| Message ID | 20210420151537.64360-2-chen.zhang@intel.com |
|---|---|
| State | New |
| Headers | show |
| Series | Passthrough specific network traffic in COLO | expand |
On Tue, 20 Apr 2021 23:15:32 +0800 Zhang Chen <chen.zhang@intel.com> wrote: > Since the real user scenario does not need COLO to monitor all traffic. > Add colo-passthrough-add and colo-passthrough-del to maintain > a COLO network passthrough list. Add IPFlowSpec struct for all QMP commands. > Except protocol field is necessary, other fields are optional. > > Signed-off-by: Zhang Chen <chen.zhang@intel.com> > --- > net/net.c | 10 ++++++++ > qapi/net.json | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 78 insertions(+) > > diff --git a/net/net.c b/net/net.c > index edf9b95418..2a6e5f3886 100644 > --- a/net/net.c > +++ b/net/net.c > @@ -1196,6 +1196,16 @@ void qmp_netdev_del(const char *id, Error **errp) > } > } > > +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) > +{ > + /* TODO implement setup passthrough rule */ > +} > + > +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) > +{ > + /* TODO implement delete passthrough rule */ > +} > + > static void netfilter_print_info(Monitor *mon, NetFilterState *nf) > { > char *str; > diff --git a/qapi/net.json b/qapi/net.json > index af3f5b0fda..f6e4e37526 100644 > --- a/qapi/net.json > +++ b/qapi/net.json > @@ -7,6 +7,7 @@ > ## > > { 'include': 'common.json' } > +{ 'include': 'sockets.json' } > > ## > # @set_link: > @@ -694,3 +695,70 @@ > ## > { 'event': 'FAILOVER_NEGOTIATED', > 'data': {'device-id': 'str'} } > + > +## > +# @IPFlowSpec: I think something like "@IPFilterRule" is clearer. > +# IP flow specification. "IP filter rule specification" > +# @protocol: Transport layer protocol like TCP/UDP... > +# > +# @object-name: Point out the IPflow spec effective range of object, > +# If there is no such part, it means global spec. I think IPFlowSpec should be kept generic, so object-name should not be part of it. It should move directly to 'colo-passthrough-add' and 'colo-passthrough-del'. Also please use clearer wording. Proposal: "@object-name: The id of the colo-compare object to add the filter to." Again, if other net filters support the new feature in the future, the wording can always be changed later. > +# @source: Source address and port. > +# > +# @destination: Destination address and port. > +# > +# Since: 6.1 > +## > +{ 'struct': 'IPFlowSpec', > + 'data': { 'protocol': 'str', '*object-name': 'str', > + '*source': 'InetSocketAddressBase', > + '*destination': 'InetSocketAddressBase' } } I think 'protocol' should be made optional too. > +## > +# @colo-passthrough-add: > +# > +# Add passthrough entry according to user's needs in COLO-compare. > +# Source IP/port and destination IP/port both optional, If user just > +# input parts of infotmation, it will match all. > +# > +# Returns: Nothing on success > +# > +# Since: 6.1 > +# > +# Example: > +# > +# -> { "execute": "colo-passthrough-add", > +# "arguments": { "protocol": "tcp", "object-name": "object0", > +# "source": {"host": "192.168.1.1", "port": "1234"}, > +# "destination": {"host": "192.168.1.2", "port": "4321"} } } > +# <- { "return": {} } > +# > +## > +{ 'command': 'colo-passthrough-add', 'boxed': true, > + 'data': 'IPFlowSpec' } > + > +## > +# @colo-passthrough-del: > +# > +# Delete passthrough entry according to user's needs in COLO-compare. > +# Source IP/port and destination IP/port both optional, If user just > +# input parts of infotmation, it will match all. > +# > +# Returns: Nothing on success > +# > +# Since: 6.1 > +# > +# Example: > +# > +# -> { "execute": "colo-passthrough-del", > +# "arguments": { "protocol": "tcp", "object-name": "object0", > +# "source": {"host": "192.168.1.1", "port": "1234"}, > +# "destination": {"host": "192.168.1.2", "port": "4321"} } } > +# <- { "return": {} } > +# > +## > +{ 'command': 'colo-passthrough-del', 'boxed': true, > + 'data': 'IPFlowSpec' } --
> -----Original Message----- > From: Lukas Straub <lukasstraub2@web.de> > Sent: Tuesday, May 18, 2021 4:35 AM > To: Zhang, Chen <chen.zhang@intel.com> > Cc: Jason Wang <jasowang@redhat.com>; qemu-dev <qemu- > devel@nongnu.org>; Eric Blake <eblake@redhat.com>; Dr. David Alan > Gilbert <dgilbert@redhat.com>; Markus Armbruster <armbru@redhat.com>; > Daniel P. Berrangé <berrange@redhat.com>; Gerd Hoffmann > <kraxel@redhat.com>; Li Zhijian <lizhijian@cn.fujitsu.com>; Zhang Chen > <zhangckid@gmail.com> > Subject: Re: [PATCH V6 1/6] qapi/net: Add IPFlowSpec and QMP command > for COLO passthrough > > On Tue, 20 Apr 2021 23:15:32 +0800 > Zhang Chen <chen.zhang@intel.com> wrote: > > > Since the real user scenario does not need COLO to monitor all traffic. > > Add colo-passthrough-add and colo-passthrough-del to maintain a COLO > > network passthrough list. Add IPFlowSpec struct for all QMP commands. > > Except protocol field is necessary, other fields are optional. > > > > Signed-off-by: Zhang Chen <chen.zhang@intel.com> > > --- > > net/net.c | 10 ++++++++ > > qapi/net.json | 68 > > +++++++++++++++++++++++++++++++++++++++++++++++++++ > > 2 files changed, 78 insertions(+) > > > > diff --git a/net/net.c b/net/net.c > > index edf9b95418..2a6e5f3886 100644 > > --- a/net/net.c > > +++ b/net/net.c > > @@ -1196,6 +1196,16 @@ void qmp_netdev_del(const char *id, Error > **errp) > > } > > } > > > > +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) { > > + /* TODO implement setup passthrough rule */ } > > + > > +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) { > > + /* TODO implement delete passthrough rule */ } > > + > > static void netfilter_print_info(Monitor *mon, NetFilterState *nf) { > > char *str; > > diff --git a/qapi/net.json b/qapi/net.json index > > af3f5b0fda..f6e4e37526 100644 > > --- a/qapi/net.json > > +++ b/qapi/net.json > > @@ -7,6 +7,7 @@ > > ## > > > > { 'include': 'common.json' } > > +{ 'include': 'sockets.json' } > > > > ## > > # @set_link: > > @@ -694,3 +695,70 @@ > > ## > > { 'event': 'FAILOVER_NEGOTIATED', > > 'data': {'device-id': 'str'} } > > + > > +## > > +# @IPFlowSpec: > > I think something like "@IPFilterRule" is clearer. > > > +# IP flow specification. > > "IP filter rule specification" > > > +# @protocol: Transport layer protocol like TCP/UDP... > > +# > > +# @object-name: Point out the IPflow spec effective range of object, > > +# If there is no such part, it means global spec. > > I think IPFlowSpec should be kept generic, so object-name should not be > part of it. It should move directly to 'colo-passthrough-add' and 'colo- > passthrough-del'. > > Also please use clearer wording. Proposal: > "@object-name: The id of the colo-compare object to add the filter to." > > Again, if other net filters support the new feature in the future, the wording > can always be changed later. We already discussed the name of the "IPFlowSpec" in this series V3/V4... Current definition is a generic one. Both OK for me. For the qapi/net.json, Hi Markus, which name do you think is better? > > > +# @source: Source address and port. > > +# > > +# @destination: Destination address and port. > > +# > > +# Since: 6.1 > > +## > > +{ 'struct': 'IPFlowSpec', > > + 'data': { 'protocol': 'str', '*object-name': 'str', > > + '*source': 'InetSocketAddressBase', > > + '*destination': 'InetSocketAddressBase' } } > > I think 'protocol' should be made optional too. Make protocol to optional is easy. But for most cases, with a protocol is necessary. If user unexpected input nothing, it will make the entire network unavailable. Thanks Chen > > > +## > > +# @colo-passthrough-add: > > +# > > +# Add passthrough entry according to user's needs in COLO-compare. > > +# Source IP/port and destination IP/port both optional, If user just > > +# input parts of infotmation, it will match all. > > +# > > +# Returns: Nothing on success > > +# > > +# Since: 6.1 > > +# > > +# Example: > > +# > > +# -> { "execute": "colo-passthrough-add", > > +# "arguments": { "protocol": "tcp", "object-name": "object0", > > +# "source": {"host": "192.168.1.1", "port": "1234"}, > > +# "destination": {"host": "192.168.1.2", "port": "4321"} } } > > +# <- { "return": {} } > > +# > > +## > > +{ 'command': 'colo-passthrough-add', 'boxed': true, > > + 'data': 'IPFlowSpec' } > > + > > +## > > +# @colo-passthrough-del: > > +# > > +# Delete passthrough entry according to user's needs in COLO-compare. > > +# Source IP/port and destination IP/port both optional, If user just > > +# input parts of infotmation, it will match all. > > +# > > +# Returns: Nothing on success > > +# > > +# Since: 6.1 > > +# > > +# Example: > > +# > > +# -> { "execute": "colo-passthrough-del", > > +# "arguments": { "protocol": "tcp", "object-name": "object0", > > +# "source": {"host": "192.168.1.1", "port": "1234"}, > > +# "destination": {"host": "192.168.1.2", "port": "4321"} } } > > +# <- { "return": {} } > > +# > > +## > > +{ 'command': 'colo-passthrough-del', 'boxed': true, > > + 'data': 'IPFlowSpec' } > > > > --
diff --git a/net/net.c b/net/net.c index edf9b95418..2a6e5f3886 100644 --- a/net/net.c +++ b/net/net.c @@ -1196,6 +1196,16 @@ void qmp_netdev_del(const char *id, Error **errp) } } +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) +{ + /* TODO implement setup passthrough rule */ +} + +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) +{ + /* TODO implement delete passthrough rule */ +} + static void netfilter_print_info(Monitor *mon, NetFilterState *nf) { char *str; diff --git a/qapi/net.json b/qapi/net.json index af3f5b0fda..f6e4e37526 100644 --- a/qapi/net.json +++ b/qapi/net.json @@ -7,6 +7,7 @@ ## { 'include': 'common.json' } +{ 'include': 'sockets.json' } ## # @set_link: @@ -694,3 +695,70 @@ ## { 'event': 'FAILOVER_NEGOTIATED', 'data': {'device-id': 'str'} } + +## +# @IPFlowSpec: +# +# IP flow specification. +# +# @protocol: Transport layer protocol like TCP/UDP... +# +# @object-name: Point out the IPflow spec effective range of object, +# If there is no such part, it means global spec. +# +# @source: Source address and port. +# +# @destination: Destination address and port. +# +# Since: 6.1 +## +{ 'struct': 'IPFlowSpec', + 'data': { 'protocol': 'str', '*object-name': 'str', + '*source': 'InetSocketAddressBase', + '*destination': 'InetSocketAddressBase' } } + +## +# @colo-passthrough-add: +# +# Add passthrough entry according to user's needs in COLO-compare. +# Source IP/port and destination IP/port both optional, If user just +# input parts of infotmation, it will match all. +# +# Returns: Nothing on success +# +# Since: 6.1 +# +# Example: +# +# -> { "execute": "colo-passthrough-add", +# "arguments": { "protocol": "tcp", "object-name": "object0", +# "source": {"host": "192.168.1.1", "port": "1234"}, +# "destination": {"host": "192.168.1.2", "port": "4321"} } } +# <- { "return": {} } +# +## +{ 'command': 'colo-passthrough-add', 'boxed': true, + 'data': 'IPFlowSpec' } + +## +# @colo-passthrough-del: +# +# Delete passthrough entry according to user's needs in COLO-compare. +# Source IP/port and destination IP/port both optional, If user just +# input parts of infotmation, it will match all. +# +# Returns: Nothing on success +# +# Since: 6.1 +# +# Example: +# +# -> { "execute": "colo-passthrough-del", +# "arguments": { "protocol": "tcp", "object-name": "object0", +# "source": {"host": "192.168.1.1", "port": "1234"}, +# "destination": {"host": "192.168.1.2", "port": "4321"} } } +# <- { "return": {} } +# +## +{ 'command': 'colo-passthrough-del', 'boxed': true, + 'data': 'IPFlowSpec' }
Since the real user scenario does not need COLO to monitor all traffic. Add colo-passthrough-add and colo-passthrough-del to maintain a COLO network passthrough list. Add IPFlowSpec struct for all QMP commands. Except protocol field is necessary, other fields are optional. Signed-off-by: Zhang Chen <chen.zhang@intel.com> --- net/net.c | 10 ++++++++ qapi/net.json | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+)