Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net/macos: implement vmnet-based netdev
This patch implements a new netdev device, reachable via -netdev vmnet-macos, that’s backed by macOS’s vmnet framework. The vmnet framework provides native bridging support, and its usage in this patch is intended as a replacement for attempts to use a tap device via the tuntaposx kernel extension. Notably, the tap/tuntaposx approach never would have worked in the first place, as QEMU interacts with the tap device via poll(), and macOS does not support polling device files. vmnet requires either a special entitlement, granted via a provisioning profile, or root access. Otherwise attempts to create the virtual interface will fail with a “generic error” status code. QEMU may not currently be signed with an entitlement granted in a provisioning profile, as this would necessitate pre-signed binary build distribution, rather than source-code distribution. As such, using this netdev currently requires that qemu be run with root access. I’ve opened a feedback report with Apple to allow the use of the relevant entitlement with this use case: https://openradar.appspot.com/radar?id=5007417364447232 vmnet offers three operating modes, all of which are supported by this patch via the “mode=host|shared|bridge” option: * "Host" mode: Allows the vmnet interface to communicate with other * vmnet interfaces that are in host mode and also with the native host. * "Shared" mode: Allows traffic originating from the vmnet interface to reach the Internet through a NAT. The vmnet interface can also communicate with the native host. * "Bridged" mode: Bridges the vmnet interface with a physical network interface. Each of these modes also provide some extra configuration that’s supported by this patch: * "Bridged" mode: The user may specify the physical interface to bridge with. Defaults to en0. * "Host" mode / "Shared" mode: The user may specify the DHCP range and subnet. Allocated by vmnet if not provided. vmnet also offers some extra configuration options that are not supported by this patch: * Enable isolation from other VMs using vmnet * Port forwarding rules * Enabling TCP segmentation offload * Only applicable in "shared" mode: specifying the NAT IPv6 prefix * Only available in "host" mode: specifying the IP address for the VM within an isolated network Note that this patch requires macOS 10.15 as a minimum, as this is when bridging support was implemented in vmnet.framework. Rebased to commit 571d413 by Akihiko Odaki. Signed-off-by: Phillip Tennen <[email protected]> Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]>
- Loading branch information
