[Qemu-devel] VDE HOWTO revision

[Qemu-devel] VDE HOWTO revision

[Mulyadi Santosa]

[-- Attachment #1: Type: text/plain, Size: 133 bytes --]

Hello Jim

Here are some revision for your VDE document, hope it is useful

Just look for word sorrounded by [[ ]]

regards

Mulyadi

[-- Attachment #2: qemu-vde-HOWTO-rev-1.txt --]
[-- Type: text/plain, Size: 6629 bytes --]

Using VDE with Qemu HOWTO
by Jim Brown
27 May 2004
Version 0.0

Changelog: (Note: look for [[ ]] for my correction/change)
		
-----------------------------------------------------------------------------

Introduction
	Copyright
	What is qemu?
	What is VDE?

Configuring and Installing VDE
	Installation
	vdeq & vdeqemu

User-mode networking
	How to enable user-mode networking
	Firewall configuration

Setting up qemu
	How to set up the guest OS

Credits

-----------------------------------------------------------------------------

Introduction

Copyright

Copyright (c) 2004 Jim Brown.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts.  A copy of the license is available at http://www.gnu.org/licenses/fdl.txt

What is qemu?

	Qemu is a FAST! processor emulator by Fabrice Bellard, available at
http://fabrice.bellard.free.fr/qemu/. It is capable of emulationg the x86 and
PowerPC processors with support for other processors on the way. The original
purpose of qemu was to allow running x86-specific Linux applications, such as
WINE or DosEmu, on non-x86 systems. However, qemu has expanded into becoming
a full-fledged emulator. On the x86 side, it is capable of running Linux,
MS-DOS, Windows 95/98/Me, Windows NT/2k, Windows XP, Solaris, OpenBSD, and
FreeBSD. See http://fabrice.bellard.free.fr/qemu/ossupport.html for the full
listing.

	This howto assumes that you have already installed and set up qemu.

What is VDE?

	VDE is short for Virtual Distributed Ethernet. VDE, written by
Renzo Davoli, is based off of uml_switch by Jeff Dike. It is available at
http://sourceforge.net/projects/vde/. It has many uses, the main one providing
support for networking with emulated computers. (Not just qemu, but support
for user-mode linux and Bochs also exists). VDE must be set up and installed by
root, but the programs which use it do not need root privligies.

	This howto will walk you through the simple process of installing
VDE and setting up qemu to use it.

-----------------------------------------------------------------------------

Configuring and Installing VDE

Installation

	You may obtain the source code at http://sourceforge.net/projects/vde/.
The version of VDE which I used was 1.4.1, but this HOWTO should apply to all
versions.

	Once you have downloaded the source code, extract it. I assume you
will have extracted it to /space/vde. Go into that directory, and simply type
"make" followed by "make install". Now you should have vde_switch in /usr/bin.

vdeq & vdeqemu

	Now cd into the qemu directory. Type "make". This will build vdeq.
Qemu on its own only supports full networking with tuntap, which requires
root priviliges or an exposed /dev/net/tun. There is a -user-net option, but
that is not as useful as full networking. In order for qemu to use VDE, it must
be passed the file descriptor for a tun device. Futhermore the tun device itself
must already be configured to use VDE. vdeq sets this up and passes it to qemu
via the -tun-fd switch.

	There is no "make install". Instead, you just manually copy vdeq to
/usr/bin. It might also be helpful to copy (or hard link [[preferred softlink) 
vdeq to vdeqemu. vdeq requires that the location of the qemu binary be passes 
to it as the first command line parameter, but vdeqemu only needs the options 
you want to pass to qemu. vdeqemu will locate the qemu binary itself [[but first
make sure you have include Qemu directory on PATH environmen variable]]

[[ For example if you have:
vdeq qemu -hda /mnt/myimage -m 64 -boot a

you can shorten this into

vdeqemu qemu -hda /mnt/myimage -m 64 -boot a
]]

-----------------------------------------------------------------------------

User-mode Networking

How to enable user-mode networking

	The following commands will need to be run as root:

# vde_switch -tap tap0 -daemon
[[
or 
# vde_switch -tap tun0 -daemon
]]

[[If you need to run a sniffer, just in case you want to analyze the traffic
run:
# vde_switch -hub -tap tap0 -daemon
]]
# ifconfig tap0 <ip>
	[[it is a good idea to put the TUN/TAP device on same subnet/class
	with IP on guest system. So it will be easier to setup routing etc]]
# chmod 777 /tmp/vde.ctl
[[ Jim, on my PC, i let the ctl file to 755 permission and it runs fine]]


	The vde_switch command will run VDE in the background. The -tap tap0
parameter tells VDE to set up the device tap0 using tuntap. -daemon runs
vde_switch in the background.[[-hub tells VDE to broadcast the message to all 
segment, just like real hub that you use on real network]]

	<ip> is the ip address of the gateway you want to use for the guest
OS(es). For example:

# ifconfig tap0 192.168.1.254 [[ netmask 255.255.255.0]]

	will make 192,.168.1.254 the gateway [[between guest and host]], and your 
guest OS(es) will belong to the subnet 192.168.1.0 with a netmask of 255.255.255.0 
and an ip address of 192.168.1.XXX (where you get to pick the XXX). [[by putting
guest IP and gateway IP in same subnet, they can directly contact each other]]

Note that you must run this before you run your firewall. I found it helpful
to put this into a script, and have the script load before the firewall does.

Firewall configuration

	You will need to enable masquerading between tap0 and your local area
network (for example, eth0). You will also need to enable masquerading between
tap0 and ppp0 if you use a dialup connection to the internet. The commands

# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

	will allow you to enable this manually.

-----------------------------------------------------------------------------

Setting up qemu

How to set up the guest OS

	Set up the guest OS so that the default route is through the gateway
ip, <ip> (for example 192.168.1.254). Also set up the subnet and netmask
parameters as appropriate (for example 192.168.1.0 and 255.255.255.0).
The guest OS should see the ethernet device and be able to use it to access
the gateway. (Caveat: I haven't been able to do this for MS-DOS, and for Minix
2.0.4 I had to apply a patch to qemu since Minix is broken.) Also don't forget
to set up the IP of the guest OS itself (for example 192.168.1.1).

-----------------------------------------------------------------------------

Credits

	This HOWTO relied heavily on the documentation that Renzo wrote for
vde-1.4.1.

Re: [Qemu-devel] VDE HOWTO revision

[Renzo Davoli]

Wonderful work, guys. Thanks!
I'll add some comments.
- Now there is a slirp support for VDE.
you can start several machines on the same vde and connect the vde
network as a whole *at user level*, without using tuntap. 
see the slirp subdir in VDE.
- I have just released the code of another project named ale4net
see www.sourceforge.net/projects/ale4net. (Please note that this is alpha
version)
Application Level Environment for Networking is able to "divert" network
system calls inside the vde (it uses LD_PRELOAD to catch the calls to
the libc).
If you set the LD_PRELOAD environment variable to my ale4net client
shared lib the standard applications of your linux box use
the ale4net network instead of the real network.
The result is that you can run QEMU or whatever in VDE, and use ale4net
to start ssh or mozilla (or what you like) on the host computer to access the 
QEMU machine without using tuntap. (ehm, about every application,
maybe there are already some bugs left ;-)
You can also try IPV6 clients or servers even if your host computer does
not support it. 
Ale4net does not need root privileges for installation or usage.
ciao
	renzo

On Thu, Jun 03, 2004 at 11:53:50AM +0700, Mulyadi Santosa wrote:
> -----------------------------------------------------------------------------
<...>
> Copyright
> 
> Copyright (c) 2004 Jim Brown.
> 
> 	There is no "make install". Instead, you just manually copy vdeq to
> /usr/bin. It might also be helpful to copy (or hard link [[preferred softlink) 
/usr/local/bin is a better place. I have added a make install for vdeq.
test vde-1.5.3 from sourceforge. (just uploaded)
it copies vdeq and creates a symlink for vdeqemu
> 
> [[ For example if you have:
> vdeq qemu -hda /mnt/myimage -m 64 -boot a
> 
> you can shorten this into
> 
> vdeqemu qemu -hda /mnt/myimage -m 64 -boot a
There is a typo here!
vdeqemu -hda /mnt/myimage -m 64 -boot a
> ]]
> 
> -----------------------------------------------------------------------------
> 
> User-mode Networking
> 
> How to enable user-mode networking
> 
> 	The following commands will need to be run as root:
> 
> # vde_switch -tap tap0 -daemon
I would keep tap tap0. I know that tuntap can use both names but given
it is a tap, it is bettere to name it as tap0.
Just for the sake of coherence ;-)
> [[
> or 
> # vde_switch -tap tun0 -daemon
> ]]
> 
> [[If you need to run a sniffer, just in case you want to analyze the traffic
> run:
> # vde_switch -hub -tap tap0 -daemon
> ]]
> # ifconfig tap0 <ip>
> 	[[it is a good idea to put the TUN/TAP device on same subnet/class
> 	with IP on guest system. So it will be easier to setup routing etc]]
> # chmod 777 /tmp/vde.ctl
> [[ Jim, on my PC, i let the ctl file to 755 permission and it runs fine]]
the remaining of the document is just fine....

[Qemu-devel] For what is slirp ?

[Jens Arm]

Hi

For what is slirp ?
What can I do with it?
How do I enable it?


Jens

Re: [Qemu-devel] For what is slirp ?

[Renzo Davoli]

On Thu, Jun 03, 2004 at 11:20:37AM +0200, Jens Arm wrote:
> For what is slirp ?
To have your qemu machine or your vde network connected to the real net
as it were behind a NAT firewall/router.
Slirp (project by Danny Gasparowsky) runs at user level, no root access
needed. Slirp simply forwards (really re-generate) all the network connections 
as they were generated by slirp itself.
> What can I do with it?
ditto
> How do I enable it?
It is automagically activated on qemu if you don't configure tun-tap.
There is the utility slirpvde on vde (with a man page in the doc
subdir). (note that slirp works for IPv4, not yet IPv6).

ciao
	renzo

Re: [Qemu-devel] For what is slirp ?

[Rudi Lippert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Re: [Qemu-devel] For what is slirp ?" (Renzo Davoli, Thursday 03 June 2004 
11:57):
> It is automagically activated on qemu if you don't configure tun-tap.
> There is the utility slirpvde on vde (with a man page in the doc
> subdir). (note that slirp works for IPv4, not yet IPv6).

do you not need --enable-slirp in configure any more?
must have missed this post.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAvwbY1nTg39QS/TsRAuh0AJ48UH3AttQ0CS+pA3ludMVD1aUhYQCZAa/0
IZJ7+Dj05wEWX6T46C1kA5Y=
=v0C8
-----END PGP SIGNATURE-----

Re: [Qemu-devel] For what is slirp ?

[Jens Arm]

> "Re: [Qemu-devel] For what is slirp ?" (Renzo Davoli, Thursday 03 June 2004 
> 11:57):
> > It is automagically activated on qemu if you don't configure tun-tap.
> > There is the utility slirpvde on vde (with a man page in the doc
> > subdir). (note that slirp works for IPv4, not yet IPv6).
> 
> do you not need --enable-slirp in configure any more?
> must have missed this post.

Yes, looks like this is needed.

Is there a description, what I have to do at the Host and qemu-client to use network
over slirp?


Jens

Re: [Qemu-devel] For what is slirp ?

[Renzo Davoli]

On Thu, Jun 03, 2004 at 01:18:48PM +0200, Jens Arm wrote:
> Is there a description, what I have to do at the Host and qemu-client to use network
> over slirp?

AFAIK:
Client: configure the net interface for DHCP.
You'll get an address like 10.0.2.15 default route to 10.0.2.2 (or
something similar). Also the DNS access get forwarded through SLIRP.
There is a fake DNS @10.0.2.2 (or similar) and queries are forwarded.
Ping (ICMP) may have trouble but TCP works like a charm.
Host: nothing at all. Be connected to something... You'll access from
qemu what is connected to the host machine, nothing more ;-)

renzo

Re: [Qemu-devel] For what is slirp ?

[Jens Arm]

> > Is there a description, what I have to do at the Host and qemu-client to use network
> > over slirp?
> 
> AFAIK:
> Client: configure the net interface for DHCP.
> You'll get an address like 10.0.2.15 default route to 10.0.2.2 (or
> something similar). Also the DNS access get forwarded through SLIRP.
> There is a fake DNS @10.0.2.2 (or similar) and queries are forwarded.
> Ping (ICMP) may have trouble but TCP works like a charm.
> Host: nothing at all. Be connected to something... You'll access from
> qemu what is connected to the host machine, nothing more ;-)


Hmmmm, Knoppix 3.4 tries to find a IP over DHCP, but I do not get one from slirp.



Jens

Re: [Qemu-devel] For what is slirp ?

[James Ascroft-Leigh]

[-- Attachment #1: Type: text/plain, Size: 258 bytes --]

On Thu, 2004-06-03 at 13:47 +0200, Jens Arm wrote:

[...]

> Hmmmm, Knoppix 3.4 tries to find a IP over DHCP, but I do not get one from slirp.

On Morphix I found that pump did not work but dhclient did.  Of these
two, I think Knoppix only has pump.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [Qemu-devel] For what is slirp ?

[Fabrice Bellard]

James Ascroft-Leigh wrote:
> On Thu, 2004-06-03 at 13:47 +0200, Jens Arm wrote:
> 
> [...]
> 
> 
>>Hmmmm, Knoppix 3.4 tries to find a IP over DHCP, but I do not get one from slirp.
> 
> 
> On Morphix I found that pump did not work but dhclient did.  Of these
> two, I think Knoppix only has pump.

QEMU now supports pump too. Note that although it was a bug in QEMU dhcp 
server, it is also a severe security problem in pump (buffer overflow if 
reply packet from DHCP server too long !).

Fabrice.

Re: [Qemu-devel] For what is slirp ?

[Kyle Hayes]

On Friday 04 June 2004 08:35, Fabrice Bellard wrote:
> James Ascroft-Leigh wrote:
> > On Thu, 2004-06-03 at 13:47 +0200, Jens Arm wrote:
> >
> > [...]
> >
> >>Hmmmm, Knoppix 3.4 tries to find a IP over DHCP, but I do not get one
> >> from slirp.
> >
> > On Morphix I found that pump did not work but dhclient did.  Of these
> > two, I think Knoppix only has pump.
>
> QEMU now supports pump too. Note that although it was a bug in QEMU dhcp
> server, it is also a severe security problem in pump (buffer overflow if
> reply packet from DHCP server too long !).

That's nasty :-(  Of course, what would the script kiddy gain? "Yay, I 
0wn3d a VM instance.  I am s0 l33t!" :-)

I'll be trying Knoppix 3.4 soon.  That has a couple of kernels try try as 
well as some of the most involved (and hacked) hardware detection.

Best,
Kyle

Re: [Qemu-devel] For what is slirp ?

[Jens Arm]

> > >>Hmmmm, Knoppix 3.4 tries to find a IP over DHCP, but I do not get one
> > >> from slirp.
> > >
> > > On Morphix I found that pump did not work but dhclient did.  Of these
> > > two, I think Knoppix only has pump.
> >
> > QEMU now supports pump too. Note that although it was a bug in QEMU dhcp
> > server, it is also a severe security problem in pump (buffer overflow if
> > reply packet from DHCP server too long !).
> 
> That's nasty :-(  Of course, what would the script kiddy gain? "Yay, I 
> 0wn3d a VM instance.  I am s0 l33t!" :-)
> 
> I'll be trying Knoppix 3.4 soon.  That has a couple of kernels try try as 
> well as some of the most involved (and hacked) hardware detection.


For me, Knoppix 3.4 is getting the IP now :)


Jens

Re: [Qemu-devel] For what is slirp ?

[Jens Arm]

> > Is there a description, what I have to do at the Host and qemu-client to use network
> > over slirp?
> 
> AFAIK:
> Client: configure the net interface for DHCP.
> You'll get an address like 10.0.2.15 default route to 10.0.2.2 (or
> something similar). Also the DNS access get forwarded through SLIRP.
> There is a fake DNS @10.0.2.2 (or similar) and queries are forwarded.
> Ping (ICMP) may have trouble but TCP works like a charm.
> Host: nothing at all. Be connected to something... You'll access from
> qemu what is connected to the host machine, nothing more ;-)



If I type the IPs by hand it works.

Looks like DHCP in slirp/qemu is broken ?


Jens