From: Laurent Vivier <lvivier@redhat.com>
To: qemu-devel@nongnu.org
Cc: Markus Armbruster <armbru@redhat.com>,
Stefano Brivio <sbrivio@redhat.com>,
David Gibson <david@gibson.dropbear.id.au>,
Laurent Vivier <lvivier@redhat.com>
Subject: [PATCH] docs: Explain how to use passt
Date: Mon, 10 Mar 2025 19:00:50 +0100 [thread overview]
Message-ID: <20250310180050.112682-1-lvivier@redhat.com> (raw)
Add a chapter to explain how to use passt(1) instead of '-net user'.
passt(1) can be connected to QEMU using UNIX socket or vhost-user.
With vhost-user, migration of the VM is allowed and internal state of
passt(1) is transfered from one side to the other
Bug: https://gitlab.com/qemu-project/qemu/-/issues/2827
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
docs/system/devices/net.rst | 93 +++++++++++++++++++++++++++++++++++++
1 file changed, 93 insertions(+)
diff --git a/docs/system/devices/net.rst b/docs/system/devices/net.rst
index 2ab516d4b097..5f70b1039198 100644
--- a/docs/system/devices/net.rst
+++ b/docs/system/devices/net.rst
@@ -77,6 +77,99 @@ When using the ``'-netdev user,hostfwd=...'`` option, TCP or UDP
connections can be redirected from the host to the guest. It allows for
example to redirect X11, telnet or SSH connections.
+Using passt as the user mode network stack
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`passt(1)`_ can be used as a simple replacement for SLIRP (``-net user``).
+`passt(1)`_ doesn't require any capability or privilege. `passt(1)`_ has
+better performance than ``-net user``, full IPv6 support and better security
+as it's a daemon that is not executed in QEMU context.
+
+`passt(1)`_ can be connected to QEMU either by using a socket
+(``-netdev stream``) or using the vhost-user interface (``-netdev vhost-user``).
+See `passt web site`_ and `passt(1)`_ for more details on passt.
+
+.. _passt web site: https://passt.top/
+.. _passt(1): https://passt.top/builds/latest/web/passt.1.html
+
+To use socket based passt interface:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Start `passt(1)`_ as a daemon::
+
+ passt
+
+It will print the path of the UNIX domain socket QEMU can connect to.
+Then you can connect your QEMU instance to `passt(1)`_:
+
+.. parsed-literal::
+ |qemu_system| [...OPTIONS...] -device virtio-net-pci,netdev=netdev0 -netdev stream,id=netdev0,server=off,addr.type=unix,addr.path=/tmp/passt_1.socket
+
+Where ``/tmp/passt_1.socket`` is the UNIX socket created by `passt(1)`_ to
+communicate with QEMU.
+
+To use vhost-based interface:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Start passt with ``--vhost-user``::
+
+ passt --vhost-user
+
+Then to connect QEMU:
+
+.. parsed-literal::
+ |qemu_system| [...OPTIONS...] -m $RAMSIZE -chardev socket,id=chr0,path=/tmp/passt_1.socket -netdev vhost-user,id=netdev0,chardev=chr0 -device virtio-net,netdev=netdev0 -object memory-backend-memfd,id=memfd0,share=on,size=$RAMSIZE -numa node,memdev=memfd0
+
+Where ``$RAMSIZE`` is the memory size of your VM ``-m`` and ``-object memory-backend-memfd,size=`` must match.
+
+Migration of passt:
+^^^^^^^^^^^^^^^^^^^
+
+When `passt(1)`_ is connected to QEMU using the vhost-user interface it can
+be migrated with QEMU and the network connections are not interrupted.
+
+As `passt(1)`_ runs with no privileges, it relies on passt-repair to save and
+load TCP connections state, using the TCP_REPAIR socket option.
+The passt-repair helper needs to have the CAP_NET_ADMIN capability, or run as root. If passt-repair is not available, TCP connections will not be preserved.
+
+Example of migration of a guest on the same host
+________________________________________________
+
+Before being able to run passt-repair, the CAP_NET_ADMIN capability must be set
+on the file, run as root::
+
+ setcat cap_net_admin+eip ./passt-repair
+
+Start `passt(1)`_ for the source side::
+
+ passt
+
+Start passt-repair::
+
+ passt-repair /tmp/passt_1.socket.repair
+
+Start source side QEMU with a monitor to be able to send the migrate command:
+
+.. parsed-literal::
+ |qemu_system| [...OPTIONS...] [...VHOST USER OPTIONS...] -monitor stdio
+
+Start `passt(1)`_ for the destination side::
+
+ passt
+
+Start passt-repair::
+
+ passt-repair /tmp/passt_2.socket.repair
+
+Start QEMU with the ``-incoming`` parameter:
+
+.. parsed-literal::
+ |qemu_system| [...OPTIONS...] [...VHOST USER OPTIONS...] -incoming tcp:localhost:4444
+
+Then in the source guest monitor the migration can be started::
+
+ (qemu) migrate tcp:localhost:4444
+
Hubs
~~~~
--
2.48.1
next reply other threads:[~2025-03-10 18:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-10 18:00 Laurent Vivier [this message]
2025-03-10 18:31 ` [PATCH] docs: Explain how to use passt Paolo Bonzini
2025-03-11 1:49 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250310180050.112682-1-lvivier@redhat.com \
--to=lvivier@redhat.com \
--cc=armbru@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=qemu-devel@nongnu.org \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).