1. Patchew
  2. QEMU
  3. [RFC v2 0/9] net/filter-redirector: Add AF_PACKET support for vhost-net
  4. View patch

[RFC v2 1/9] net/filter: allow redirector on vhost TAP backends

Cindy Lu posted 9 patches 3 weeks, 5 days ago
[RFC v2 1/9] net/filter: allow redirector on vhost TAP backends
Posted by Cindy Lu 3 weeks, 5 days ago 
netfilter_complete() currently rejects every filter attached to a
vhost-backed netdev. That prevents filter-redirector from being used on
the TAP backends that handle switchover capture and replay.

Permit filter-redirector on vhost-backed TAP netdevs, but keep the gate
narrow: other filters are still rejected and non-TAP backends remain
unsupported. Later commits can widen the filter set without duplicating
the backend restriction.

Signed-off-by: Cindy Lu <lulu@redhat.com>
---
 net/filter.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/net/filter.c b/net/filter.c
index 76345c1a9d..b9646b9e00 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -255,8 +255,19 @@ static void netfilter_complete(UserCreatable *uc, Error **errp)
     }
 
     if (get_vhost_net(ncs[0])) {
-        error_setg(errp, "Vhost is not supported");
-        return;
+        bool redirector = object_dynamic_cast(OBJECT(uc),
+                                              "filter-redirector");
+        bool buffer = object_dynamic_cast(OBJECT(uc), "filter-buffer");
+        bool vhost_filter = redirector || buffer;
+
+        if (!redirector) {
+            error_setg(errp, "Vhost is not supported");
+            return;
+        }
+        if (vhost_filter && ncs[0]->info->type != NET_CLIENT_DRIVER_TAP) {
+            error_setg(errp, "Vhost filter support requires a TAP backend");
+            return;
+        }
     }
 
     if (strcmp(nf->position, "head") && strcmp(nf->position, "tail")) {
-- 
2.52.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.