From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.2 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DE53C2B9F4 for ; Tue, 22 Jun 2021 07:49:41 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B9CF8611AF for ; Tue, 22 Jun 2021 07:49:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B9CF8611AF Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:49282 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lvbAB-0000o3-MY for qemu-devel@archiver.kernel.org; Tue, 22 Jun 2021 03:49:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33246) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvb9O-00005z-02 for qemu-devel@nongnu.org; Tue, 22 Jun 2021 03:48:50 -0400 Received: from mga09.intel.com ([134.134.136.24]:34215) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvb9J-0007Pg-Dw for qemu-devel@nongnu.org; Tue, 22 Jun 2021 03:48:49 -0400 IronPort-SDR: MoMXe9XjvHJl5GaEn5+o+USqk2NROJN4/62Z6k93gF9AT/LIsMv+4GdV5533BJxCKSwMlvlTDA YjMLJGCUnHTw== X-IronPort-AV: E=McAfee;i="6200,9189,10022"; a="206949152" X-IronPort-AV: E=Sophos;i="5.83,291,1616482800"; d="scan'208";a="206949152" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2021 00:48:40 -0700 IronPort-SDR: RvNQlZTyH3QoNumoiKj8oKaNGlmu6yNRRe1LisJrlnlveGJIQnfhOv9mqJaodW2Wwki/chyMDj +79uDhOJxs1g== X-IronPort-AV: E=Sophos;i="5.83,291,1616482800"; d="scan'208";a="452513456" Received: from unknown (HELO [10.239.13.19]) ([10.239.13.19]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2021 00:48:38 -0700 Subject: Re: [PATCH V8 1/6] qapi/net: Add IPFlowSpec and QMP command for COLO passthrough To: Jason Wang , qemu-dev , Eric Blake , "Dr. David Alan Gilbert" , Markus Armbruster , =?UTF-8?Q?Daniel_P=2e_Berrang=c3=a9?= , Gerd Hoffmann , Li Zhijian References: <20210615113740.2278015-1-chen.zhang@intel.com> <20210615113740.2278015-2-chen.zhang@intel.com> <30fb1d13-8547-2027-44dd-683fc0ec67b4@redhat.com> From: "chen.zhang@intel.com" Message-ID: Date: Tue, 22 Jun 2021 15:41:58 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <30fb1d13-8547-2027-44dd-683fc0ec67b4@redhat.com> Content-Type: text/plain; charset=gbk; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Received-SPF: pass client-ip=134.134.136.24; envelope-from=chen.zhang@intel.com; helo=mga09.intel.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, MIME_CHARSET_FARAWAY=2.45, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lukas Straub , Zhang Chen Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On 6/22/21 3:05 PM, Jason Wang wrote: > ÔÚ 2021/6/15 ÏÂÎç7:37, Zhang Chen дµÀ: >> Since the real user scenario does not need COLO to monitor all traffic. >> Add colo-passthrough-add and colo-passthrough-del to maintain >> a COLO network passthrough list. Add IPFlowSpec struct for all QMP commands. >> All the fields of IPFlowSpec are optional. >> >> Signed-off-by: Zhang Chen >> --- >> net/net.c | 10 +++++++ > > Let's avoid to have colo stuffs in the general net codes. As we will change the command to "passthrough-filter-add/del", the data structure and commands are the general net codes. Thanks Chen > > Thanks > > >> qapi/net.json | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++ >> 2 files changed, 84 insertions(+) >> >> diff --git a/net/net.c b/net/net.c >> index 76bbb7c31b..f913e97983 100644 >> --- a/net/net.c >> +++ b/net/net.c >> @@ -1195,6 +1195,16 @@ void qmp_netdev_del(const char *id, Error **errp) >> } >> } >> >> +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) >> +{ >> + /* TODO implement setup passthrough rule */ >> +} >> + >> +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) >> +{ >> + /* TODO implement delete passthrough rule */ >> +} >> + >> static void netfilter_print_info(Monitor *mon, NetFilterState *nf) >> { >> char *str; >> diff --git a/qapi/net.json b/qapi/net.json >> index 7fab2e7cd8..91f2e1495a 100644 >> --- a/qapi/net.json >> +++ b/qapi/net.json >> @@ -7,6 +7,7 @@ >> ## >> >> { 'include': 'common.json' } >> +{ 'include': 'sockets.json' } >> >> ## >> # @set_link: >> @@ -696,3 +697,76 @@ >> ## >> { 'event': 'FAILOVER_NEGOTIATED', >> 'data': {'device-id': 'str'} } >> + >> +## >> +# @IPFlowSpec: >> +# >> +# IP flow specification. >> +# >> +# @protocol: Transport layer protocol like TCP/UDP, etc. The protocol is the >> +# string instead of enum, because it can be passed to getprotobyname(3) >> +# and avoid duplication with /etc/protocols. >> +# >> +# @object-name: The @object-name means packet handler in Qemu. Because not >> +# all the network packet must pass the colo-compare module, >> +# the net-filters are same situation. There modules attach to >> +# netdev or chardev to work, VM can run multiple modules >> +# at the same time. So it needs the object-name to set >> +# the effective module. >> +# >> +# @source: Source address and port. >> +# >> +# @destination: Destination address and port. >> +# >> +# Since: 6.1 >> +## >> +{ 'struct': 'IPFlowSpec', >> + 'data': { '*protocol': 'str', '*object-name': 'str', >> + '*source': 'InetSocketAddressBase', >> + '*destination': 'InetSocketAddressBase' } } >> + >> +## >> +# @colo-passthrough-add: >> +# >> +# Add passthrough entry IPFlowSpec to the COLO-compare instance. >> +# The protocol and source/destination IP/ports are optional. if the user >> +# only inputs part of the information, this will match all traffic. >> +# >> +# Returns: Nothing on success >> +# >> +# Since: 6.1 >> +# >> +# Example: >> +# >> +# -> { "execute": "colo-passthrough-add", >> +# "arguments": { "protocol": "tcp", "object-name": "object0", >> +# "source": {"host": "192.168.1.1", "port": "1234"}, >> +# "destination": {"host": "192.168.1.2", "port": "4321"} } } >> +# <- { "return": {} } >> +# >> +## >> +{ 'command': 'colo-passthrough-add', 'boxed': true, >> + 'data': 'IPFlowSpec' } >> + >> +## >> +# @colo-passthrough-del: >> +# >> +# Delete passthrough entry IPFlowSpec to the COLO-compare instance. >> +# The protocol and source/destination IP/ports are optional. if the user >> +# only inputs part of the information, this will match all traffic. >> +# >> +# Returns: Nothing on success >> +# >> +# Since: 6.1 >> +# >> +# Example: >> +# >> +# -> { "execute": "colo-passthrough-del", >> +# "arguments": { "protocol": "tcp", "object-name": "object0", >> +# "source": {"host": "192.168.1.1", "port": "1234"}, >> +# "destination": {"host": "192.168.1.2", "port": "4321"} } } >> +# <- { "return": {} } >> +# >> +## >> +{ 'command': 'colo-passthrough-del', 'boxed': true, >> + 'data': 'IPFlowSpec' }