From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.30) id 1BBM4e-0004Z9-80 for qemu-devel@nongnu.org; Wed, 07 Apr 2004 19:03:12 -0400 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.30) id 1BBM3z-0004JD-8d for qemu-devel@nongnu.org; Wed, 07 Apr 2004 19:03:02 -0400 Received: from [216.254.0.203] (helo=mail3.speakeasy.net) by monty-python.gnu.org with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 4.30) id 1BBM3y-0004Iz-J1 for qemu-devel@nongnu.org; Wed, 07 Apr 2004 19:02:30 -0400 Received: from dsl081-088-222.lax1.dsl.speakeasy.net (HELO lhosts) ([64.81.88.222]) (envelope-sender ) by mail3.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 7 Apr 2004 23:02:29 -0000 Subject: Re: [Qemu-devel] Win32 usermode only network possible? [was: multiple VMs] From: "John R. Hogerhuis" In-Reply-To: <1081376183.12574.53.camel@localhost> References: <000701c41cbf$49b386d0$0401a8c0@putte2k> <4074604D.6030201@bellard.org> <1081375468.14275.33.camel@aragorn> <1081376183.12574.53.camel@localhost> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-hUEXGgtrKyHawmpvdp/s" Message-Id: <1081379058.3253.53.camel@aragorn> Mime-Version: 1.0 Date: Wed, 07 Apr 2004 16:04:18 -0700 Reply-To: jhoger@pobox.com, qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --=-hUEXGgtrKyHawmpvdp/s Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2004-04-07 at 15:16, Joe Batt wrote: > When NATing, you don't have to match the original source port, so we > should be able to have a NAT run in a non root mode (if source port < > 1024, use a different source port). >=20 > Before I spent so much time looking for it today, I would have expected > that there was a userspace NAT program available (something that spoke > the TUN stream format perhaps), but I didn't see anything. (TUN stream > format would have been cool, because it QEMU already speaks that, but it > would have been slower.) I would expect the TCP packet to TCP socket > mapping to be the hard part. UDP should be easy. >=20 The problem with just doing a NAT is getting your packets forwarded by the host OS. Normally with NAT you just patch up the source port/IP, fixup the checksum and forward the packet out another interface. The hard part if you want qemu to be able to run userspace only is the forwarding part. Most OSs don't allow unprivileged raw network access, and that includes at least Linux and Windows. So one way or another QEMU must go through Sockets. One way is SLiRP. It doesn't allow inbound (since there is no packet which appears on the network indicating some app wants to "listen"). Now SOCKS, or a transparent proxy which replaces sockets would allow capturing of Listens and thereby allow binding to unprivileged ports if the user wishes to. > Wont we also need a customized DHCP server to server up IP addresses and > DNS servers? >=20 > I would think that the goal is that you can 'qemu -hda somepartition' or > 'qemu -cdrom someiso' and have a running NATed machine without any host > configuration. >=20 Even VmWare has a tough time with running off of raw partitions. I've never gotten it to work. I guess it all depends on what you want to do with QEMU. My project is to have a zero install Morphix which autoruns emulated on windows desktop when you pop in the cd. Given that, if I have to do a little tweaking in Morphix apps, or insert a transparent proxy its not a big deal. Ideally one wouldn't have to do ANY configuration of the emulated image, but in my case it's all about whatever works while giving the user experience I want... what Fabrice is doing may be sufficient since most apps don't require peer-to-peer communication anyway. -- John. --=-hUEXGgtrKyHawmpvdp/s Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAdIjyfY9MuGaNkEERAuY8AJ4894Y4rPBrHDGUgITZJkDtHGhx0QCeOAsc +Lg+dBix+oYUZcvK+i7goXU= =I2Y8 -----END PGP SIGNATURE----- --=-hUEXGgtrKyHawmpvdp/s--