Commit f21c0ed97c9754683b168deb6112b3a280361ff2
1 parent
b6503ed9
qemu:virtio-net: Add VLAN filtering (Alex Williamson)
Use the control virtqueue to allow the guest to enable and manipulate a VLAN filter table. This allows us to drop more packets the guest doesn't want to see. We define a new VLAN class for the control virtqueue with commands ADD and DEL with usage defined in virtio-net.h. Signed-off-by: Alex Williamson <alex.williamson@hp.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6540 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
2 changed files
with
63 additions
and
3 deletions
hw/virtio-net.c
| ... | ... | @@ -16,9 +16,10 @@ |
| 16 | 16 | #include "qemu-timer.h" |
| 17 | 17 | #include "virtio-net.h" |
| 18 | 18 | |
| 19 | -#define VIRTIO_NET_VM_VERSION 5 | |
| 19 | +#define VIRTIO_NET_VM_VERSION 6 | |
| 20 | 20 | |
| 21 | 21 | #define MAC_TABLE_ENTRIES 32 |
| 22 | +#define MAX_VLAN (1 << 12) /* Per 802.1Q definition */ | |
| 22 | 23 | |
| 23 | 24 | typedef struct VirtIONet |
| 24 | 25 | { |
| ... | ... | @@ -38,6 +39,7 @@ typedef struct VirtIONet |
| 38 | 39 | int in_use; |
| 39 | 40 | uint8_t *macs; |
| 40 | 41 | } mac_table; |
| 42 | + uint32_t *vlans; | |
| 41 | 43 | } VirtIONet; |
| 42 | 44 | |
| 43 | 45 | /* TODO |
| ... | ... | @@ -94,9 +96,10 @@ static void virtio_net_reset(VirtIODevice *vdev) |
| 94 | 96 | n->promisc = 1; |
| 95 | 97 | n->allmulti = 0; |
| 96 | 98 | |
| 97 | - /* Flush any MAC filter table state */ | |
| 99 | + /* Flush any MAC and VLAN filter table state */ | |
| 98 | 100 | n->mac_table.in_use = 0; |
| 99 | 101 | memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN); |
| 102 | + memset(n->vlans, 0, MAX_VLAN >> 3); | |
| 100 | 103 | } |
| 101 | 104 | |
| 102 | 105 | static uint32_t virtio_net_get_features(VirtIODevice *vdev) |
| ... | ... | @@ -104,7 +107,8 @@ static uint32_t virtio_net_get_features(VirtIODevice *vdev) |
| 104 | 107 | uint32_t features = (1 << VIRTIO_NET_F_MAC) | |
| 105 | 108 | (1 << VIRTIO_NET_F_STATUS) | |
| 106 | 109 | (1 << VIRTIO_NET_F_CTRL_VQ) | |
| 107 | - (1 << VIRTIO_NET_F_CTRL_RX); | |
| 110 | + (1 << VIRTIO_NET_F_CTRL_RX) | | |
| 111 | + (1 << VIRTIO_NET_F_CTRL_VLAN); | |
| 108 | 112 | |
| 109 | 113 | return features; |
| 110 | 114 | } |
| ... | ... | @@ -185,6 +189,31 @@ static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd, |
| 185 | 189 | return VIRTIO_NET_OK; |
| 186 | 190 | } |
| 187 | 191 | |
| 192 | +static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd, | |
| 193 | + VirtQueueElement *elem) | |
| 194 | +{ | |
| 195 | + uint16_t vid; | |
| 196 | + | |
| 197 | + if (elem->out_num != 2 || elem->out_sg[1].iov_len != sizeof(vid)) { | |
| 198 | + fprintf(stderr, "virtio-net ctrl invalid vlan command\n"); | |
| 199 | + return VIRTIO_NET_ERR; | |
| 200 | + } | |
| 201 | + | |
| 202 | + vid = lduw_le_p(elem->out_sg[1].iov_base); | |
| 203 | + | |
| 204 | + if (vid >= MAX_VLAN) | |
| 205 | + return VIRTIO_NET_ERR; | |
| 206 | + | |
| 207 | + if (cmd == VIRTIO_NET_CTRL_VLAN_ADD) | |
| 208 | + n->vlans[vid >> 5] |= (1U << (vid & 0x1f)); | |
| 209 | + else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL) | |
| 210 | + n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f)); | |
| 211 | + else | |
| 212 | + return VIRTIO_NET_ERR; | |
| 213 | + | |
| 214 | + return VIRTIO_NET_OK; | |
| 215 | +} | |
| 216 | + | |
| 188 | 217 | static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) |
| 189 | 218 | { |
| 190 | 219 | VirtIONet *n = to_virtio_net(vdev); |
| ... | ... | @@ -211,6 +240,8 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) |
| 211 | 240 | status = virtio_net_handle_rx_mode(n, ctrl.cmd, &elem); |
| 212 | 241 | else if (ctrl.class == VIRTIO_NET_CTRL_MAC) |
| 213 | 242 | status = virtio_net_handle_mac(n, ctrl.cmd, &elem); |
| 243 | + else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) | |
| 244 | + status = virtio_net_handle_vlan_table(n, ctrl.cmd, &elem); | |
| 214 | 245 | |
| 215 | 246 | stb_p(elem.in_sg[elem.in_num - 1].iov_base, status); |
| 216 | 247 | |
| ... | ... | @@ -285,6 +316,7 @@ static int receive_header(VirtIONet *n, struct iovec *iov, int iovcnt, |
| 285 | 316 | static int receive_filter(VirtIONet *n, const uint8_t *buf, int size) |
| 286 | 317 | { |
| 287 | 318 | static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
| 319 | + static const uint8_t vlan[] = {0x81, 0x00}; | |
| 288 | 320 | uint8_t *ptr = (uint8_t *)buf; |
| 289 | 321 | int i; |
| 290 | 322 | |
| ... | ... | @@ -296,6 +328,12 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size) |
| 296 | 328 | ptr += sizeof(struct virtio_net_hdr); |
| 297 | 329 | #endif |
| 298 | 330 | |
| 331 | + if (!memcmp(&ptr[12], vlan, sizeof(vlan))) { | |
| 332 | + int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff; | |
| 333 | + if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f)))) | |
| 334 | + return 0; | |
| 335 | + } | |
| 336 | + | |
| 299 | 337 | if ((ptr[0] & 1) && n->allmulti) |
| 300 | 338 | return 1; |
| 301 | 339 | |
| ... | ... | @@ -474,6 +512,7 @@ static void virtio_net_save(QEMUFile *f, void *opaque) |
| 474 | 512 | qemu_put_be32(f, n->allmulti); |
| 475 | 513 | qemu_put_be32(f, n->mac_table.in_use); |
| 476 | 514 | qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN); |
| 515 | + qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3); | |
| 477 | 516 | } |
| 478 | 517 | |
| 479 | 518 | static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) |
| ... | ... | @@ -510,6 +549,9 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) |
| 510 | 549 | } |
| 511 | 550 | } |
| 512 | 551 | |
| 552 | + if (version_id >= 6) | |
| 553 | + qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3); | |
| 554 | + | |
| 513 | 555 | if (n->tx_timer_active) { |
| 514 | 556 | qemu_mod_timer(n->tx_timer, |
| 515 | 557 | qemu_get_clock(vm_clock) + TX_TIMER_INTERVAL); |
| ... | ... | @@ -559,6 +601,10 @@ void virtio_net_init(PCIBus *bus, NICInfo *nd, int devfn) |
| 559 | 601 | if (!n->mac_table.macs) |
| 560 | 602 | return; |
| 561 | 603 | |
| 604 | + n->vlans = qemu_mallocz(MAX_VLAN >> 3); | |
| 605 | + if (!n->vlans) | |
| 606 | + return; | |
| 607 | + | |
| 562 | 608 | register_savevm("virtio-net", virtio_net_id++, VIRTIO_NET_VM_VERSION, |
| 563 | 609 | virtio_net_save, virtio_net_load, n); |
| 564 | 610 | } | ... | ... |
hw/virtio-net.h
| ... | ... | @@ -42,6 +42,7 @@ |
| 42 | 42 | #define VIRTIO_NET_F_STATUS 16 /* virtio_net_config.status available */ |
| 43 | 43 | #define VIRTIO_NET_F_CTRL_VQ 17 /* Control channel available */ |
| 44 | 44 | #define VIRTIO_NET_F_CTRL_RX 18 /* Control channel RX mode support */ |
| 45 | +#define VIRTIO_NET_F_CTRL_VLAN 19 /* Control channel VLAN filtering */ | |
| 45 | 46 | |
| 46 | 47 | #define VIRTIO_NET_S_LINK_UP 1 /* Link is up */ |
| 47 | 48 | |
| ... | ... | @@ -135,4 +136,17 @@ struct virtio_net_ctrl_mac { |
| 135 | 136 | #define VIRTIO_NET_CTRL_MAC 1 |
| 136 | 137 | #define VIRTIO_NET_CTRL_MAC_TABLE_SET 0 |
| 137 | 138 | |
| 139 | +/* | |
| 140 | + * Control VLAN filtering | |
| 141 | + * | |
| 142 | + * The VLAN filter table is controlled via a simple ADD/DEL interface. | |
| 143 | + * VLAN IDs not added may be filterd by the hypervisor. Del is the | |
| 144 | + * opposite of add. Both commands expect an out entry containing a 2 | |
| 145 | + * byte VLAN ID. VLAN filterting is available with the | |
| 146 | + * VIRTIO_NET_F_CTRL_VLAN feature bit. | |
| 147 | + */ | |
| 148 | +#define VIRTIO_NET_CTRL_VLAN 2 | |
| 149 | + #define VIRTIO_NET_CTRL_VLAN_ADD 0 | |
| 150 | + #define VIRTIO_NET_CTRL_VLAN_DEL 1 | |
| 151 | + | |
| 138 | 152 | #endif | ... | ... |