[Qemu-devel] [RFC PATCH V2 0/3] filter-rewriter: introduce filter-rewriter

[Qemu-devel] [RFC PATCH V2 0/3] filter-rewriter: introduce filter-rewriter

[Zhang Chen]

Filter-rewriter is a part of COLO project.
So this patch set depend on colo-compare.
It will rewrite some of secondary packet to make
secondary guest's connection established successfully.


v2:
  - add more comments about packet flows
  - add some trace-event
  - add seq offset ( = secondary_seq - primary_seq)

v1:
  - initial patch


Zhang Chen (3):
  filter-rewriter: introduce filter-rewriter initialization
  filter-rewriter: track connection and parse packet
  filter-rewriter: rewrite tcp packet to keep secondary connection

 net/Makefile.objs     |   1 +
 net/colo-base.h       |   2 +
 net/filter-rewriter.c | 270 ++++++++++++++++++++++++++++++++++++++++++++++++++
 qemu-options.hx       |  10 ++
 trace-events          |   5 +
 vl.c                  |   3 +-
 6 files changed, 290 insertions(+), 1 deletion(-)
 create mode 100644 net/filter-rewriter.c

-- 
2.7.4

[Qemu-devel] [RFC PATCH V2 1/3] filter-rewriter: introduce filter-rewriter initialization

[Zhang Chen]

Filter-rewriter is a part of COLO project.
It will rewrite some of secondary packet to make
secondary guest's connection established successfully.

usage:

colo secondary:
-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
-object filter-rewriter,id=rew0,netdev=hn0,queue=all

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
---
 net/Makefile.objs     |   1 +
 net/filter-rewriter.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++
 qemu-options.hx       |  10 +++++
 vl.c                  |   3 +-
 4 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 net/filter-rewriter.c

diff --git a/net/Makefile.objs b/net/Makefile.objs
index 119589f..645bd10 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -18,3 +18,4 @@ common-obj-y += filter-buffer.o
 common-obj-y += filter-mirror.o
 common-obj-y += colo-compare.o
 common-obj-y += colo-base.o
+common-obj-y += filter-rewriter.o
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
new file mode 100644
index 0000000..08b015d
--- /dev/null
+++ b/net/filter-rewriter.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "net/colo-base.h"
+#include "net/filter.h"
+#include "net/net.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi-visit.h"
+#include "qom/object.h"
+#include "qemu/main-loop.h"
+#include "qemu/iov.h"
+#include "net/checksum.h"
+
+#define FILTER_COLO_REWRITER(obj) \
+    OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
+
+#define TYPE_FILTER_REWRITER "filter-rewriter"
+
+enum {
+    PRIMARY = 0,
+    SECONDARY,
+};
+
+typedef struct RewriterState {
+    NetFilterState parent_obj;
+    /* connection list: the connections belonged to this NIC could be found
+     * in this list.
+     * element type: Connection
+     */
+    GQueue conn_list;
+    NetQueue *incoming_queue;
+    /* to protect conn_list */
+    QemuMutex conn_list_lock;
+    /* hashtable to save connection */
+    GHashTable *connection_track_table;
+    /* to save unprocessed_connections */
+    GQueue unprocessed_connections;
+    /* current hash size */
+    uint32_t hashtable_size;
+} RewriterState;
+
+static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
+                                         NetClientState *sender,
+                                         unsigned flags,
+                                         const struct iovec *iov,
+                                         int iovcnt,
+                                         NetPacketSent *sent_cb)
+{
+    /*
+     * if we get tcp packet
+     * we will rewrite it to make secondary guest's
+     * connection established successfully
+     */
+    return 0;
+}
+
+static void colo_rewriter_cleanup(NetFilterState *nf)
+{
+    RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+    qemu_mutex_destroy(&s->conn_list_lock);
+    g_queue_free(&s->conn_list);
+}
+
+static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
+{
+    RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+    g_queue_init(&s->conn_list);
+    qemu_mutex_init(&s->conn_list_lock);
+    s->hashtable_size = 0;
+
+    s->connection_track_table = g_hash_table_new_full(connection_key_hash,
+                                                      connection_key_equal,
+                                                      g_free,
+                                                      connection_destroy);
+    s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
+}
+
+static void colo_rewriter_class_init(ObjectClass *oc, void *data)
+{
+    NetFilterClass *nfc = NETFILTER_CLASS(oc);
+
+    nfc->setup = colo_rewriter_setup;
+    nfc->cleanup = colo_rewriter_cleanup;
+    nfc->receive_iov = colo_rewriter_receive_iov;
+}
+
+static const TypeInfo colo_rewriter_info = {
+    .name = TYPE_FILTER_REWRITER,
+    .parent = TYPE_NETFILTER,
+    .class_init = colo_rewriter_class_init,
+    .instance_size = sizeof(RewriterState),
+};
+
+static void register_types(void)
+{
+    type_register_static(&colo_rewriter_info);
+}
+
+type_init(register_types);
diff --git a/qemu-options.hx b/qemu-options.hx
index 14bade5..d7ab165 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3859,6 +3859,16 @@ Create a filter-redirector we need to differ outdev id from indev id, id can not
 be the same. we can just use indev or outdev, but at least one of indev or outdev
 need to be specified.
 
+@item -object filter-rewriter,id=@var{id},netdev=@var{netdevid},rewriter-mode=@var{mode}[,queue=@var{all|rx|tx}]
+
+Filter-rewriter is a part of COLO project.It will rewrite some of secondary packet.
+
+usage:
+colo secondary:
+-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
+-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
+-object filter-rewriter,id=rew0,netdev=hn0,queue=all
+
 @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
 
 Dump the network traffic on netdev @var{dev} to the file specified by
diff --git a/vl.c b/vl.c
index c6b9a6f..b47be6a 100644
--- a/vl.c
+++ b/vl.c
@@ -2866,7 +2866,8 @@ static bool object_create_initial(const char *type)
         g_str_equal(type, "filter-dump") ||
         g_str_equal(type, "filter-mirror") ||
         g_str_equal(type, "filter-redirector") ||
-        g_str_equal(type, "colo-compare")) {
+        g_str_equal(type, "colo-compare") ||
+        g_str_equal(type, "filter-rewriter")) {
         return false;
     }
 
-- 
2.7.4

[Qemu-devel] [RFC PATCH V2 2/3] filter-rewriter: track connection and parse packet

[Zhang Chen]

We use colo-base.h to track connection and parse packet

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
---
 net/filter-rewriter.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
index 08b015d..c38ab24 100644
--- a/net/filter-rewriter.c
+++ b/net/filter-rewriter.c
@@ -50,6 +50,20 @@ typedef struct RewriterState {
     uint32_t hashtable_size;
 } RewriterState;
 
+/*
+ * Return 1 on success, if return 0 means the pkt
+ * is not TCP packet
+ */
+static int is_tcp_packet(Packet *pkt)
+{
+    if (!parse_packet_early(pkt) &&
+        pkt->ip->ip_p == IPPROTO_TCP) {
+        return 1;
+    } else {
+        return 0;
+    }
+}
+
 static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
                                          NetClientState *sender,
                                          unsigned flags,
@@ -57,11 +71,49 @@ static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
                                          int iovcnt,
                                          NetPacketSent *sent_cb)
 {
+    RewriterState *s = FILTER_COLO_REWRITER(nf);
+    Connection *conn;
+    ConnectionKey key = {{ 0 } };
+    Packet *pkt;
+    ssize_t size = iov_size(iov, iovcnt);
+    char *buf = g_malloc0(size);
+
+    iov_to_buf(iov, iovcnt, 0, buf, size);
+    pkt = packet_new(buf, size);
+
     /*
      * if we get tcp packet
      * we will rewrite it to make secondary guest's
      * connection established successfully
      */
+    if (is_tcp_packet(pkt)) {
+        if (sender == nf->netdev) {
+            fill_connection_key(pkt, &key, SECONDARY);
+        } else {
+            fill_connection_key(pkt, &key, PRIMARY);
+        }
+
+        conn = connection_get(s->connection_track_table,
+                              &key,
+                              &s->hashtable_size);
+        if (!conn->processing) {
+            qemu_mutex_lock(&s->conn_list_lock);
+            g_queue_push_tail(&s->conn_list, conn);
+            qemu_mutex_unlock(&s->conn_list_lock);
+            conn->processing = true;
+        }
+
+        if (sender == nf->netdev) {
+            /* NET_FILTER_DIRECTION_TX */
+            /* handle_primary_tcp_pkt */
+        } else {
+            /* NET_FILTER_DIRECTION_RX */
+            /* handle_secondary_tcp_pkt */
+        }
+    }
+
+    packet_destroy(pkt, NULL);
+    pkt = NULL;
     return 0;
 }
 
-- 
2.7.4

[Qemu-devel] [RFC PATCH V2 3/3] filter-rewriter: rewrite tcp packet to keep secondary connection

[Zhang Chen]

We will rewrite tcp packet secondary received and sent.
When colo guest is a tcp server.

Firstly, client start a tcp handshake. the packet's seq=client_seq,
ack=0,flag=SYN. COLO primary guest get this pkt and mirror(filter-mirror)
to secondary guest, secondary get it use filter-redirector.
Then,primary guest response pkt
(seq=primary_seq,ack=client_seq+1,flag=ACK|SYN).
secondary guest response pkt
(seq=secondary_seq,ack=client_seq+1,flag=ACK|SYN).
In here,we use filter-rewriter save the secondary_seq to it's tcp connection.
Finally handshake,client send pkt
(seq=client_seq+1,ack=primary_seq+1,flag=ACK).
Here,filter-rewriter can get primary_seq, and rewrite ack from primary_seq+1
to secondary_seq+1, recalculate checksum. So the secondary tcp connection
kept good.

When we send/recv packet.
client send pkt(seq=client_seq+1+data_len,ack=primary_seq+1,flag=ACK|PSH).
filter-rewriter rewrite ack and send to secondary guest.

primary guest response pkt
(seq=primary_seq+1,ack=client_seq+1+data_len,flag=ACK)
secondary guest response pkt
(seq=secondary_seq+1,ack=client_seq+1+data_len,flag=ACK)
we rewrite secondary guest seq from secondary_seq+1 to primary_seq+1.
So tcp connection kept good.

In code We use offset( = secondary_seq - primary_seq )
to rewrite seq or ack.
handle_primary_tcp_pkt: tcp_pkt->th_ack += offset;
handle_secondary_tcp_pkt: tcp_pkt->th_seq -= offset;

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
---
 net/colo-base.h       |   2 +
 net/filter-rewriter.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++-
 trace-events          |   5 +++
 3 files changed, 115 insertions(+), 2 deletions(-)

diff --git a/net/colo-base.h b/net/colo-base.h
index 62460c5..7b32648 100644
--- a/net/colo-base.h
+++ b/net/colo-base.h
@@ -71,6 +71,8 @@ typedef struct Connection {
     uint8_t ip_proto;
     /* be used by filter-rewriter */
     colo_conn_state state;
+    /* offset = secondary_seq - primary_seq */
+    tcp_seq  offset;
 } Connection;
 
 uint32_t connection_key_hash(const void *opaque);
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
index c38ab24..9f63c75 100644
--- a/net/filter-rewriter.c
+++ b/net/filter-rewriter.c
@@ -21,6 +21,7 @@
 #include "qemu/main-loop.h"
 #include "qemu/iov.h"
 #include "net/checksum.h"
+#include "trace.h"
 
 #define FILTER_COLO_REWRITER(obj) \
     OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
@@ -64,6 +65,91 @@ static int is_tcp_packet(Packet *pkt)
     }
 }
 
+/* handle tcp packet from primary guest */
+static int handle_primary_tcp_pkt(NetFilterState *nf,
+                                  Connection *conn,
+                                  Packet *pkt)
+{
+    struct tcphdr *tcp_pkt;
+    static int syn_flag;
+
+    tcp_pkt = (struct tcphdr *)pkt->transport_layer;
+    if (trace_event_get_state(TRACE_COLO_FILTER_REWRITER_DEBUG)) {
+        char *sdebug, *ddebug;
+        sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
+        ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
+        trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
+                    ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
+                    tcp_pkt->th_flags);
+        trace_colo_filter_rewriter_conn_offset(conn->offset);
+        g_free(sdebug);
+        g_free(ddebug);
+    }
+
+    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_SYN)) {
+        /*
+         * this flag update offset func run oncs
+         * in independent tcp connection
+         */
+        syn_flag = 1;
+    }
+
+    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_ACK)) {
+        if (syn_flag) {
+            /* offset = secondary_seq - primary seq */
+            conn->offset -= (ntohl(tcp_pkt->th_ack));
+            syn_flag = 0;
+
+        }
+        /* handle packets to the secondary from the primary */
+        tcp_pkt->th_ack = htonl(ntohl(tcp_pkt->th_ack) + conn->offset + 1);
+
+        net_checksum_calculate((uint8_t *)pkt->data, pkt->size);
+    }
+
+    return 0;
+}
+
+/* handle tcp packet from secondary guest */
+static int handle_secondary_tcp_pkt(NetFilterState *nf,
+                                    Connection *conn,
+                                    Packet *pkt)
+{
+    struct tcphdr *tcp_pkt;
+
+    tcp_pkt = (struct tcphdr *)pkt->transport_layer;
+
+    if (trace_event_get_state(TRACE_COLO_FILTER_REWRITER_DEBUG)) {
+        char *sdebug, *ddebug;
+        sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
+        ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
+        trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
+                    ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
+                    tcp_pkt->th_flags);
+        trace_colo_filter_rewriter_conn_offset(conn->offset);
+        g_free(sdebug);
+        g_free(ddebug);
+    }
+
+    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == (TH_ACK | TH_SYN))) {
+        /*
+         * save offset = secondary_seq and then
+         * in handle_primary_tcp_pkt make offset
+         * = secondary_seq - primary_seq
+         */
+        conn->offset = ntohl(tcp_pkt->th_seq);
+    }
+
+    if ((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_ACK) {
+        /* handle packets to the primary from the secondary*/
+        tcp_pkt->th_seq = htonl(ntohl(tcp_pkt->th_seq) - conn->offset - 1);
+
+        net_checksum_calculate((uint8_t *)pkt->data, pkt->size);
+    }
+
+    return 0;
+}
+
 static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
                                          NetClientState *sender,
                                          unsigned flags,
@@ -105,10 +191,30 @@ static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
 
         if (sender == nf->netdev) {
             /* NET_FILTER_DIRECTION_TX */
-            /* handle_primary_tcp_pkt */
+            if (!handle_primary_tcp_pkt(nf, conn, pkt)) {
+                qemu_net_queue_send(s->incoming_queue, sender, 0,
+                (const uint8_t *)pkt->data, pkt->size, NULL);
+                packet_destroy(pkt, NULL);
+                pkt = NULL;
+                /*
+                 * We block the packet here,after rewrite pkt
+                 * and will send it
+                 */
+                return 1;
+            }
         } else {
             /* NET_FILTER_DIRECTION_RX */
-            /* handle_secondary_tcp_pkt */
+            if (!handle_secondary_tcp_pkt(nf, conn, pkt)) {
+                qemu_net_queue_send(s->incoming_queue, sender, 0,
+                (const uint8_t *)pkt->data, pkt->size, NULL);
+                packet_destroy(pkt, NULL);
+                pkt = NULL;
+                /*
+                 * We block the packet here,after rewrite pkt
+                 * and will send it
+                 */
+                return 1;
+            }
         }
     }
 
diff --git a/trace-events b/trace-events
index 6686cdf..5ac56f6 100644
--- a/trace-events
+++ b/trace-events
@@ -1927,3 +1927,8 @@ colo_compare_icmp_miscompare_mtu(const char *sta, int size) ": %s  %d"
 colo_compare_ip_info(int psize, const char *sta, const char *stb, int ssize, const char *stc, const char *std) "ppkt size = %d, ip_src = %s, ip_dst = %s, spkt size = %d, ip_src = %s, ip_dst = %s"
 colo_old_packet_check_found(int64_t old_time) "%" PRId64
 colo_compare_miscompare(void) ""
+
+# net/filter-rewriter.c
+colo_filter_rewriter_debug(void) ""
+colo_filter_rewriter_pkt_info(const char *func, const char *src, const char *dst, uint32_t seq, uint32_t ack, uint32_t flag) "%s: src/dst: %s/%s p: seq/ack=%u/%u  flags=%x\n"
+colo_filter_rewriter_conn_offset(uint32_t offset) ": offset=%u\n"
-- 
2.7.4

Re: [Qemu-devel] [RFC PATCH V2 1/3] filter-rewriter: introduce filter-rewriter initialization

[Jason Wang]

On 2016年07月02日 14:22, Zhang Chen wrote:
> Filter-rewriter is a part of COLO project.
> It will rewrite some of secondary packet to make
> secondary guest's connection established successfully.

Probably need to be more verbose here. E.g we only care about tcp and 
only rewrite ack now.

>
> usage:
>
> colo secondary:
> -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
> -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
> -object filter-rewriter,id=rew0,netdev=hn0,queue=all
>
> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> ---
>   net/Makefile.objs     |   1 +
>   net/filter-rewriter.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++
>   qemu-options.hx       |  10 +++++
>   vl.c                  |   3 +-
>   4 files changed, 125 insertions(+), 1 deletion(-)
>   create mode 100644 net/filter-rewriter.c
>
> diff --git a/net/Makefile.objs b/net/Makefile.objs
> index 119589f..645bd10 100644
> --- a/net/Makefile.objs
> +++ b/net/Makefile.objs
> @@ -18,3 +18,4 @@ common-obj-y += filter-buffer.o
>   common-obj-y += filter-mirror.o
>   common-obj-y += colo-compare.o
>   common-obj-y += colo-base.o
> +common-obj-y += filter-rewriter.o
> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
> new file mode 100644
> index 0000000..08b015d
> --- /dev/null
> +++ b/net/filter-rewriter.c
> @@ -0,0 +1,112 @@
> +/*
> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
> + * Copyright (c) 2016 FUJITSU LIMITED
> + * Copyright (c) 2016 Intel Corporation
> + *
> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later.  See the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "net/colo-base.h"
> +#include "net/filter.h"
> +#include "net/net.h"
> +#include "qemu-common.h"
> +#include "qapi/error.h"
> +#include "qapi/qmp/qerror.h"
> +#include "qapi-visit.h"
> +#include "qom/object.h"
> +#include "qemu/main-loop.h"
> +#include "qemu/iov.h"
> +#include "net/checksum.h"
> +
> +#define FILTER_COLO_REWRITER(obj) \
> +    OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
> +
> +#define TYPE_FILTER_REWRITER "filter-rewriter"
> +
> +enum {
> +    PRIMARY = 0,
> +    SECONDARY,
> +};
> +
> +typedef struct RewriterState {
> +    NetFilterState parent_obj;
> +    /* connection list: the connections belonged to this NIC could be found
> +     * in this list.
> +     * element type: Connection
> +     */
> +    GQueue conn_list;
> +    NetQueue *incoming_queue;
> +    /* to protect conn_list */
> +    QemuMutex conn_list_lock;
> +    /* hashtable to save connection */
> +    GHashTable *connection_track_table;
> +    /* to save unprocessed_connections */
> +    GQueue unprocessed_connections;
> +    /* current hash size */
> +    uint32_t hashtable_size;
> +} RewriterState;
> +
> +static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
> +                                         NetClientState *sender,
> +                                         unsigned flags,
> +                                         const struct iovec *iov,
> +                                         int iovcnt,
> +                                         NetPacketSent *sent_cb)
> +{
> +    /*
> +     * if we get tcp packet
> +     * we will rewrite it to make secondary guest's
> +     * connection established successfully
> +     */
> +    return 0;
> +}
> +
> +static void colo_rewriter_cleanup(NetFilterState *nf)
> +{
> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
> +
> +    qemu_mutex_destroy(&s->conn_list_lock);
> +    g_queue_free(&s->conn_list);
> +}
> +
> +static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
> +{
> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
> +
> +    g_queue_init(&s->conn_list);
> +    qemu_mutex_init(&s->conn_list_lock);
> +    s->hashtable_size = 0;
> +
> +    s->connection_track_table = g_hash_table_new_full(connection_key_hash,
> +                                                      connection_key_equal,
> +                                                      g_free,
> +                                                      connection_destroy);
> +    s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
> +}
> +
> +static void colo_rewriter_class_init(ObjectClass *oc, void *data)
> +{
> +    NetFilterClass *nfc = NETFILTER_CLASS(oc);
> +
> +    nfc->setup = colo_rewriter_setup;
> +    nfc->cleanup = colo_rewriter_cleanup;
> +    nfc->receive_iov = colo_rewriter_receive_iov;
> +}
> +
> +static const TypeInfo colo_rewriter_info = {
> +    .name = TYPE_FILTER_REWRITER,
> +    .parent = TYPE_NETFILTER,
> +    .class_init = colo_rewriter_class_init,
> +    .instance_size = sizeof(RewriterState),
> +};
> +
> +static void register_types(void)
> +{
> +    type_register_static(&colo_rewriter_info);
> +}
> +
> +type_init(register_types);
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 14bade5..d7ab165 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3859,6 +3859,16 @@ Create a filter-redirector we need to differ outdev id from indev id, id can not
>   be the same. we can just use indev or outdev, but at least one of indev or outdev
>   need to be specified.
>   
> +@item -object filter-rewriter,id=@var{id},netdev=@var{netdevid},rewriter-mode=@var{mode}[,queue=@var{all|rx|tx}]
> +
> +Filter-rewriter is a part of COLO project.It will rewrite some of secondary packet.

Need to be more verbose here.

> +
> +usage:
> +colo secondary:
> +-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
> +-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
> +-object filter-rewriter,id=rew0,netdev=hn0,queue=all
> +
>   @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
>   
>   Dump the network traffic on netdev @var{dev} to the file specified by
> diff --git a/vl.c b/vl.c
> index c6b9a6f..b47be6a 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -2866,7 +2866,8 @@ static bool object_create_initial(const char *type)
>           g_str_equal(type, "filter-dump") ||
>           g_str_equal(type, "filter-mirror") ||
>           g_str_equal(type, "filter-redirector") ||
> -        g_str_equal(type, "colo-compare")) {
> +        g_str_equal(type, "colo-compare") ||
> +        g_str_equal(type, "filter-rewriter")) {

So this makes the patch can't be applied cleanly on master.

And I think we don't want to manually compare 100 kinds of filters in 
the future. How about doing something better, e.g:

- introduce something like filter_register_type()
- recored the name of the type in a list
- iterate it here

?

>           return false;
>       }
>   

Re: [Qemu-devel] [RFC PATCH V2 2/3] filter-rewriter: track connection and parse packet

[Jason Wang]

On 2016年07月02日 14:22, Zhang Chen wrote:
> We use colo-base.h to track connection and parse packet
>
> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> ---
>   net/filter-rewriter.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 52 insertions(+)
>
> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
> index 08b015d..c38ab24 100644
> --- a/net/filter-rewriter.c
> +++ b/net/filter-rewriter.c
> @@ -50,6 +50,20 @@ typedef struct RewriterState {
>       uint32_t hashtable_size;
>   } RewriterState;
>   
> +/*
> + * Return 1 on success, if return 0 means the pkt
> + * is not TCP packet
> + */
> +static int is_tcp_packet(Packet *pkt)
> +{
> +    if (!parse_packet_early(pkt) &&
> +        pkt->ip->ip_p == IPPROTO_TCP) {
> +        return 1;
> +    } else {
> +        return 0;
> +    }
> +}
> +
>   static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
>                                            NetClientState *sender,
>                                            unsigned flags,
> @@ -57,11 +71,49 @@ static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
>                                            int iovcnt,
>                                            NetPacketSent *sent_cb)
>   {
> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
> +    Connection *conn;
> +    ConnectionKey key = {{ 0 } };
> +    Packet *pkt;
> +    ssize_t size = iov_size(iov, iovcnt);
> +    char *buf = g_malloc0(size);
> +
> +    iov_to_buf(iov, iovcnt, 0, buf, size);
> +    pkt = packet_new(buf, size);
> +
>       /*
>        * if we get tcp packet
>        * we will rewrite it to make secondary guest's
>        * connection established successfully
>        */
> +    if (is_tcp_packet(pkt)) {
> +        if (sender == nf->netdev) {
> +            fill_connection_key(pkt, &key, SECONDARY);
> +        } else {
> +            fill_connection_key(pkt, &key, PRIMARY);
> +        }
> +
> +        conn = connection_get(s->connection_track_table,
> +                              &key,
> +                              &s->hashtable_size);
> +        if (!conn->processing) {
> +            qemu_mutex_lock(&s->conn_list_lock);
> +            g_queue_push_tail(&s->conn_list, conn);
> +            qemu_mutex_unlock(&s->conn_list_lock);

conn_list was never used in this series, and I fail to understand why 
conn_list is needed?

> +            conn->processing = true;
> +        }
> +
> +        if (sender == nf->netdev) {
> +            /* NET_FILTER_DIRECTION_TX */
> +            /* handle_primary_tcp_pkt */
> +        } else {
> +            /* NET_FILTER_DIRECTION_RX */
> +            /* handle_secondary_tcp_pkt */
> +        }
> +    }
> +
> +    packet_destroy(pkt, NULL);
> +    pkt = NULL;
>       return 0;
>   }
>   

Re: [Qemu-devel] [RFC PATCH V2 3/3] filter-rewriter: rewrite tcp packet to keep secondary connection

[Jason Wang]

On 2016年07月02日 14:22, Zhang Chen wrote:
> We will rewrite tcp packet secondary received and sent.
> When colo guest is a tcp server.
>
> Firstly, client start a tcp handshake. the packet's seq=client_seq,
> ack=0,flag=SYN. COLO primary guest get this pkt and mirror(filter-mirror)
> to secondary guest, secondary get it use filter-redirector.
> Then,primary guest response pkt
> (seq=primary_seq,ack=client_seq+1,flag=ACK|SYN).
> secondary guest response pkt
> (seq=secondary_seq,ack=client_seq+1,flag=ACK|SYN).
> In here,we use filter-rewriter save the secondary_seq to it's tcp connection.
> Finally handshake,client send pkt
> (seq=client_seq+1,ack=primary_seq+1,flag=ACK).
> Here,filter-rewriter can get primary_seq, and rewrite ack from primary_seq+1
> to secondary_seq+1, recalculate checksum. So the secondary tcp connection
> kept good.
>
> When we send/recv packet.
> client send pkt(seq=client_seq+1+data_len,ack=primary_seq+1,flag=ACK|PSH).
> filter-rewriter rewrite ack and send to secondary guest.
>
> primary guest response pkt
> (seq=primary_seq+1,ack=client_seq+1+data_len,flag=ACK)
> secondary guest response pkt
> (seq=secondary_seq+1,ack=client_seq+1+data_len,flag=ACK)
> we rewrite secondary guest seq from secondary_seq+1 to primary_seq+1.
> So tcp connection kept good.
>
> In code We use offset( = secondary_seq - primary_seq )
> to rewrite seq or ack.
> handle_primary_tcp_pkt: tcp_pkt->th_ack += offset;
> handle_secondary_tcp_pkt: tcp_pkt->th_seq -= offset;
>
> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
> ---
>   net/colo-base.h       |   2 +
>   net/filter-rewriter.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++-
>   trace-events          |   5 +++
>   3 files changed, 115 insertions(+), 2 deletions(-)
>
> diff --git a/net/colo-base.h b/net/colo-base.h
> index 62460c5..7b32648 100644
> --- a/net/colo-base.h
> +++ b/net/colo-base.h
> @@ -71,6 +71,8 @@ typedef struct Connection {
>       uint8_t ip_proto;
>       /* be used by filter-rewriter */
>       colo_conn_state state;
> +    /* offset = secondary_seq - primary_seq */
> +    tcp_seq  offset;

Fail to find the definition of 'tcp_seq'.

>   } Connection;
>   
>   uint32_t connection_key_hash(const void *opaque);
> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
> index c38ab24..9f63c75 100644
> --- a/net/filter-rewriter.c
> +++ b/net/filter-rewriter.c
> @@ -21,6 +21,7 @@
>   #include "qemu/main-loop.h"
>   #include "qemu/iov.h"
>   #include "net/checksum.h"
> +#include "trace.h"
>   
>   #define FILTER_COLO_REWRITER(obj) \
>       OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
> @@ -64,6 +65,91 @@ static int is_tcp_packet(Packet *pkt)
>       }
>   }
>   
> +/* handle tcp packet from primary guest */
> +static int handle_primary_tcp_pkt(NetFilterState *nf,
> +                                  Connection *conn,
> +                                  Packet *pkt)
> +{
> +    struct tcphdr *tcp_pkt;
> +    static int syn_flag;
> +
> +    tcp_pkt = (struct tcphdr *)pkt->transport_layer;
> +    if (trace_event_get_state(TRACE_COLO_FILTER_REWRITER_DEBUG)) {
> +        char *sdebug, *ddebug;
> +        sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
> +        ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
> +        trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
> +                    ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
> +                    tcp_pkt->th_flags);
> +        trace_colo_filter_rewriter_conn_offset(conn->offset);
> +        g_free(sdebug);
> +        g_free(ddebug);
> +    }
> +
> +    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_SYN)) {
> +        /*
> +         * this flag update offset func run oncs

typo?

> +         * in independent tcp connection
> +         */
> +        syn_flag = 1;

Does this really work if you have more than one tcp connections? You 
probably need a conn->syn_flag.

> +    }
> +
> +    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_ACK)) {
> +        if (syn_flag) {
> +            /* offset = secondary_seq - primary seq */
> +            conn->offset -= (ntohl(tcp_pkt->th_ack));
> +            syn_flag = 0;
> +
> +        }
> +        /* handle packets to the secondary from the primary */
> +        tcp_pkt->th_ack = htonl(ntohl(tcp_pkt->th_ack) + conn->offset + 1);

Maybe I miss something, but why +1 here?

Re: [Qemu-devel] [RFC PATCH V2 1/3] filter-rewriter: introduce filter-rewriter initialization

[Zhang Chen]

On 07/04/2016 10:49 AM, Jason Wang wrote:
>
>
> On 2016年07月02日 14:22, Zhang Chen wrote:
>> Filter-rewriter is a part of COLO project.
>> It will rewrite some of secondary packet to make
>> secondary guest's connection established successfully.
>
> Probably need to be more verbose here. E.g we only care about tcp and 
> only rewrite ack now.
>

ok~ I will add more comments in next version.

>>
>> usage:
>>
>> colo secondary:
>> -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
>> -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
>> -object filter-rewriter,id=rew0,netdev=hn0,queue=all
>>
>> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>> ---
>>   net/Makefile.objs     |   1 +
>>   net/filter-rewriter.c | 112 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++
>>   qemu-options.hx       |  10 +++++
>>   vl.c                  |   3 +-
>>   4 files changed, 125 insertions(+), 1 deletion(-)
>>   create mode 100644 net/filter-rewriter.c
>>
>> diff --git a/net/Makefile.objs b/net/Makefile.objs
>> index 119589f..645bd10 100644
>> --- a/net/Makefile.objs
>> +++ b/net/Makefile.objs
>> @@ -18,3 +18,4 @@ common-obj-y += filter-buffer.o
>>   common-obj-y += filter-mirror.o
>>   common-obj-y += colo-compare.o
>>   common-obj-y += colo-base.o
>> +common-obj-y += filter-rewriter.o
>> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
>> new file mode 100644
>> index 0000000..08b015d
>> --- /dev/null
>> +++ b/net/filter-rewriter.c
>> @@ -0,0 +1,112 @@
>> +/*
>> + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
>> + * Copyright (c) 2016 FUJITSU LIMITED
>> + * Copyright (c) 2016 Intel Corporation
>> + *
>> + * Author: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or
>> + * later.  See the COPYING file in the top-level directory.
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "net/colo-base.h"
>> +#include "net/filter.h"
>> +#include "net/net.h"
>> +#include "qemu-common.h"
>> +#include "qapi/error.h"
>> +#include "qapi/qmp/qerror.h"
>> +#include "qapi-visit.h"
>> +#include "qom/object.h"
>> +#include "qemu/main-loop.h"
>> +#include "qemu/iov.h"
>> +#include "net/checksum.h"
>> +
>> +#define FILTER_COLO_REWRITER(obj) \
>> +    OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
>> +
>> +#define TYPE_FILTER_REWRITER "filter-rewriter"
>> +
>> +enum {
>> +    PRIMARY = 0,
>> +    SECONDARY,
>> +};
>> +
>> +typedef struct RewriterState {
>> +    NetFilterState parent_obj;
>> +    /* connection list: the connections belonged to this NIC could 
>> be found
>> +     * in this list.
>> +     * element type: Connection
>> +     */
>> +    GQueue conn_list;
>> +    NetQueue *incoming_queue;
>> +    /* to protect conn_list */
>> +    QemuMutex conn_list_lock;
>> +    /* hashtable to save connection */
>> +    GHashTable *connection_track_table;
>> +    /* to save unprocessed_connections */
>> +    GQueue unprocessed_connections;
>> +    /* current hash size */
>> +    uint32_t hashtable_size;
>> +} RewriterState;
>> +
>> +static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
>> +                                         NetClientState *sender,
>> +                                         unsigned flags,
>> +                                         const struct iovec *iov,
>> +                                         int iovcnt,
>> +                                         NetPacketSent *sent_cb)
>> +{
>> +    /*
>> +     * if we get tcp packet
>> +     * we will rewrite it to make secondary guest's
>> +     * connection established successfully
>> +     */
>> +    return 0;
>> +}
>> +
>> +static void colo_rewriter_cleanup(NetFilterState *nf)
>> +{
>> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
>> +
>> +    qemu_mutex_destroy(&s->conn_list_lock);
>> +    g_queue_free(&s->conn_list);
>> +}
>> +
>> +static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
>> +{
>> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
>> +
>> +    g_queue_init(&s->conn_list);
>> +    qemu_mutex_init(&s->conn_list_lock);
>> +    s->hashtable_size = 0;
>> +
>> +    s->connection_track_table = 
>> g_hash_table_new_full(connection_key_hash,
>> + connection_key_equal,
>> +                                                      g_free,
>> + connection_destroy);
>> +    s->incoming_queue = 
>> qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
>> +}
>> +
>> +static void colo_rewriter_class_init(ObjectClass *oc, void *data)
>> +{
>> +    NetFilterClass *nfc = NETFILTER_CLASS(oc);
>> +
>> +    nfc->setup = colo_rewriter_setup;
>> +    nfc->cleanup = colo_rewriter_cleanup;
>> +    nfc->receive_iov = colo_rewriter_receive_iov;
>> +}
>> +
>> +static const TypeInfo colo_rewriter_info = {
>> +    .name = TYPE_FILTER_REWRITER,
>> +    .parent = TYPE_NETFILTER,
>> +    .class_init = colo_rewriter_class_init,
>> +    .instance_size = sizeof(RewriterState),
>> +};
>> +
>> +static void register_types(void)
>> +{
>> +    type_register_static(&colo_rewriter_info);
>> +}
>> +
>> +type_init(register_types);
>> diff --git a/qemu-options.hx b/qemu-options.hx
>> index 14bade5..d7ab165 100644
>> --- a/qemu-options.hx
>> +++ b/qemu-options.hx
>> @@ -3859,6 +3859,16 @@ Create a filter-redirector we need to differ 
>> outdev id from indev id, id can not
>>   be the same. we can just use indev or outdev, but at least one of 
>> indev or outdev
>>   need to be specified.
>>   +@item -object 
>> filter-rewriter,id=@var{id},netdev=@var{netdevid},rewriter-mode=@var{mode}[,queue=@var{all|rx|tx}]
>> +
>> +Filter-rewriter is a part of COLO project.It will rewrite some of 
>> secondary packet.
>
> Need to be more verbose here.

OK~

>
>> +
>> +usage:
>> +colo secondary:
>> +-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
>> +-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
>> +-object filter-rewriter,id=rew0,netdev=hn0,queue=all
>> +
>>   @item -object 
>> filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}]
>>     Dump the network traffic on netdev @var{dev} to the file 
>> specified by
>> diff --git a/vl.c b/vl.c
>> index c6b9a6f..b47be6a 100644
>> --- a/vl.c
>> +++ b/vl.c
>> @@ -2866,7 +2866,8 @@ static bool object_create_initial(const char 
>> *type)
>>           g_str_equal(type, "filter-dump") ||
>>           g_str_equal(type, "filter-mirror") ||
>>           g_str_equal(type, "filter-redirector") ||
>> -        g_str_equal(type, "colo-compare")) {
>> +        g_str_equal(type, "colo-compare") ||
>> +        g_str_equal(type, "filter-rewriter")) {
>
> So this makes the patch can't be applied cleanly on master.

Yes,filter-rewriter based on colo-base in colo-compare...
So, should we make colo-base be a independent patch set?
Now, colo-base used by colo-compare and filter-rewriter.

>
> And I think we don't want to manually compare 100 kinds of filters in 
> the future. How about doing something better, e.g:
>
> - introduce something like filter_register_type()
> - recored the name of the type in a list
> - iterate it here
>
> ?
>

Maybe we need do this after colo-compare and filter-rewriter be merged.
and make filter-dump and other filter all in this type.

Thanks
Zhang Chen

>>           return false;
>>       }
>
>
>
> .
>

-- 
Thanks
zhangchen

Re: [Qemu-devel] [RFC PATCH V2 2/3] filter-rewriter: track connection and parse packet

[Zhang Chen]

On 07/04/2016 11:04 AM, Jason Wang wrote:
>
>
> On 2016年07月02日 14:22, Zhang Chen wrote:
>> We use colo-base.h to track connection and parse packet
>>
>> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>> ---
>>   net/filter-rewriter.c | 52 
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>>   1 file changed, 52 insertions(+)
>>
>> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
>> index 08b015d..c38ab24 100644
>> --- a/net/filter-rewriter.c
>> +++ b/net/filter-rewriter.c
>> @@ -50,6 +50,20 @@ typedef struct RewriterState {
>>       uint32_t hashtable_size;
>>   } RewriterState;
>>   +/*
>> + * Return 1 on success, if return 0 means the pkt
>> + * is not TCP packet
>> + */
>> +static int is_tcp_packet(Packet *pkt)
>> +{
>> +    if (!parse_packet_early(pkt) &&
>> +        pkt->ip->ip_p == IPPROTO_TCP) {
>> +        return 1;
>> +    } else {
>> +        return 0;
>> +    }
>> +}
>> +
>>   static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
>>                                            NetClientState *sender,
>>                                            unsigned flags,
>> @@ -57,11 +71,49 @@ static ssize_t 
>> colo_rewriter_receive_iov(NetFilterState *nf,
>>                                            int iovcnt,
>>                                            NetPacketSent *sent_cb)
>>   {
>> +    RewriterState *s = FILTER_COLO_REWRITER(nf);
>> +    Connection *conn;
>> +    ConnectionKey key = {{ 0 } };
>> +    Packet *pkt;
>> +    ssize_t size = iov_size(iov, iovcnt);
>> +    char *buf = g_malloc0(size);
>> +
>> +    iov_to_buf(iov, iovcnt, 0, buf, size);
>> +    pkt = packet_new(buf, size);
>> +
>>       /*
>>        * if we get tcp packet
>>        * we will rewrite it to make secondary guest's
>>        * connection established successfully
>>        */
>> +    if (is_tcp_packet(pkt)) {
>> +        if (sender == nf->netdev) {
>> +            fill_connection_key(pkt, &key, SECONDARY);
>> +        } else {
>> +            fill_connection_key(pkt, &key, PRIMARY);
>> +        }
>> +
>> +        conn = connection_get(s->connection_track_table,
>> +                              &key,
>> +                              &s->hashtable_size);
>> +        if (!conn->processing) {
>> +            qemu_mutex_lock(&s->conn_list_lock);
>> +            g_queue_push_tail(&s->conn_list, conn);
>> +            qemu_mutex_unlock(&s->conn_list_lock);
>
> conn_list was never used in this series, and I fail to understand why 
> conn_list is needed?

When filter-rewriter work with colo-frame we need this do some 
synchronization job.
like colo do checkpoint,we will flush connection.
Maybe I should move this lock to other patch (like filter-rewriter work 
with colo-frame).

Thanks
Zhang Chen

>
>> +            conn->processing = true;
>> +        }
>> +
>> +        if (sender == nf->netdev) {
>> +            /* NET_FILTER_DIRECTION_TX */
>> +            /* handle_primary_tcp_pkt */
>> +        } else {
>> +            /* NET_FILTER_DIRECTION_RX */
>> +            /* handle_secondary_tcp_pkt */
>> +        }
>> +    }
>> +
>> +    packet_destroy(pkt, NULL);
>> +    pkt = NULL;
>>       return 0;
>>   }
>
>
>
> .
>

-- 
Thanks
zhangchen

Re: [Qemu-devel] [RFC PATCH V2 1/3] filter-rewriter: introduce filter-rewriter initialization

[Jason Wang]

On 2016年07月04日 15:42, Zhang Chen wrote:
>>>   @item -object 
>>> filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] 
>>>
>>>     Dump the network traffic on netdev @var{dev} to the file 
>>> specified by
>>> diff --git a/vl.c b/vl.c
>>> index c6b9a6f..b47be6a 100644
>>> --- a/vl.c
>>> +++ b/vl.c
>>> @@ -2866,7 +2866,8 @@ static bool object_create_initial(const char 
>>> *type)
>>>           g_str_equal(type, "filter-dump") ||
>>>           g_str_equal(type, "filter-mirror") ||
>>>           g_str_equal(type, "filter-redirector") ||
>>> -        g_str_equal(type, "colo-compare")) {
>>> +        g_str_equal(type, "colo-compare") ||
>>> +        g_str_equal(type, "filter-rewriter")) {
>>
>> So this makes the patch can't be applied cleanly on master.
>
> Yes,filter-rewriter based on colo-base in colo-compare...
> So, should we make colo-base be a independent patch set?
> Now, colo-base used by colo-compare and filter-rewriter.
>

At least the codes in this series is pretty independent, so there's no 
need I think.

>>
>> And I think we don't want to manually compare 100 kinds of filters in 
>> the future. How about doing something better, e.g:
>>
>> - introduce something like filter_register_type()
>> - recored the name of the type in a list
>> - iterate it here
>>
>> ?
>>
>
> Maybe we need do this after colo-compare and filter-rewriter be merged.
> and make filter-dump and other filter all in this type.
>
> Thanks
> Zhang Chen

Yes.

>
>>>           return false;
>>>       }
>>
>>
>>
>> . 

Re: [Qemu-devel] [RFC PATCH V2 2/3] filter-rewriter: track connection and parse packet

[Jason Wang]

On 2016年07月04日 15:47, Zhang Chen wrote:
>>> +    if (is_tcp_packet(pkt)) {
>>> +        if (sender == nf->netdev) {
>>> +            fill_connection_key(pkt, &key, SECONDARY);
>>> +        } else {
>>> +            fill_connection_key(pkt, &key, PRIMARY);
>>> +        }
>>> +
>>> +        conn = connection_get(s->connection_track_table,
>>> +                              &key,
>>> +                              &s->hashtable_size);
>>> +        if (!conn->processing) {
>>> +            qemu_mutex_lock(&s->conn_list_lock);
>>> +            g_queue_push_tail(&s->conn_list, conn);
>>> +            qemu_mutex_unlock(&s->conn_list_lock);
>>
>> conn_list was never used in this series, and I fail to understand why 
>> conn_list is needed?
>
> When filter-rewriter work with colo-frame we need this do some 
> synchronization job.
> like colo do checkpoint,we will flush connection.
> Maybe I should move this lock to other patch (like filter-rewriter 
> work with colo-frame).
>
> Thanks
> Zhang Chen 

Yes, please do it.

Re: [Qemu-devel] [RFC PATCH V2 3/3] filter-rewriter: rewrite tcp packet to keep secondary connection

[Zhang Chen]

On 07/04/2016 11:16 AM, Jason Wang wrote:
>
>
> On 2016年07月02日 14:22, Zhang Chen wrote:
>> We will rewrite tcp packet secondary received and sent.
>> When colo guest is a tcp server.
>>
>> Firstly, client start a tcp handshake. the packet's seq=client_seq,
>> ack=0,flag=SYN. COLO primary guest get this pkt and 
>> mirror(filter-mirror)
>> to secondary guest, secondary get it use filter-redirector.
>> Then,primary guest response pkt
>> (seq=primary_seq,ack=client_seq+1,flag=ACK|SYN).
>> secondary guest response pkt
>> (seq=secondary_seq,ack=client_seq+1,flag=ACK|SYN).
>> In here,we use filter-rewriter save the secondary_seq to it's tcp 
>> connection.
>> Finally handshake,client send pkt
>> (seq=client_seq+1,ack=primary_seq+1,flag=ACK).
>> Here,filter-rewriter can get primary_seq, and rewrite ack from 
>> primary_seq+1
>> to secondary_seq+1, recalculate checksum. So the secondary tcp 
>> connection
>> kept good.
>>
>> When we send/recv packet.
>> client send 
>> pkt(seq=client_seq+1+data_len,ack=primary_seq+1,flag=ACK|PSH).
>> filter-rewriter rewrite ack and send to secondary guest.
>>
>> primary guest response pkt
>> (seq=primary_seq+1,ack=client_seq+1+data_len,flag=ACK)
>> secondary guest response pkt
>> (seq=secondary_seq+1,ack=client_seq+1+data_len,flag=ACK)
>> we rewrite secondary guest seq from secondary_seq+1 to primary_seq+1.
>> So tcp connection kept good.
>>
>> In code We use offset( = secondary_seq - primary_seq )
>> to rewrite seq or ack.
>> handle_primary_tcp_pkt: tcp_pkt->th_ack += offset;
>> handle_secondary_tcp_pkt: tcp_pkt->th_seq -= offset;
>>
>> Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
>> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
>> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
>> ---
>>   net/colo-base.h       |   2 +
>>   net/filter-rewriter.c | 110 
>> +++++++++++++++++++++++++++++++++++++++++++++++++-
>>   trace-events          |   5 +++
>>   3 files changed, 115 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/colo-base.h b/net/colo-base.h
>> index 62460c5..7b32648 100644
>> --- a/net/colo-base.h
>> +++ b/net/colo-base.h
>> @@ -71,6 +71,8 @@ typedef struct Connection {
>>       uint8_t ip_proto;
>>       /* be used by filter-rewriter */
>>       colo_conn_state state;
>> +    /* offset = secondary_seq - primary_seq */
>> +    tcp_seq  offset;
>
> Fail to find the definition of 'tcp_seq'.
>

In slirp/tcp.h
typedef    uint32_t tcp_seq;

we add this .h in colo-base.h


>>   } Connection;
>>     uint32_t connection_key_hash(const void *opaque);
>> diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
>> index c38ab24..9f63c75 100644
>> --- a/net/filter-rewriter.c
>> +++ b/net/filter-rewriter.c
>> @@ -21,6 +21,7 @@
>>   #include "qemu/main-loop.h"
>>   #include "qemu/iov.h"
>>   #include "net/checksum.h"
>> +#include "trace.h"
>>     #define FILTER_COLO_REWRITER(obj) \
>>       OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
>> @@ -64,6 +65,91 @@ static int is_tcp_packet(Packet *pkt)
>>       }
>>   }
>>   +/* handle tcp packet from primary guest */
>> +static int handle_primary_tcp_pkt(NetFilterState *nf,
>> +                                  Connection *conn,
>> +                                  Packet *pkt)
>> +{
>> +    struct tcphdr *tcp_pkt;
>> +    static int syn_flag;
>> +
>> +    tcp_pkt = (struct tcphdr *)pkt->transport_layer;
>> +    if (trace_event_get_state(TRACE_COLO_FILTER_REWRITER_DEBUG)) {
>> +        char *sdebug, *ddebug;
>> +        sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
>> +        ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
>> +        trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
>> +                    ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
>> +                    tcp_pkt->th_flags);
>> + trace_colo_filter_rewriter_conn_offset(conn->offset);
>> +        g_free(sdebug);
>> +        g_free(ddebug);
>> +    }
>> +
>> +    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_SYN)) {
>> +        /*
>> +         * this flag update offset func run oncs
>
> typo?

S/oncs/once

>
>> +         * in independent tcp connection
>> +         */
>> +        syn_flag = 1;
>
> Does this really work if you have more than one tcp connections? You 
> probably need a conn->syn_flag.

Good catch...
I will fix it in next.


>
>> +    }
>> +
>> +    if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_ACK)) {
>> +        if (syn_flag) {
>> +            /* offset = secondary_seq - primary seq */
>> +            conn->offset -= (ntohl(tcp_pkt->th_ack));
>> +            syn_flag = 0;
>> +
>> +        }
>> +        /* handle packets to the secondary from the primary */
>> +        tcp_pkt->th_ack = htonl(ntohl(tcp_pkt->th_ack) + 
>> conn->offset + 1);
>
> Maybe I miss something, but why +1 here?
>
>

No,I miss something.
+            /* offset = secondary_seq - primary seq */
+            conn->offset -= (ntohl(tcp_pkt->th_ack));
should be
+            conn->offset -= (ntohl(tcp_pkt->th_ack) - 1);

(ntohl(tcp_pkt->th_ack) - 1) is the primary seq

+        tcp_pkt->th_ack = htonl(ntohl(tcp_pkt->th_ack) + conn->offset);

I will fix it.

Thanks
Zhang Chen
>
> .
>

-- 
Thanks
zhangchen