netfilter: hook packets before net queue send (e64c770d) · Commits · SUMMER2020 / students / proj-2021291

include/net/filter.h

+8 −0

Original line number	Diff line number	Diff line
		@@ -58,4 +58,12 @@ struct NetFilterState {
		QTAILQ_ENTRY(NetFilterState) next;
		};

		ssize_t qemu_netfilter_receive(NetFilterState *nf,
		NetFilterDirection direction,
		NetClientState *sender,
		unsigned flags,
		const struct iovec *iov,
		int iovcnt,
		NetPacketSent *sent_cb);

		#endif /* QEMU_NET_FILTER_H */

net/filter.c

+17 −0

Original line number	Diff line number	Diff line
		@@ -15,6 +15,23 @@
		#include "net/vhost_net.h"
		#include "qom/object_interfaces.h"

		ssize_t qemu_netfilter_receive(NetFilterState *nf,
		NetFilterDirection direction,
		NetClientState *sender,
		unsigned flags,
		const struct iovec *iov,
		int iovcnt,
		NetPacketSent *sent_cb)
		{
		if (nf->direction == direction \|\|
		nf->direction == NET_FILTER_DIRECTION_ALL) {
		return NETFILTER_GET_CLASS(OBJECT(nf))->receive_iov(
		nf, sender, flags, iov, iovcnt, sent_cb);
		}

		return 0;
		}

		static char netfilter_get_netdev_id(Object obj, Error **errp)
		{
		NetFilterState *nf = NETFILTER(obj);

net/net.c

+66 −0

Original line number	Diff line number	Diff line
		@@ -561,6 +561,44 @@ int qemu_can_send_packet(NetClientState *sender)
		return 1;
		}

		static ssize_t filter_receive_iov(NetClientState *nc,
		NetFilterDirection direction,
		NetClientState *sender,
		unsigned flags,
		const struct iovec *iov,
		int iovcnt,
		NetPacketSent *sent_cb)
		{
		ssize_t ret = 0;
		NetFilterState *nf = NULL;

		QTAILQ_FOREACH(nf, &nc->filters, next) {
		ret = qemu_netfilter_receive(nf, direction, sender, flags, iov,
		iovcnt, sent_cb);
		if (ret) {
		return ret;
		}
		}

		return ret;
		}

		static ssize_t filter_receive(NetClientState *nc,
		NetFilterDirection direction,
		NetClientState *sender,
		unsigned flags,
		const uint8_t *data,
		size_t size,
		NetPacketSent *sent_cb)
		{
		struct iovec iov = {
		.iov_base = (void *)data,
		.iov_len = size
		};

		return filter_receive_iov(nc, direction, sender, flags, &iov, 1, sent_cb);
		}

		ssize_t qemu_deliver_packet(NetClientState *sender,
		unsigned flags,
		const uint8_t *data,
		@@ -632,6 +670,7 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
		NetPacketSent *sent_cb)
		{
		NetQueue *queue;
		int ret;

		#ifdef DEBUG_NET
		printf("qemu_send_packet_async:\n");
		@@ -642,6 +681,19 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
		return size;
		}

		/* Let filters handle the packet first */
		ret = filter_receive(sender, NET_FILTER_DIRECTION_TX,
		sender, flags, buf, size, sent_cb);
		if (ret) {
		return ret;
		}

		ret = filter_receive(sender->peer, NET_FILTER_DIRECTION_RX,
		sender, flags, buf, size, sent_cb);
		if (ret) {
		return ret;
		}

		queue = sender->peer->incoming_queue;

		return qemu_net_queue_send(queue, sender, flags, buf, size, sent_cb);
		@@ -712,11 +764,25 @@ ssize_t qemu_sendv_packet_async(NetClientState *sender,
		NetPacketSent *sent_cb)
		{
		NetQueue *queue;
		int ret;

		if (sender->link_down \|\| !sender->peer) {
		return iov_size(iov, iovcnt);
		}

		/* Let filters handle the packet first */
		ret = filter_receive_iov(sender, NET_FILTER_DIRECTION_TX, sender,
		QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt, sent_cb);
		if (ret) {
		return ret;
		}

		ret = filter_receive_iov(sender->peer, NET_FILTER_DIRECTION_RX, sender,
		QEMU_NET_PACKET_FLAG_NONE, iov, iovcnt, sent_cb);
		if (ret) {
		return ret;
		}

		queue = sender->peer->incoming_queue;

		return qemu_net_queue_send_iov(queue, sender,