On Thu, Mar 12, 2026 at 3:14 PM Cindy Lu <[email protected]> wrote: > > Hi, All > > This series adds an AF_PACKET support for vhost tap > device in filter-redirector/filter-buffer.when the vhost=on will use > AF_PACKET to capture and inject, > > Example Usage(not change with exist upstream code) > ============= > Primary VM (mirror incoming packets to secondary via chardev socket): > > -netdev tap,id=net0,vhost=on,... > -chardev socket,id=mirror0,host=...,port=...,server=on,wait=off > -object filter-redirector,id=vm1redir,netdev=net0,outdev=mirror0... > > Secondary VM (receive mirrored packets): > > -netdev tap,id=net0,vhost=on,... > -chardev socket,id=red0,host=...,port=...,reconnect-ms=.. > -object > filter-buffer,id=swbuf,netdev=net0,queue=tx,interval=1000000,status=off..... > -object > filter-redirector,id=r1,netdev=net0,queue=tx,indev=red0,status=off,enable_when > _stopped=true.... \ > > TODO > ======= > This series still based on tap device. The vhost-vdpa support is on > going,will send soon >
Thanks for the series. But I think I still have the same question as v1. Any reason to tightly coupled packet socket into the netfilter. Couldn'y we reuse chardev for that? Thanks > changset > =========== > change in v2: > 1. add support for filter-buffer > 2. remove the in_netdev and out_netdev for AF_PACKET bind port, now only use > netdev > when the vhost=on start use AF_PACKET to capture and inject, when use > vhost=off will use > the existing code > 3. add CAP_NET_RAW check > 4. address the comment > > > Testing > ======= > - Tested with vhost=on/off TAP netdev on x86_64 > > Cindy Lu (9): > net/filter: allow redirector on vhost TAP backends > net/filter-redirector: add role helpers for AF_PACKET paths > net/filter-redirector: add AF_PACKET socket setup and input handler > net/filter-redirector: add send helpers and netdev counters > net/filter-redirector: route chardev and AF_PACKET receive paths > net/filter: Add support for filter-buffer > virtio-net: keep tap read polling disabled while vhost owns RX > virtio-net: handle short vnet headers on replay RX > net/filter-redirector: check CAP_NET_RAW before creating AF_PACKET > > hw/net/virtio-net.c | 66 +++++- > include/net/queue.h | 5 + > net/filter-mirror.c | 493 ++++++++++++++++++++++++++++++++++++++++++-- > net/filter.c | 16 +- > 4 files changed, 551 insertions(+), 29 deletions(-) > > -- > 2.52.0 >
