Hi, All This series adds an AF_PACKET support for vhost tap device in filter-redirector/filter-buffer.when the vhost=on will use AF_PACKET to capture and inject,
Example Usage(not change with exist upstream code) ============= Primary VM (mirror incoming packets to secondary via chardev socket): -netdev tap,id=net0,vhost=on,... -chardev socket,id=mirror0,host=...,port=...,server=on,wait=off -object filter-redirector,id=vm1redir,netdev=net0,outdev=mirror0... Secondary VM (receive mirrored packets): -netdev tap,id=net0,vhost=on,... -chardev socket,id=red0,host=...,port=...,reconnect-ms=.. -object filter-buffer,id=swbuf,netdev=net0,queue=tx,interval=1000000,status=off..... -object filter-redirector,id=r1,netdev=net0,queue=tx,indev=red0,status=off,enable_when _stopped=true.... \ TODO ======= This series still based on tap device. The vhost-vdpa support is on going,will send soon changset =========== change in v2: 1. add support for filter-buffer 2. remove the in_netdev and out_netdev for AF_PACKET bind port, now only use netdev when the vhost=on start use AF_PACKET to capture and inject, when use vhost=off will use the existing code 3. add CAP_NET_RAW check 4. address the comment Testing ======= - Tested with vhost=on/off TAP netdev on x86_64 Cindy Lu (9): net/filter: allow redirector on vhost TAP backends net/filter-redirector: add role helpers for AF_PACKET paths net/filter-redirector: add AF_PACKET socket setup and input handler net/filter-redirector: add send helpers and netdev counters net/filter-redirector: route chardev and AF_PACKET receive paths net/filter: Add support for filter-buffer virtio-net: keep tap read polling disabled while vhost owns RX virtio-net: handle short vnet headers on replay RX net/filter-redirector: check CAP_NET_RAW before creating AF_PACKET hw/net/virtio-net.c | 66 +++++- include/net/queue.h | 5 + net/filter-mirror.c | 493 ++++++++++++++++++++++++++++++++++++++++++-- net/filter.c | 16 +- 4 files changed, 551 insertions(+), 29 deletions(-) -- 2.52.0
