Re: [PATCH v4] net/macos: implement vmnet-based netdev

From: Howard Spoelstra <hsp.cat7@gmail.com>
To: phillip.ennen@gmail.com
Cc: Thomas Huth <thuth@redhat.com>,
	Stefan Hajnoczi <stefanha@gmail.com>,
	jasowang@redhat.com,
	qemu-devel qemu-devel <qemu-devel@nongnu.org>,
	Markus Armbruster <armbru@redhat.com>,
	phillip@axleos.com
Subject: Re: [PATCH v4] net/macos: implement vmnet-based netdev
Date: Sat, 20 Feb 2021 07:39:31 +0100	[thread overview]
Message-ID: <CABLmASG8=A0SQeEtjg_s9-aj6uupe_eYgAupGxYSx+n6=kVeeA@mail.gmail.com> (raw)
In-Reply-To: <20210218134947.1860-1-phillip.ennen@gmail.com>

On Thu, Feb 18, 2021 at 2:49 PM <phillip.ennen@gmail.com> wrote:
>
> From: Phillip Tennen <phillip@axleos.com>
>
> This patch implements a new netdev device, reachable via -netdev
> vmnet-macos, that’s backed by macOS’s vmnet framework.
>
> The vmnet framework provides native bridging support, and its usage in
> this patch is intended as a replacement for attempts to use a tap device
> via the tuntaposx kernel extension. Notably, the tap/tuntaposx approach
> never would have worked in the first place, as QEMU interacts with the
> tap device via poll(), and macOS does not support polling device files.
>
> vmnet requires either a special entitlement, granted via a provisioning
> profile, or root access. Otherwise attempts to create the virtual
> interface will fail with a “generic error” status code. QEMU may not
> currently be signed with an entitlement granted in a provisioning
> profile, as this would necessitate pre-signed binary build distribution,
> rather than source-code distribution. As such, using this netdev
> currently requires that qemu be run with root access. I’ve opened a
> feedback report with Apple to allow the use of the relevant entitlement
> with this use case:
> https://openradar.appspot.com/radar?id=5007417364447232
>
> vmnet offers three operating modes, all of which are supported by this
> patch via the “mode=host|shared|bridge” option:
>
> * "Host" mode: Allows the vmnet interface to communicate with other
> * vmnet
> interfaces that are in host mode and also with the native host.
> * "Shared" mode: Allows traffic originating from the vmnet interface to
> reach the Internet through a NAT. The vmnet interface can also
> communicate with the native host.
> * "Bridged" mode: Bridges the vmnet interface with a physical network
> interface.
>
> Each of these modes also provide some extra configuration that’s
> supported by this patch:
>
> * "Bridged" mode: The user may specify the physical interface to bridge
> with. Defaults to en0.
> * "Host" mode / "Shared" mode: The user may specify the DHCP range and
> subnet. Allocated by vmnet if not provided.
>
> vmnet also offers some extra configuration options that are not
> supported by this patch:
>
> * Enable isolation from other VMs using vmnet
> * Port forwarding rules
> * Enabling TCP segmentation offload
> * Only applicable in "shared" mode: specifying the NAT IPv6 prefix
> * Only available in "host" mode: specifying the IP address for the VM
> within an isolated network
>
> Note that this patch requires macOS 10.15 as a minimum, as this is when
> bridging support was implemented in vmnet.framework.
>
> Signed-off-by: Phillip Tennen <phillip@axleos.com>

Hi Phillip,

Thanks for the updated patch.
I have a small problem applying it with either git am or patch. I have
to manually fix configure. This has been the case from v1 up to now:

hsp@hsps-Catalina-VB
qemu-master % patch -p1 <
../patches/qemu/v4-net-macos-implement-vmnet-based-netdev.patch
patching file configure
Hunk #1 FAILED at 778.
1 out of 1 hunk FAILED -- saving rejects to file configure.rej
patching file net/clients.h
patching file net/meson.build
patching file net/net.c
patching file net/vmnet-macos.c
patching file qapi/net.json
patching file qemu-options.hx
Hunk #1 succeeded at 2507 (offset 24 lines).

Best,
Howard