On 02/24/2016 05:03 PM, Zhang Chen wrote:
If queue=rx, filter-redirector will get the packet that guest send,
then redirect
to outdev(if none, do nothing). but queue=rx/tx/all not related to
indev. please
look the flow chart below. queue=xxx just work for one
way(filter->outdev).
filter
+
|
|
redirector |
+-------------------------+
| | |
| | |
| | |
indev +----------------+ +----------------> outdev
| | |
| | |
| | |
+-------------------------+
|
|
v
filter
|
|
v
filter ........ filter ...... guest
This looks a violation on the assumption of current filter behavior.
Each filter should only talk to the 'next' or 'prev' filter on the chain
(depends on the direction) or netdev when queue=rx or netdev's peer when
queue=tx.
And in fact there's subtle differences with your patch:
When queue='all' since you force nf->netdev as sender, direction is
NET_FILTER_DIRECTION_TX, the packet will be passed to 'next' filter on
the chain.
When queue='rx', direction is NET_FILTER_DIRECTION_RX, the packet will
be pass to 'prev' filter on the chain.
So as you can see, 'all' is ambiguous here. I think we should keep
current behavior by redirecting traffic to netdev when queue='rx'. For
queue='all', maybe we need redirect the traffic to both netdev and
netdev's peer.