From: Jason Wang <jasowang@redhat.com>
To: Markus Armbruster <armbru@redhat.com>,
Akihiko Odaki <akihiko.odaki@gmail.com>
Cc: stefanha@gmail.com, thuth@redhat.com, hsp.cat7@gmail.com,
qemu-devel@nongnu.org, Phillip Tennen <phillip@axleos.com>
Subject: Re: [PATCH v3] net/macos: implement vmnet-based netdev
Date: Mon, 9 Aug 2021 11:22:56 +0800 [thread overview]
Message-ID: <c259cfd2-c13a-6e8b-35a7-79867e0018ea@redhat.com> (raw)
In-Reply-To: <875ywhfnn6.fsf@dusky.pond.sub.org>
在 2021/8/7 下午8:24, Markus Armbruster 写道:
> Jason, did this fall through the cracks?
Kind of, will review this week.
6.2 material though.
Thanks
>
> My review is for the QAPI schema only.
>
> Akihiko Odaki <akihiko.odaki@gmail.com> writes:
>
>> From: Phillip Tennen <phillip@axleos.com>
>>
>> This patch implements a new netdev device, reachable via -netdev
>> vmnet-macos, that’s backed by macOS’s vmnet framework.
>>
>> The vmnet framework provides native bridging support, and its usage in
>> this patch is intended as a replacement for attempts to use a tap device
>> via the tuntaposx kernel extension. Notably, the tap/tuntaposx approach
>> never would have worked in the first place, as QEMU interacts with the
>> tap device via poll(), and macOS does not support polling device files.
>>
>> vmnet requires either a special entitlement, granted via a provisioning
>> profile, or root access. Otherwise attempts to create the virtual
>> interface will fail with a “generic error” status code. QEMU may not
>> currently be signed with an entitlement granted in a provisioning
>> profile, as this would necessitate pre-signed binary build distribution,
>> rather than source-code distribution. As such, using this netdev
>> currently requires that qemu be run with root access. I’ve opened a
>> feedback report with Apple to allow the use of the relevant entitlement
>> with this use case:
>> https://openradar.appspot.com/radar?id=5007417364447232
>>
>> vmnet offers three operating modes, all of which are supported by this
>> patch via the “mode=host|shared|bridge” option:
>>
>> * "Host" mode: Allows the vmnet interface to communicate with other
>> * vmnet
>> interfaces that are in host mode and also with the native host.
>> * "Shared" mode: Allows traffic originating from the vmnet interface to
>> reach the Internet through a NAT. The vmnet interface can also
>> communicate with the native host.
>> * "Bridged" mode: Bridges the vmnet interface with a physical network
>> interface.
>>
>> Each of these modes also provide some extra configuration that’s
>> supported by this patch:
>>
>> * "Bridged" mode: The user may specify the physical interface to bridge
>> with. Defaults to en0.
>> * "Host" mode / "Shared" mode: The user may specify the DHCP range and
>> subnet. Allocated by vmnet if not provided.
>>
>> vmnet also offers some extra configuration options that are not
>> supported by this patch:
>>
>> * Enable isolation from other VMs using vmnet
>> * Port forwarding rules
>> * Enabling TCP segmentation offload
>> * Only applicable in "shared" mode: specifying the NAT IPv6 prefix
>> * Only available in "host" mode: specifying the IP address for the VM
>> within an isolated network
>>
>> Note that this patch requires macOS 10.15 as a minimum, as this is when
>> bridging support was implemented in vmnet.framework.
>>
>> Rebased to commit 9aef0954195cc592e86846dbbe7f3c2c5603690a by Akihiko
>> Odaki.
>>
>> Signed-off-by: Phillip Tennen <phillip@axleos.com>
>> Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
>> Message-Id: <20210315103209.20870-1-akihiko.odaki@gmail.com>
> [...]
>
>> diff --git a/qapi/net.json b/qapi/net.json
>> index 7fab2e7cd8a..e3b67f174fc 100644
>> --- a/qapi/net.json
>> +++ b/qapi/net.json
>> @@ -452,6 +452,115 @@
>> '*vhostdev': 'str',
>> '*queues': 'int' } }
>>
>> +##
>> +# @VmnetOperatingMode:
>> +#
>> +# The operating modes in which a vmnet netdev can run
>> +# Only available on macOS
> Generated qemu-qmp-ref.7 and .html show this as
>
> The operating modes in which a vmnet netdev can run Only available
> on macOS
>
> Please end your sentences with periods :)
>
> More of the same below. Proof-reading the generated documentation is
> always a good idea, and often forgotten (I've been guilty of that, too).
>
>> +#
>> +# @host: the guest may communicate with the host
>> +# and other guest network interfaces
>> +#
>> +# @shared: the guest may reach the Internet through a NAT,
> Scratch "a"?
>
>> +# and may communicate with the host and other guest
>> +# network interfaces
>> +#
>> +# @bridged: the guest's traffic is bridged with a
>> +# physical network interface of the host
> "bridged width" or "bridged to"? I'm not a networking guy...
>
>> +#
>> +# Since: 6.0
> 6.2
>
>> +##
>> +{ 'enum': 'VmnetOperatingMode',
>> + 'data': [ 'host', 'shared', 'bridged' ],
>> + 'if': 'defined(CONFIG_VMNET)' }
> I suspect we want 'defined(CONFIG_VMNET) && defined(CONFIG_DARWIN)',
> here and below.
>
>> +
>> +##
>> +# @NetdevVmnetModeOptionsBridged:
>> +#
>> +# Options for the vmnet-macos netdev
>> +# that are only available in 'bridged' mode
>> +# Only available on macOS
>> +#
>> +# @ifname: the physical network interface to bridge with
>> +# (defaults to en0 if not specified)
> Scratch " if not specified".
>
>> +#
>> +# Since: 6.0
>> +##
>> +{ 'struct': 'NetdevVmnetModeOptionsBridged',
>> + 'data': { '*ifname': 'str' },
>> + 'if': 'defined(CONFIG_VMNET)' }
>> +
>> +##
>> +# @NetdevVmnetModeOptionsHostOrShared:
>> +#
>> +# Options for the vmnet-macos netdev
>> +# that are only available in 'host' or 'shared' mode
>> +# Only available on macOS
>> +#
>> +# @dhcp-start-address: the gateway address to use for the interface.
>> +# The range to dhcp_end_address is placed in the DHCP pool.
>> +# (only valid with mode=host|shared)
>> +# (must be specified with dhcp-end-address and
>> +# dhcp-subnet-mask)
>> +# (allocated automatically if unset)
>> +#
>> +# @dhcp-end-address: the DHCP IPv4 range end address to use for the interface.
>> +# (only valid with mode=host|shared)
>> +# (must be specified with dhcp-start-address and
>> +# dhcp-subnet-mask)
>> +# (allocated automatically if unset)
>> +#
>> +# @dhcp-subnet-mask: the IPv4 subnet mask (string) to use on the interface.
>> +# (only valid with mode=host|shared)
>> +# (must be specified with dhcp-start-address and
>> +# dhcp-end-address)
>> +# (allocated automatically if unset)
> No IPv6. Is it because the underlying OS feature can't do it, or is it
> merely not implemented in QEMU, yet?
>
>> +#
>> +# Since: 6.0
>> +##
>> +{ 'struct': 'NetdevVmnetModeOptionsHostOrShared',
>> + 'data': {
>> + '*dhcp-start-address': 'str' ,
>> + '*dhcp-end-address': 'str',
>> + '*dhcp-subnet-mask': 'str' },
>> + 'if': 'defined(CONFIG_VMNET)' }
>> +
>> +##
>> +# @NetdevVmnetModeOptions:
>> +#
>> +# Options specific to different operating modes of a vmnet netdev
> Suggest
>
> # Options for a vmnet network interface backend.
>
>> +# Only available on macOS
>> +#
>> +# @mode: the operating mode vmnet should run in
>> +#
>> +# Since: 6.0
>> +##
>> +{ 'union': 'NetdevVmnetModeOptions',
>> + 'base': { 'mode': 'VmnetOperatingMode' },
>> + 'discriminator': 'mode',
>> + 'data': {
>> + 'bridged': 'NetdevVmnetModeOptionsBridged',
>> + 'host': 'NetdevVmnetModeOptionsHostOrShared',
>> + 'shared': 'NetdevVmnetModeOptionsHostOrShared' },
>> + 'if': 'defined(CONFIG_VMNET)' }
>> +
>> +##
>> +# @NetdevVmnetOptions:
>> +#
>> +# vmnet network backend
>> +# Only available on macOS
>> +#
>> +# @options: a structure specifying the mode and mode-specific options
>> +# (once QAPI supports a union type as a branch to another union type,
>> +# this structure can be changed to a union, and the contents of
>> +# NetdevVmnetModeOptions moved here)
>> +#
>> +# Since: 6.0
>> +##
>> +{ 'struct': 'NetdevVmnetOptions',
>> + 'data': {'options': 'NetdevVmnetModeOptions' },
>> + 'if': 'defined(CONFIG_VMNET)' }
> Why do you need this wrapper struct?
>
>> +
>> ##
>> # @NetClientDriver:
>> #
>> @@ -460,10 +569,13 @@
>> # Since: 2.7
>> #
>> # @vhost-vdpa since 5.1
>> +#
>> +# @vmnet-macos since 6.0 (only available on macOS)
>> ##
>> { 'enum': 'NetClientDriver',
>> 'data': [ 'none', 'nic', 'user', 'tap', 'l2tpv3', 'socket', 'vde',
>> - 'bridge', 'hubport', 'netmap', 'vhost-user', 'vhost-vdpa' ] }
>> + 'bridge', 'hubport', 'netmap', 'vhost-user', 'vhost-vdpa',
>> + { 'name': 'vmnet-macos', 'if': 'defined(CONFIG_VMNET)' } ] }
>>
>> ##
>> # @Netdev:
>> @@ -477,6 +589,8 @@
>> # Since: 1.2
>> #
>> # 'l2tpv3' - since 2.1
>> +#
>> +# 'vmnet-macos' since 6.0 (only available on macOS)
>> ##
>> { 'union': 'Netdev',
>> 'base': { 'id': 'str', 'type': 'NetClientDriver' },
>> @@ -492,7 +606,9 @@
>> 'hubport': 'NetdevHubPortOptions',
>> 'netmap': 'NetdevNetmapOptions',
>> 'vhost-user': 'NetdevVhostUserOptions',
>> - 'vhost-vdpa': 'NetdevVhostVDPAOptions' } }
>> + 'vhost-vdpa': 'NetdevVhostVDPAOptions',
>> + 'vmnet-macos': { 'type': 'NetdevVmnetOptions',
>> + 'if': 'defined(CONFIG_VMNET)' } } }
>>
>> ##
>> # @RxState:
>> diff --git a/qemu-options.hx b/qemu-options.hx
>> index f7210779409..5ff872b3e84 100644
>> --- a/qemu-options.hx
>> +++ b/qemu-options.hx
>> @@ -2609,6 +2609,15 @@ DEF("netdev", HAS_ARG, QEMU_OPTION_netdev,
>> #ifdef __linux__
>> "-netdev vhost-vdpa,id=str,vhostdev=/path/to/dev\n"
>> " configure a vhost-vdpa network,Establish a vhost-vdpa netdev\n"
>> +#endif
>> +#ifdef CONFIG_VMNET
>> + "-netdev vmnet-macos,id=str,mode=bridged[,ifname=ifname]\n"
>> + " configure a macOS-provided vmnet network in \"physical interface bridge\" mode\n"
>> + " the physical interface to bridge with defaults to en0 if unspecified\n"
>> + "-netdev vmnet-macos,id=str,mode=host|shared\n"
>> + " [,dhcp_start_address=addr,dhcp_end_address=addr,dhcp_subnet_mask=mask]\n"
>> + " configure a macOS-provided vmnet network in \"host\" or \"shared\" mode\n"
>> + " the DHCP configuration will be set automatically if unspecified\n"
>> #endif
>> "-netdev hubport,id=str,hubid=n[,netdev=nd]\n"
>> " configure a hub port on the hub with ID 'n'\n", QEMU_ARCH_ALL)
next prev parent reply other threads:[~2021-08-09 3:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-08 5:44 [PATCH v3] net/macos: implement vmnet-based netdev Akihiko Odaki
2021-08-07 12:24 ` Markus Armbruster
2021-08-09 3:22 ` Jason Wang [this message]
2021-08-11 4:54 ` Jason Wang
-- strict thread matches above, loose matches on Subject: below --
2021-02-14 14:50 phillip.ennen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c259cfd2-c13a-6e8b-35a7-79867e0018ea@redhat.com \
--to=jasowang@redhat.com \
--cc=akihiko.odaki@gmail.com \
--cc=armbru@redhat.com \
--cc=hsp.cat7@gmail.com \
--cc=phillip@axleos.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).