On Tue, 20 Apr 2021 23:15:32 +0800 Zhang Chen wrote: > Since the real user scenario does not need COLO to monitor all traffic. > Add colo-passthrough-add and colo-passthrough-del to maintain > a COLO network passthrough list. Add IPFlowSpec struct for all QMP commands. > Except protocol field is necessary, other fields are optional. > > Signed-off-by: Zhang Chen > --- > net/net.c | 10 ++++++++ > qapi/net.json | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 78 insertions(+) > > diff --git a/net/net.c b/net/net.c > index edf9b95418..2a6e5f3886 100644 > --- a/net/net.c > +++ b/net/net.c > @@ -1196,6 +1196,16 @@ void qmp_netdev_del(const char *id, Error **errp) > } > } > > +void qmp_colo_passthrough_add(IPFlowSpec *spec, Error **errp) > +{ > + /* TODO implement setup passthrough rule */ > +} > + > +void qmp_colo_passthrough_del(IPFlowSpec *spec, Error **errp) > +{ > + /* TODO implement delete passthrough rule */ > +} > + > static void netfilter_print_info(Monitor *mon, NetFilterState *nf) > { > char *str; > diff --git a/qapi/net.json b/qapi/net.json > index af3f5b0fda..f6e4e37526 100644 > --- a/qapi/net.json > +++ b/qapi/net.json > @@ -7,6 +7,7 @@ > ## > > { 'include': 'common.json' } > +{ 'include': 'sockets.json' } > > ## > # @set_link: > @@ -694,3 +695,70 @@ > ## > { 'event': 'FAILOVER_NEGOTIATED', > 'data': {'device-id': 'str'} } > + > +## > +# @IPFlowSpec: I think something like "@IPFilterRule" is clearer. > +# IP flow specification. "IP filter rule specification" > +# @protocol: Transport layer protocol like TCP/UDP... > +# > +# @object-name: Point out the IPflow spec effective range of object, > +# If there is no such part, it means global spec. I think IPFlowSpec should be kept generic, so object-name should not be part of it. It should move directly to 'colo-passthrough-add' and 'colo-passthrough-del'. Also please use clearer wording. Proposal: "@object-name: The id of the colo-compare object to add the filter to." Again, if other net filters support the new feature in the future, the wording can always be changed later. > +# @source: Source address and port. > +# > +# @destination: Destination address and port. > +# > +# Since: 6.1 > +## > +{ 'struct': 'IPFlowSpec', > + 'data': { 'protocol': 'str', '*object-name': 'str', > + '*source': 'InetSocketAddressBase', > + '*destination': 'InetSocketAddressBase' } } I think 'protocol' should be made optional too. > +## > +# @colo-passthrough-add: > +# > +# Add passthrough entry according to user's needs in COLO-compare. > +# Source IP/port and destination IP/port both optional, If user just > +# input parts of infotmation, it will match all. > +# > +# Returns: Nothing on success > +# > +# Since: 6.1 > +# > +# Example: > +# > +# -> { "execute": "colo-passthrough-add", > +# "arguments": { "protocol": "tcp", "object-name": "object0", > +# "source": {"host": "192.168.1.1", "port": "1234"}, > +# "destination": {"host": "192.168.1.2", "port": "4321"} } } > +# <- { "return": {} } > +# > +## > +{ 'command': 'colo-passthrough-add', 'boxed': true, > + 'data': 'IPFlowSpec' } > + > +## > +# @colo-passthrough-del: > +# > +# Delete passthrough entry according to user's needs in COLO-compare. > +# Source IP/port and destination IP/port both optional, If user just > +# input parts of infotmation, it will match all. > +# > +# Returns: Nothing on success > +# > +# Since: 6.1 > +# > +# Example: > +# > +# -> { "execute": "colo-passthrough-del", > +# "arguments": { "protocol": "tcp", "object-name": "object0", > +# "source": {"host": "192.168.1.1", "port": "1234"}, > +# "destination": {"host": "192.168.1.2", "port": "4321"} } } > +# <- { "return": {} } > +# > +## > +{ 'command': 'colo-passthrough-del', 'boxed': true, > + 'data': 'IPFlowSpec' } --