Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2196228/?format=api
{ "id": 2196228, "url": "http://patchwork.ozlabs.org/api/patches/2196228/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260213071042.3733239-4-lulu@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260213071042.3733239-4-lulu@redhat.com>", "list_archive_url": null, "date": "2026-02-13T07:08:03", "name": "[RFC,3/5] net/filter-redirector: Add AF_PACKET sockets initialization", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "2ae5b5b5193acfb86444452e2517b5812730ae9d", "submitter": { "id": 78960, "url": "http://patchwork.ozlabs.org/api/people/78960/?format=api", "name": "Cindy Lu", "email": "lulu@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260213071042.3733239-4-lulu@redhat.com/mbox/", "series": [ { "id": 492063, "url": "http://patchwork.ozlabs.org/api/series/492063/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=492063", "date": "2026-02-13T07:08:05", "name": "net/filter-redirector: Add AF_PACKET support for vhost-net", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/492063/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2196228/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2196228/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=bu3aU2VI;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fC3J46kphz1xxM\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 13 Feb 2026 18:11:48 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vqnKZ-0002bY-99; Fri, 13 Feb 2026 02:11:11 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <lulu@redhat.com>) id 1vqnKY-0002bO-4o\n for qemu-devel@nongnu.org; Fri, 13 Feb 2026 02:11:10 -0500", "from us-smtp-delivery-124.mimecast.com ([170.10.133.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <lulu@redhat.com>) id 1vqnKV-0005cG-L0\n for qemu-devel@nongnu.org; Fri, 13 Feb 2026 02:11:09 -0500", "from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-562-gw1XUclDP4uce-TG4dpkpQ-1; Fri,\n 13 Feb 2026 02:11:03 -0500", "from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id EAF4818003F6; Fri, 13 Feb 2026 07:11:01 +0000 (UTC)", "from S2.redhat.com (unknown [10.72.112.33])\n by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP\n id AEE9530001B9; Fri, 13 Feb 2026 07:10:58 +0000 (UTC)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1770966666;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=JAZphhdyLWX/lOPr43JYhLTuyzZzE7b582uHiu2GZm8=;\n b=bu3aU2VIVokHY4a8AaNgSFiCa6xMV18+CqEpDirVaQCZ3mltXSE2O7L4Quo8YyIZA6WBpm\n zO4r8lxr9qIFJ6p12QbnmkH4FQGO1OakGisZQ7Nwl7XxCRmWdRd2EOxgdUyFKgT1RRY6Ov\n hLJm+eNkrSbdbu9wiDMVn3tfVJA/Ick=", "X-MC-Unique": "gw1XUclDP4uce-TG4dpkpQ-1", "X-Mimecast-MFC-AGG-ID": "gw1XUclDP4uce-TG4dpkpQ_1770966662", "From": "Cindy Lu <lulu@redhat.com>", "To": "lulu@redhat.com, mst@redhat.com, jasowang@redhat.com, zhangckid@gmail.com,\n lizhijian@fujitsu.com, qemu-devel@nongnu.org", "Subject": "[RFC 3/5] net/filter-redirector: Add AF_PACKET sockets initialization", "Date": "Fri, 13 Feb 2026 15:08:03 +0800", "Message-ID": "<20260213071042.3733239-4-lulu@redhat.com>", "In-Reply-To": "<20260213071042.3733239-1-lulu@redhat.com>", "References": "<20260213071042.3733239-1-lulu@redhat.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-Scanned-By": "MIMEDefang 3.4.1 on 10.30.177.4", "Received-SPF": "pass client-ip=170.10.133.124; envelope-from=lulu@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "Implement the initialization logic for AF_PACKET based netdev\nendpoints in filter-redirector:\n\n1. filter_redirector_netdev_setup(): Creates and binds AF_PACKET\n sockets to the specified TAP interface. For in_netdev, the socket\n is used to receive packets; for out_netdev, it is used to send.\n\n2. filter_redirector_netdev_read(): Async handler for reading packets\n from the in_netdev AF_PACKET socket. Packets are forwarded through\n the redirector chain.\n\n3. Updated cleanup to properly close AF_PACKET sockets and free\n associated buffers.\n\n4. Modified allow_send_when_stopped logic to consider both chardev\n and netdev output endpoints, and to only enable when the\n redirector is active (status=on).\n\n5. VM state change handler now manages the AF_PACKET read handler\n activation based on VM running state and enable_when_stopped.\n\nSigned-off-by: Cindy Lu <lulu@redhat.com>\n---\n net/filter-mirror.c | 241 ++++++++++++++++++++++++++++++++++++++++----\n 1 file changed, 224 insertions(+), 17 deletions(-)", "diff": "diff --git a/net/filter-mirror.c b/net/filter-mirror.c\nindex 37035f3892..f8001612ec 100644\n--- a/net/filter-mirror.c\n+++ b/net/filter-mirror.c\n@@ -26,6 +26,13 @@\n #include \"qemu/sockets.h\"\n #include \"block/aio-wait.h\"\n #include \"system/runstate.h\"\n+#include \"net/tap.h\"\n+#include \"net/tap_int.h\"\n+\n+#include <sys/socket.h>\n+#include <net/if.h>\n+#include <linux/if_packet.h>\n+#include <netinet/if_ether.h>\n \n typedef struct MirrorState MirrorState;\n DECLARE_INSTANCE_CHECKER(MirrorState, FILTER_MIRROR,\n@@ -42,6 +49,10 @@ struct MirrorState {\n char *outdev;\n char *in_netdev;\n char *out_netdev;\n+ NetClientState *out_net;\n+ int in_netfd;\n+ uint8_t *in_netbuf;\n+ int out_netfd;\n CharFrontend chr_in;\n CharFrontend chr_out;\n SocketReadState rs;\n@@ -172,6 +183,17 @@ static int redirector_chr_can_read(void *opaque)\n return REDIRECTOR_MAX_LEN;\n }\n \n+static bool filter_redirector_input_active(NetFilterState *nf, bool enable)\n+{\n+ MirrorState *s = FILTER_REDIRECTOR(nf);\n+\n+ if (!enable) {\n+ return false;\n+ }\n+\n+ return runstate_is_running() || s->enable_when_stopped;\n+}\n+\n static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)\n {\n NetFilterState *nf = opaque;\n@@ -208,6 +230,40 @@ static void redirector_chr_event(void *opaque, QEMUChrEvent event)\n }\n }\n \n+static void filter_redirector_netdev_read(void *opaque)\n+{\n+ NetFilterState *nf = opaque;\n+ MirrorState *s = FILTER_REDIRECTOR(nf);\n+ struct sockaddr_ll sll;\n+ socklen_t sll_len;\n+ ssize_t len;\n+\n+ if (!s->in_netbuf || s->in_netfd < 0) {\n+ return;\n+ }\n+\n+ for (;;) {\n+ sll_len = sizeof(sll);\n+ len = recvfrom(s->in_netfd, s->in_netbuf, REDIRECTOR_MAX_LEN, 0,\n+ (struct sockaddr *)&sll, &sll_len);\n+ if (len <= 0) {\n+ break;\n+ }\n+\n+ if (sll.sll_pkttype != PACKET_OUTGOING) {\n+ continue;\n+ }\n+\n+ redirector_to_filter(nf, s->in_netbuf, len);\n+ }\n+\n+ if (len < 0 && errno != EAGAIN && errno != EWOULDBLOCK &&\n+ errno != EINTR) {\n+ error_report(\"filter redirector read in_netdev failed(%s)\",\n+ strerror(errno));\n+ }\n+}\n+\n static ssize_t filter_mirror_receive_iov(NetFilterState *nf,\n NetClientState *sender,\n unsigned flags,\n@@ -268,7 +324,19 @@ static void filter_redirector_cleanup(NetFilterState *nf)\n \n qemu_chr_fe_deinit(&s->chr_in, false);\n qemu_chr_fe_deinit(&s->chr_out, false);\n- qemu_del_vm_change_state_handler(s->vmsentry);\n+ if (s->vmsentry) {\n+ qemu_del_vm_change_state_handler(s->vmsentry);\n+ s->vmsentry = NULL;\n+ }\n+ if (s->in_netfd >= 0) {\n+ qemu_set_fd_handler(s->in_netfd, NULL, NULL, NULL);\n+ close(s->in_netfd);\n+ s->in_netfd = -1;\n+ }\n+ if (s->out_netfd >= 0) {\n+ close(s->out_netfd);\n+ s->out_netfd = -1;\n+ }\n \n if (nf->netdev) {\n nf->netdev->allow_send_when_stopped = 0;\n@@ -320,13 +388,13 @@ filter_redirector_refresh_allow_send_when_stopped(NetFilterState *nf)\n \n /*\n * Allow sending when stopped if enable_when_stopped is set and we have\n- * an outdev. This must be independent of nf->on (status) so that packets\n- * can still flow through the filter chain to other filters even when this\n- * redirector is disabled. Otherwise, tap_send() will disable read_poll\n- * when qemu_can_send_packet() returns false, preventing further packet\n- * processing.\n+ * a redirector output endpoint and the redirector is enabled.\n+ * Keeping this active while redirector status=off can unexpectedly\n+ * drain packets in migration stop windows and perturb vhost ring state.\n */\n- nc->allow_send_when_stopped = (s->enable_when_stopped && s->outdev);\n+ nc->allow_send_when_stopped = (nf->on &&\n+ s->enable_when_stopped &&\n+ (s->outdev || s->out_netdev));\n }\n \n static void filter_redirector_vm_state_change(void *opaque, bool running,\n@@ -335,8 +403,16 @@ static void filter_redirector_vm_state_change(void *opaque, bool running,\n NetFilterState *nf = opaque;\n MirrorState *s = FILTER_REDIRECTOR(nf);\n NetClientState *nc = nf->netdev;\n+ bool active = filter_redirector_input_active(nf, nf->on);\n+\n+ if (s->in_netfd >= 0) {\n+ qemu_set_fd_handler(s->in_netfd,\n+ active ? filter_redirector_netdev_read : NULL,\n+ NULL,\n+ active ? nf : NULL);\n+ }\n \n- if (!running && s->enable_when_stopped && nc->info->read_poll) {\n+ if (!running && nc && s->enable_when_stopped && nc->info->read_poll) {\n nc->info->read_poll(nc, true);\n }\n }\n@@ -362,21 +438,127 @@ static void filter_redirector_maybe_enable_read_poll(NetFilterState *nf)\n }\n }\n \n+static bool filter_redirector_netdev_setup(MirrorState *s, Error **errp)\n+{\n+ struct sockaddr_ll sll = { 0 };\n+ char ifname[IFNAMSIZ] = { 0 };\n+ int ifindex;\n+ int fd;\n+ NetClientState *nc;\n+\n+ if (s->in_netdev) {\n+ int tapfd;\n+ nc = qemu_find_netdev(s->in_netdev);\n+ if (!nc) {\n+ error_setg(errp, \"in_netdev '%s' not found\", s->in_netdev);\n+ return false;\n+ }\n+\n+ if (nc->info->type != NET_CLIENT_DRIVER_TAP) {\n+ error_setg(errp, \"in_netdev '%s' must be a TAP netdev\",\n+ s->in_netdev);\n+ return false;\n+ }\n+\n+ tapfd = tap_get_fd(nc);\n+ if (tapfd < 0 || tap_fd_get_ifname(tapfd, ifname) != 0) {\n+ error_setg(errp, \"failed to resolve TAP ifname for in_netdev '%s'\",\n+ s->in_netdev);\n+ return false;\n+ }\n+ } else if (s->out_netdev) {\n+ nc = qemu_find_netdev(s->out_netdev);\n+ if (!nc) {\n+ error_setg(errp, \"out_netdev '%s' not found\", s->out_netdev);\n+ return false;\n+ }\n+ /*\n+ * out_netdev always uses AF_PACKET. For TAP netdev we resolve the\n+ * interface name from tap fd; for non-TAP netdev we interpret\n+ * out_netdev string as host interface name.\n+ */\n+ if (nc->info->type == NET_CLIENT_DRIVER_TAP) {\n+ int tapfd = tap_get_fd(nc);\n+\n+ if (tapfd < 0 || tap_fd_get_ifname(tapfd, ifname) != 0) {\n+ error_setg(errp,\n+ \"failed to resolve TAP ifname for out_netdev '%s'\",\n+ s->out_netdev);\n+ return false;\n+ }\n+ } else {\n+ snprintf(ifname, sizeof(ifname), \"%s\", s->out_netdev);\n+ }\n+ }\n+\n+ ifindex = if_nametoindex(ifname);\n+ if (!ifindex) {\n+ error_setg_errno(errp, errno,\n+ \"failed to resolve ifindex for '%s'\", ifname);\n+ return false;\n+ }\n+\n+ fd = qemu_socket(AF_PACKET, SOCK_RAW | SOCK_NONBLOCK, htons(ETH_P_ALL));\n+ if (fd < 0) {\n+ error_setg_errno(errp, errno, \"failed to create AF_PACKET socket\");\n+ return false;\n+ }\n+\n+ sll.sll_family = AF_PACKET;\n+ sll.sll_ifindex = ifindex;\n+ sll.sll_protocol = htons(ETH_P_ALL);\n+ if (bind(fd, (struct sockaddr *)&sll, sizeof(sll)) < 0) {\n+ error_setg_errno(errp, errno,\n+ \"failed to bind AF_PACKET socket for ifname '%s'\",\n+ ifname);\n+ close(fd);\n+ return false;\n+ }\n+\n+ if (s->in_netdev) {\n+ s->in_netfd = fd;\n+ g_free(s->in_netbuf);\n+ s->in_netbuf = g_malloc(REDIRECTOR_MAX_LEN);\n+ } else {\n+ s->out_netfd = fd;\n+ s->out_net = nc;\n+ }\n+ return true;\n+}\n+\n static void filter_redirector_setup(NetFilterState *nf, Error **errp)\n {\n MirrorState *s = FILTER_REDIRECTOR(nf);\n Chardev *chr;\n \n- if (!s->indev && !s->outdev) {\n- error_setg(errp, \"filter redirector needs 'indev' or \"\n- \"'outdev' at least one property set\");\n+ if (!s->indev && !s->outdev && !s->in_netdev && !s->out_netdev) {\n+ error_setg(errp, \"filter redirector needs at least one of \"\n+ \"'indev', 'outdev', 'in_netdev', or 'out_netdev'\");\n+ return;\n+ }\n+\n+ if (s->indev && s->in_netdev) {\n+ error_setg(errp, \"'indev' and 'in_netdev' cannot both be set \"\n+ \"for filter redirector\");\n+ return;\n+ }\n+\n+ if (s->outdev && s->out_netdev) {\n+ error_setg(errp, \"'outdev' and 'out_netdev' cannot both be set \"\n+ \"for filter redirector\");\n+ return;\n+ }\n+\n+ if (s->in_netdev && s->out_netdev) {\n+ error_setg(errp, \"'in_netdev' and 'out_netdev' cannot both be set \"\n+ \"for filter redirector\");\n+ return;\n+ }\n+\n+ if (s->indev && s->outdev && !strcmp(s->indev, s->outdev)) {\n+ error_setg(errp, \"'indev' and 'outdev' could not be same \"\n+ \"for filter redirector\");\n return;\n- } else if (s->indev && s->outdev) {\n- if (!strcmp(s->indev, s->outdev)) {\n- error_setg(errp, \"'indev' and 'outdev' could not be same \"\n- \"for filter redirector\");\n- return;\n- }\n }\n \n net_socket_rs_init(&s->rs, redirector_rs_finalize, s->vnet_hdr);\n@@ -412,9 +594,23 @@ static void filter_redirector_setup(NetFilterState *nf, Error **errp)\n }\n }\n \n+ if (s->out_netdev || s->in_netdev) {\n+ if (!filter_redirector_netdev_setup(s, errp)) {\n+ return;\n+ }\n+ }\n+\n s->vmsentry = qemu_add_vm_change_state_handler(\n filter_redirector_vm_state_change, nf);\n \n+ if (s->in_netfd >= 0) {\n+ bool active = filter_redirector_input_active(nf, nf->on);\n+\n+ qemu_set_fd_handler(s->in_netfd,\n+ active ? filter_redirector_netdev_read : NULL,\n+ NULL,\n+ active ? nf : NULL);\n+ }\n filter_redirector_maybe_enable_read_poll(nf);\n \n filter_redirector_refresh_allow_send_when_stopped(nf);\n@@ -423,6 +619,7 @@ static void filter_redirector_setup(NetFilterState *nf, Error **errp)\n static void filter_redirector_status_changed(NetFilterState *nf, Error **errp)\n {\n MirrorState *s = FILTER_REDIRECTOR(nf);\n+ bool active = filter_redirector_input_active(nf, nf->on);\n \n if (s->indev) {\n if (nf->on) {\n@@ -435,6 +632,13 @@ static void filter_redirector_status_changed(NetFilterState *nf, Error **errp)\n }\n }\n \n+ if (s->in_netfd >= 0) {\n+ qemu_set_fd_handler(s->in_netfd,\n+ active ? filter_redirector_netdev_read : NULL,\n+ NULL,\n+ active ? nf : NULL);\n+ }\n+\n if (nf->on) {\n filter_redirector_maybe_enable_read_poll(nf);\n }\n@@ -665,6 +869,8 @@ static void filter_redirector_init(Object *obj)\n MirrorState *s = FILTER_REDIRECTOR(obj);\n \n s->vnet_hdr = false;\n+ s->in_netfd = -1;\n+ s->out_netfd = -1;\n }\n \n static void filter_mirror_fini(Object *obj)\n@@ -682,6 +888,7 @@ static void filter_redirector_fini(Object *obj)\n g_free(s->outdev);\n g_free(s->in_netdev);\n g_free(s->out_netdev);\n+ g_free(s->in_netbuf);\n }\n \n static const TypeInfo filter_redirector_info = {\n", "prefixes": [ "RFC", "3/5" ] }