffic pass
> through filters in the a same order.
> ingress: netdev ->filter1 ->filter2 ->...filter[n] ->emulated device
> outgress: emulated device ->filter1 ->filter2 ->...filter[n] ->netdev.
>
> But some scenes, we hope filters handle the outgress traffic in a reverse order.
> For example, in colo-proxy(will be implemented later), we have a redirector
> filter and a colo-rewriter filter, we need the filter behavior like that:
> ingress(->)/outgress(<-): <->redirector <->colo-rewriter <->emulated device
>
> After this changes, outgress traffic always pass through filters in a reverse
> order.
>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>

LGTM

Reviewed-by: Yang Hongyang <hongyang.yang@easystack.cn>

> ---
>   include/net/net.h |  4 +++-
>   net/filter.c      | 21 +++++++++++++++++++--
>   net/net.c         | 20 +++++++++++++++-----
>   3 files changed, 37 insertions(+), 8 deletions(-)
>
> diff --git a/include/net/net.h b/include/net/net.h
> index 7af3e15..1d807cc 100644
> --- a/include/net/net.h
> +++ b/include/net/net.h
> @@ -79,6 +79,8 @@ typedef struct NetClientInfo {
>       SetVnetBE *set_vnet_be;
>   } NetClientInfo;
>
> +QTAILQ_HEAD(NetFilterHead, NetFilterState);
> +
>   struct NetClientState {
>       NetClientInfo *info;
>       int link_down;
> @@ -92,7 +94,7 @@ struct NetClientState {
>       NetClientDestructor *destructor;
>       unsigned int queue_index;
>       unsigned rxfilter_notify_enabled:1;
> -    QTAILQ_HEAD(, NetFilterState) filters;
> +    struct NetFilterHead filters;
>   };
>
>   typedef struct NICState {
> diff --git a/net/filter.c b/net/filter.c
> index 5d90f83..17a8398 100644
> --- a/net/filter.c
> +++ b/net/filter.c
> @@ -34,6 +34,22 @@ ssize_t qemu_netfilter_receive(NetFilterState *nf,
>       return 0;
>   }
>
> +static NetFilterState *netfilter_next(NetFilterState *nf,
> +                                      NetFilterDirection dir)
> +{
> +    NetFilterState *next;
> +
> +    if (dir == NET_FILTER_DIRECTION_TX) {
> +        /* forward walk through filters */
> +        next = QTAILQ_NEXT(nf, next);
> +    } else {
> +        /* reverse order */
> +        next = QTAILQ_PREV(nf, NetFilterHead, next);
> +    }
> +
> +    return next;
> +}
> +
>   ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
>                                       unsigned flags,
>                                       const struct iovec *iov,
> @@ -43,7 +59,7 @@ ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
>       int ret = 0;
>       int direction;
>       NetFilterState *nf = opaque;
> -    NetFilterState *next = QTAILQ_NEXT(nf, next);
> +    NetFilterState *next = NULL;
>
>       if (!sender || !sender->peer) {
>           /* no receiver, or sender been deleted, no need to pass it further */
> @@ -61,6 +77,7 @@ ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
>           direction = nf->direction;
>       }
>
> +    next = netfilter_next(nf, direction);
>       while (next) {
>           /*
>            * if qemu_netfilter_pass_to_next been called, means that
> @@ -73,7 +90,7 @@ ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
>           if (ret) {
>               return ret;
>           }
> -        next = QTAILQ_NEXT(next, next);
> +        next = netfilter_next(next, direction);
>       }
>
>       /*
> diff --git a/net/net.c b/net/net.c
> index 87dd356..c929c41 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -580,11 +580,21 @@ static ssize_t filter_receive_iov(NetClientState *nc,
>       ssize_t ret = 0;
>       NetFilterState *nf = NULL;
>
> -    QTAILQ_FOREACH(nf, &nc->filters, next) {
> -        ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
> -                                     iovcnt, sent_cb);
> -        if (ret) {
> -            return ret;
> +    if (direction == NET_FILTER_DIRECTION_TX) {
> +        QTAILQ_FOREACH(nf, &nc->filters, next) {
> +            ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
> +                                         iovcnt, sent_cb);
> +            if (ret) {
> +                return ret;
> +            }
> +        }
> +    } else {
> +        QTAILQ_FOREACH_REVERSE(nf, &nc->filters, NetFilterHead, next) {
> +            ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
> +                                         iovcnt, sent_cb);
> +            if (ret) {
> +                return ret;
> +            }
>           }
>       }
>
>
diff mbox

Patch

diff --git a/include/net/net.h b/include/net/net.h
index 7af3e15..1d807cc 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -79,6 +79,8 @@  typedef struct NetClientInfo {
     SetVnetBE *set_vnet_be;
 } NetClientInfo;
 
+QTAILQ_HEAD(NetFilterHead, NetFilterState);
+
 struct NetClientState {
     NetClientInfo *info;
     int link_down;
@@ -92,7 +94,7 @@  struct NetClientState {
     NetClientDestructor *destructor;
     unsigned int queue_index;
     unsigned rxfilter_notify_enabled:1;
-    QTAILQ_HEAD(, NetFilterState) filters;
+    struct NetFilterHead filters;
 };
 
 typedef struct NICState {
diff --git a/net/filter.c b/net/filter.c
index 5d90f83..17a8398 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -34,6 +34,22 @@  ssize_t qemu_netfilter_receive(NetFilterState *nf,
     return 0;
 }
 
+static NetFilterState *netfilter_next(NetFilterState *nf,
+                                      NetFilterDirection dir)
+{
+    NetFilterState *next;
+
+    if (dir == NET_FILTER_DIRECTION_TX) {
+        /* forward walk through filters */
+        next = QTAILQ_NEXT(nf, next);
+    } else {
+        /* reverse order */
+        next = QTAILQ_PREV(nf, NetFilterHead, next);
+    }
+
+    return next;
+}
+
 ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
                                     unsigned flags,
                                     const struct iovec *iov,
@@ -43,7 +59,7 @@  ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
     int ret = 0;
     int direction;
     NetFilterState *nf = opaque;
-    NetFilterState *next = QTAILQ_NEXT(nf, next);
+    NetFilterState *next = NULL;
 
     if (!sender || !sender->peer) {
         /* no receiver, or sender been deleted, no need to pass it further */
@@ -61,6 +77,7 @@  ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
         direction = nf->direction;
     }
 
+    next = netfilter_next(nf, direction);
     while (next) {
         /*
          * if qemu_netfilter_pass_to_next been called, means that
@@ -73,7 +90,7 @@  ssize_t qemu_netfilter_pass_to_next(NetClientState *sender,
         if (ret) {
             return ret;
         }
-        next = QTAILQ_NEXT(next, next);
+        next = netfilter_next(next, direction);
     }
 
     /*
diff --git a/net/net.c b/net/net.c
index 87dd356..c929c41 100644
--- a/net/net.c
+++ b/net/net.c
@@ -580,11 +580,21 @@  static ssize_t filter_receive_iov(NetClientState *nc,
     ssize_t ret = 0;
     NetFilterState *nf = NULL;
 
-    QTAILQ_FOREACH(nf, &nc->filters, next) {
-        ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
-                                     iovcnt, sent_cb);
-        if (ret) {
-            return ret;
+    if (direction == NET_FILTER_DIRECTION_TX) {
+        QTAILQ_FOREACH(nf, &nc->filters, next) {
+            ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
+                                         iovcnt, sent_cb);
+            if (ret) {
+                return ret;
+            }
+        }
+    } else {
+        QTAILQ_FOREACH_REVERSE(nf, &nc->filters, NetFilterHead, next) {
+            ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
+                                         iovcnt, sent_cb);
+            if (ret) {
+                return ret;
+            }
         }
     }