> -----Original Message-----
> From: Lukas Straub <lukasstra...@web.de>
> Sent: Tuesday, May 18, 2021 4:35 AM
> To: Zhang, Chen <chen.zh...@intel.com>
> Cc: Jason Wang <jasow...@redhat.com>; qemu-dev <qemu-
> de...@nongnu.org>; Eric Blake <ebl...@redhat.com>; Dr. David Alan
> Gilbert <dgilb...@redhat.com>; Markus Armbruster <arm...@redhat.com>;
> Daniel P. Berrangé <berra...@redhat.com>; Gerd Hoffmann
> <kra...@redhat.com>; Li Zhijian <lizhij...@cn.fujitsu.com>; Zhang Chen
> <zhangc...@gmail.com>
> Subject: Re: [PATCH V6 1/6] qapi/net: Add IPFlowSpec and QMP command
> for COLO passthrough
>
> On Tue, 20 Apr 2021 23:15:32 +0800
> Zhang Chen <chen.zh...@intel.com> wrote:
>
> > Since the real user scenario does not need COLO to monitor all traffic.
> > Add colo-passthrough-add and colo-passthrough-del to maintain a COLO
> > network passthrough list. Add IPFlowSpec struct for all QMP commands.
> > Except protocol field is necessary, other fields are optional.
> >
> > Signed-off-by: Zhang Chen <chen.zh...@intel.com>
> > ---
> > net/net.c | 10 ++++++++
> > qapi/net.json | 68
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > 2 files changed, 78 insertions(+)
> >
> > diff --git a/net/net.c b/net/net.c
> > index edf9b95418..2a6e5f3886 100644
> > --- a/net/net.c
> > +++ b/net/net.c
> > @@ -1196,6 +1196,16 @@ void qmp_netdev_del(const char *id, Error
> **errp)
> > }
> > }
> >
> > +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) {
> > + /* TODO implement setup passthrough rule */ }
> > +
> > +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) {
> > + /* TODO implement delete passthrough rule */ }
> > +
> > static void netfilter_print_info(Monitor *mon, NetFilterState *nf) {
> > char *str;
> > diff --git a/qapi/net.json b/qapi/net.json index
> > af3f5b0fda..f6e4e37526 100644
> > --- a/qapi/net.json
> > +++ b/qapi/net.json
> > @@ -7,6 +7,7 @@
> > ##
> >
> > { 'include': 'common.json' }
> > +{ 'include': 'sockets.json' }
> >
> > ##
> > # @set_link:
> > @@ -694,3 +695,70 @@
> > ##
> > { 'event': 'FAILOVER_NEGOTIATED',
> > 'data': {'device-id': 'str'} }
> > +
> > +##
> > +# @IPFlowSpec:
>
> I think something like "@IPFilterRule" is clearer.
>
> > +# IP flow specification.
>
> "IP filter rule specification"
>
> > +# @protocol: Transport layer protocol like TCP/UDP...
> > +#
> > +# @object-name: Point out the IPflow spec effective range of object,
> > +# If there is no such part, it means global spec.
>
> I think IPFlowSpec should be kept generic, so object-name should not be
> part of it. It should move directly to 'colo-passthrough-add' and 'colo-
> passthrough-del'.
>
> Also please use clearer wording. Proposal:
> "@object-name: The id of the colo-compare object to add the filter to."
>
> Again, if other net filters support the new feature in the future, the wording
> can always be changed later.
We already discussed the name of the "IPFlowSpec" in this series V3/V4...
Current definition is a generic one. Both OK for me.
For the qapi/net.json, Hi Markus, which name do you think is better?
>
> > +# @source: Source address and port.
> > +#
> > +# @destination: Destination address and port.
> > +#
> > +# Since: 6.1
> > +##
> > +{ 'struct': 'IPFlowSpec',
> > + 'data': { 'protocol': 'str', '*object-name': 'str',
> > + '*source': 'InetSocketAddressBase',
> > + '*destination': 'InetSocketAddressBase' } }
>
> I think 'protocol' should be made optional too.
Make protocol to optional is easy.
But for most cases, with a protocol is necessary.
If user unexpected input nothing, it will make the entire network unavailable.
Thanks
Chen
>
> > +##
> > +# @colo-passthrough-add:
> > +#
> > +# Add passthrough entry according to user's needs in COLO-compare.
> > +# Source IP/port and destination IP/port both optional, If user just
> > +# input parts of infotmation, it will match all.
> > +#
> > +# Returns: Nothing on success
> > +#
> > +# Since: 6.1
> > +#
> > +# Example:
> > +#
> > +# -> { "execute": "colo-passthrough-add",
> > +# "arguments": { "protocol": "tcp", "object-name": "object0",
> > +# "source": {"host": "192.168.1.1", "port": "1234"},
> > +# "destination": {"host": "192.168.1.2", "port": "4321"} } }
> > +# <- { "return": {} }
> > +#
> > +##
> > +{ 'command': 'colo-passthrough-add', 'boxed': true,
> > + 'data': 'IPFlowSpec' }
> > +
> > +##
> > +# @colo-passthrough-del:
> > +#
> > +# Delete passthrough entry according to user's needs in COLO-compare.
> > +# Source IP/port and destination IP/port both optional, If user just
> > +# input parts of infotmation, it will match all.
> > +#
> > +# Returns: Nothing on success
> > +#
> > +# Since: 6.1
> > +#
> > +# Example:
> > +#
> > +# -> { "execute": "colo-passthrough-del",
> > +# "arguments": { "protocol": "tcp", "object-name": "object0",
> > +# "source": {"host": "192.168.1.1", "port": "1234"},
> > +# "destination": {"host": "192.168.1.2", "port": "4321"} } }
> > +# <- { "return": {} }
> > +#
> > +##
> > +{ 'command': 'colo-passthrough-del', 'boxed': true,
> > + 'data': 'IPFlowSpec' }
>
>
>
> --
