From: "Zhang, Chen" <chen.zhang@intel.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Lukas Straub" <lukasstraub2@web.de>,
"Daniel P.Berrangé" <berrange@redhat.com>,
"Li Zhijian" <lizhijian@cn.fujitsu.com>,
"Jason Wang" <jasowang@redhat.com>,
qemu-dev <qemu-devel@nongnu.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Zhang Chen" <zhangckid@gmail.com>,
"Eric Blake" <eblake@redhat.com>
Subject: RE: [PATCH V8 1/6] qapi/net: Add IPFlowSpec and QMP command for COLO passthrough
Date: Wed, 16 Jun 2021 06:45:01 +0000 [thread overview]
Message-ID: <92b342dd48ca4b8c917ff6afd9574dcd@intel.com> (raw)
In-Reply-To: <874kdymjkk.fsf@dusky.pond.sub.org>
> -----Original Message-----
> From: Markus Armbruster <armbru@redhat.com>
> Sent: Wednesday, June 16, 2021 2:04 PM
> To: Zhang, Chen <chen.zhang@intel.com>
> Cc: Lukas Straub <lukasstraub2@web.de>; Daniel P.Berrangé
> <berrange@redhat.com>; Li Zhijian <lizhijian@cn.fujitsu.com>; Jason Wang
> <jasowang@redhat.com>; qemu-dev <qemu-devel@nongnu.org>; Dr. David
> Alan Gilbert <dgilbert@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>;
> Zhang Chen <zhangckid@gmail.com>; Eric Blake <eblake@redhat.com>
> Subject: Re: [PATCH V8 1/6] qapi/net: Add IPFlowSpec and QMP command
> for COLO passthrough
>
> "Zhang, Chen" <chen.zhang@intel.com> writes:
>
> >> -----Original Message-----
> >> From: Markus Armbruster <armbru@redhat.com>
> >> Sent: Tuesday, June 15, 2021 10:43 PM
> >> To: Zhang, Chen <chen.zhang@intel.com>
> >> Cc: Jason Wang <jasowang@redhat.com>; qemu-dev <qemu-
> >> devel@nongnu.org>; Eric Blake <eblake@redhat.com>; Dr. David Alan
> >> Gilbert <dgilbert@redhat.com>; Daniel P.Berrangé
> >> <berrange@redhat.com>; Gerd Hoffmann <kraxel@redhat.com>; Li
> Zhijian
> >> <lizhijian@cn.fujitsu.com>; Lukas Straub <lukasstraub2@web.de>; Zhang
> >> Chen <zhangckid@gmail.com>
> >> Subject: Re: [PATCH V8 1/6] qapi/net: Add IPFlowSpec and QMP
> command
> >> for COLO passthrough
> >>
> >> Zhang Chen <chen.zhang@intel.com> writes:
> >>
> >> > Since the real user scenario does not need COLO to monitor all traffic.
> >> > Add colo-passthrough-add and colo-passthrough-del to maintain a
> >> > COLO network passthrough list. Add IPFlowSpec struct for all QMP
> commands.
> >> > All the fields of IPFlowSpec are optional.
> >> >
> >> > Signed-off-by: Zhang Chen <chen.zhang@intel.com>
> >> > ---
> >>
> >> The QAPI schema looks good to me, but the interface documentation is
> >> still not quite clear enough. To make progress, I'm going to make
> >> concrete suggestions wherever I can despite being quite clueless
> >> about the subject matter. Risks me writing something that's clearer,
> >> but wrong. Keep that in mind, please.
> >>
> >> > net/net.c | 10 +++++++
> >> > qapi/net.json | 74
> >> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> >> > 2 files changed, 84 insertions(+)
> >> >
> >> > diff --git a/net/net.c b/net/net.c
> >> > index 76bbb7c31b..f913e97983 100644
> >> > --- a/net/net.c
> >> > +++ b/net/net.c
> >> > @@ -1195,6 +1195,16 @@ void qmp_netdev_del(const char *id, Error
> **errp)
> >> > }
> >> > }
> >> >
> >> > +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) {
> >> > + /* TODO implement setup passthrough rule */ }
> >> > +
> >> > +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) {
> >> > + /* TODO implement delete passthrough rule */ }
> >> > +
> >> > static void netfilter_print_info(Monitor *mon, NetFilterState *nf) {
> >> > char *str;
> >> > diff --git a/qapi/net.json b/qapi/net.json index
> >> > 7fab2e7cd8..91f2e1495a 100644
> >> > --- a/qapi/net.json
> >> > +++ b/qapi/net.json
> >> > @@ -7,6 +7,7 @@
> >> > ##
> >> >
> >> > { 'include': 'common.json' }
> >> > +{ 'include': 'sockets.json' }
> >> >
> >> > ##
> >> > # @set_link:
> >> > @@ -696,3 +697,76 @@
> >> > ##
> >> > { 'event': 'FAILOVER_NEGOTIATED',
> >> > 'data': {'device-id': 'str'} }
> >> > +
> >> > +##
> >> > +# @IPFlowSpec:
> >> > +#
> >> > +# IP flow specification.
> >> > +#
> >> > +# @protocol: Transport layer protocol like TCP/UDP, etc. The protocol
> is the
> >> > +# string instead of enum, because it can be passed to
> getprotobyname(3)
> >> > +# and avoid duplication with /etc/protocols.
> >>
> >> The rationale is good, but it doesn't really belong into the
> >> interface documentation. Suggest:
> >>
> >> # @protocol: Transport layer protocol like TCP/UDP, etc. This will be
> >> # passed to getprotobyname(3).
> >>
> >
> > OK.
> >
> >>
> >> > +#
> >> > +# @object-name: The @object-name means packet handler in Qemu.
> Because not
> >> > +# all the network packet must pass the colo-compare module,
> >> > +# the net-filters are same situation. There modules attach to
> >> > +# netdev or chardev to work, VM can run multiple modules
> >> > +# at the same time. So it needs the object-name to set
> >> > +# the effective module.
> >>
> >> I still don't understand this, and I'm too ignorant of COLO and
> >> networking to suggest improvements.
> >
> > Let me use qemu boot parameter to clear it.
> > For colo-compare, it needs chardev as the source to handle network packet.
> > -object colo-compare,id=comp0,primary_in=chardev-
> input0,secondary_in=chardev-input1,outdev=chardev-
> output0,iothread=iothread0.
> >
> > For net filters, it needs attached on netdev.
> > -object
> > filter-redirector,id=red0,netdev=hn0,queue=rx,outdev=chardev-output1
> > -object
> > filter-mirror,id=mirror0,netdev=hn0,queue=rx,outdev=chardev-output2
> >
> > And we can use -chardev socket combine the filter and the colo-compare.
> >
> > Back to the @object-name, One guest maybe have multi colo-compare as
> the same time, with different object name from different source.
> > So we need assign the IPFlowSpec to one object as the handler. Same as
> the net-filters.
> > Each object instance has its own passthrough list.
>
> So the @object-name here references one of the "packet handler objects"
> (colo-compare, filter-redirector, filter-mirror) by @id. Correct?
Yes.
>
> In other words, @object-name is the ID of a QOM object, and the QOM
> object must be of a certain kind (i.e. provide certain functionality).
> Correct?
Yes.
>
> What exactly makes a QOM object a "packet handler object?"
>
Firstly, the original object need have basic network packet input/output capability.
It's a good question, maybe we need add a flag in general object structure to show the capability.
> Right now, the packet handler object types are colo-compare, filter-
> redirector, filter-mirror, and that's all. Correct?
No, this series just make colo-compare become a packet handler, This is a beginning, I plan to make other filters support it.
>
> Another question the doc comment needs to answer: what happens when
> @object-name is absent?
Please see the explanation below.
>
> >> Jason or David, perhaps?
> >>
> >> > +#
> >> > +# @source: Source address and port.
> >> > +#
> >> > +# @destination: Destination address and port.
> >> > +#
> >> > +# Since: 6.1
> >> > +##
> >> > +{ 'struct': 'IPFlowSpec',
> >> > + 'data': { '*protocol': 'str', '*object-name': 'str',
> >> > + '*source': 'InetSocketAddressBase',
> >> > + '*destination': 'InetSocketAddressBase' } }
> >> > +
> >> > +##
> >> > +# @colo-passthrough-add:
> >> > +#
> >> > +# Add passthrough entry IPFlowSpec to the COLO-compare instance.
> >> > +# The protocol and source/destination IP/ports are optional. if
> >> > +the user # only inputs part of the information, this will match all traffic.
> >>
> >> Actually, all arguments are optional.
> >>
> >> Suggest:
> >>
> >> # Add an entry to the COLO network passthrough list.
> >> # Absent protocol, host addresses and ports match anything.
> >>
> >> If there is more than one such list, then "to a COLO network passthrough
> list"
> >> instead.
> >
> > Yes, more than one list.
> >
> >>
> >> Still missing then: meaning of absent @object-name. Does it select
> >> the COLO network passthrough list, perhaps?
> >
> > Yes, Please see the explanation above. Each object instance has its own
> passthrough list.
>
> Got it now.
>
> >> > +#
> >> > +# Returns: Nothing on success
> >> > +#
> >> > +# Since: 6.1
> >> > +#
> >> > +# Example:
> >> > +#
> >> > +# -> { "execute": "colo-passthrough-add",
> >> > +# "arguments": { "protocol": "tcp", "object-name": "object0",
> >> > +# "source": {"host": "192.168.1.1", "port": "1234"},
> >> > +# "destination": {"host": "192.168.1.2", "port": "4321"} } }
> >> > +# <- { "return": {} }
> >> > +#
> >> > +##
> >> > +{ 'command': 'colo-passthrough-add', 'boxed': true,
> >> > + 'data': 'IPFlowSpec' }
> >> > +
> >> > +##
> >> > +# @colo-passthrough-del:
> >> > +#
> >> > +# Delete passthrough entry IPFlowSpec to the COLO-compare instance.
> >> > +# The protocol and source/destination IP/ports are optional. if
> >> > +the user # only inputs part of the information, this will match all traffic.
> >>
> >> I suspect this command doesn't actually match traffic, it matches
> >> entries added with colo-passthrough-add.
> >
> > Yes.
> >
> >>
> >> Can it delete more than one such entry?
> >>
> >
> > Currently no, but it easy to match one more entry to delete.
>
> If the passthrough list entries had some unique ID, we could refer to one
> entry by its ID. It's how things commonly work.
>
> Without an ID, we need to match by value, like you do. I can see three
> possible behaviors:
>
> 1. Select first entry that matches.
>
> 2. Select all entries that match.
>
> 3. If exactly one entry matches, select it.
>
> The second design choice is behavior when nothing gets selected:
>
> a. Silently do nothing
>
> b. Error
>
> Which one did you implement? My guess based on your answers is 1a.
Re-think about it, If we want to match by value, we need know which object have the capability and search in each object passthrough list.
Obviously, we haven't such flag in object structure. So It more reasonable to make @object-name as a must at the beginning.
Because the passthrough list always in the network handler object. Maybe we need a global passthrough list for each guest to handle it in the future.
It will have two-level passthrough list to control network.
Thanks
Chen
>
> >> Suggest:
> >>
> >> # Delete an entry from the COLO network passthrough list.
> >>
> >> and then explain how the command arguments select entries.
> >
> > Search the object's passthrough list, if find same entry, delete it.
> >
> > Thanks
> > Chen
> >
> >>
> >> > +#
> >> > +# Returns: Nothing on success
> >> > +#
> >> > +# Since: 6.1
> >> > +#
> >> > +# Example:
> >> > +#
> >> > +# -> { "execute": "colo-passthrough-del",
> >> > +# "arguments": { "protocol": "tcp", "object-name": "object0",
> >> > +# "source": {"host": "192.168.1.1", "port": "1234"},
> >> > +# "destination": {"host": "192.168.1.2", "port": "4321"} } }
> >> > +# <- { "return": {} }
> >> > +#
> >> > +##
> >> > +{ 'command': 'colo-passthrough-del', 'boxed': true,
> >> > + 'data': 'IPFlowSpec' }
next prev parent reply other threads:[~2021-06-16 6:54 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-15 11:37 [PATCH V8 0/6] Passthrough specific network traffic in COLO Zhang Chen
2021-06-15 11:37 ` [PATCH V8 1/6] qapi/net: Add IPFlowSpec and QMP command for COLO passthrough Zhang Chen
2021-06-15 14:43 ` Markus Armbruster
2021-06-16 2:12 ` Zhang, Chen
2021-06-16 6:04 ` Markus Armbruster
2021-06-16 6:45 ` Zhang, Chen [this message]
2021-06-16 13:26 ` Markus Armbruster
2021-06-17 3:27 ` Zhang, Chen
2021-06-17 11:03 ` Markus Armbruster
2021-06-22 5:58 ` chen.zhang
2021-06-21 11:30 ` Dr. David Alan Gilbert
2021-06-22 6:01 ` chen.zhang
2021-06-22 7:04 ` Jason Wang
2021-06-22 7:38 ` chen.zhang
2021-06-22 8:03 ` Jason Wang
2021-06-22 8:02 ` chen.zhang
2021-06-15 15:01 ` Lukas Straub
2021-06-16 1:20 ` Zhang, Chen
2021-06-22 7:05 ` Jason Wang
2021-06-22 7:41 ` chen.zhang
2021-06-15 11:37 ` [PATCH V8 2/6] util/qemu-sockets.c: Add inet_parse_base to handle InetSocketAddressBase Zhang Chen
2021-06-15 11:37 ` [PATCH V8 3/6] hmp-commands: Add new HMP command for COLO passthrough Zhang Chen
2021-06-15 11:37 ` [PATCH V8 4/6] net/colo-compare: Move data structure and define to .h file Zhang Chen
2021-06-15 11:37 ` [PATCH V8 5/6] net/colo-compare: Add passthrough list to CompareState Zhang Chen
2021-06-15 11:37 ` [PATCH V8 6/6] net/net.c: Add handler for COLO passthrough connection Zhang Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=92b342dd48ca4b8c917ff6afd9574dcd@intel.com \
--to=chen.zhang@intel.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=jasowang@redhat.com \
--cc=kraxel@redhat.com \
--cc=lizhijian@cn.fujitsu.com \
--cc=lukasstraub2@web.de \
--cc=qemu-devel@nongnu.org \
--cc=zhangckid@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.