From: Phillip Tennen <phil...@axleos.com> This patch series implements a new netdev device, reachable via -netdev vmnet-macos, that’s backed by macOS’s vmnet framework.
The vmnet framework provides native bridging support, and its usage in this patch is intended as a replacement for attempts to use a tap device via the tuntaposx kernel extension. Notably, the tap/tuntaposx approach never would have worked in the first place, as QEMU interacts with the tap device via poll(), and macOS does not support polling device files. vmnet requires either a special entitlement, granted via a provisioning profile, or root access. Otherwise attempts to create the virtual interface will fail with a “generic error” status code. QEMU may not currently be signed with an entitlement granted in a provisioning profile, as this would necessitate pre-signed binary build distribution, rather than source-code distribution. As such, using this netdev currently requires that qemu be run with root access. I’ve opened a feedback report with Apple to allow the use of the relevant entitlement with this use case: https://openradar.appspot.com/radar?id=5007417364447232 vmnet offers three operating modes, all of which are supported by this patch via the “mode=host|shared|bridge” option: * "Host" mode: Allows the vmnet interface to communicate with other vmnet interfaces that are in host mode and also with the native host. * "Shared" mode: Allows traffic originating from the vmnet interface to reach the Internet through a NAT. The vmnet interface can also communicate with the native host. * "Bridged" mode: Bridges the vmnet interface with a physical network interface. Each of these modes also provide some extra configuration that’s supported by this patch: * "Bridged" mode: The user may specify the physical interface to bridge with. Defaults to en0. * "Host" mode / "Shared" mode: The user may specify the DHCP range and subnet. Allocated by vmnet if not provided. vmnet also offers some extra configuration options that are not supported by this patch: * Enable isolation from other VMs using vmnet * Port forwarding rules * Enabling TCP segmentation offload * Only applicable in "shared" mode: specifying the NAT IPv6 prefix * Only available in "host" mode: specifying the IP address for the VM within an isolated network Note that this patch requires macOS 10.15 as a minimum, as this is when bridging support was implemented in vmnet.framework. This is my first QEMU contribution, so please feel free to let me know what I’ve missed or what needs improving. Thanks very much for taking a look =) Phillip Tennen (2): build: add configure flag to indicate when the host is Darwin net: implement vmnet-based netdev configure | 6 +- net/clients.h | 6 + net/meson.build | 1 + net/net.c | 3 + net/vmnet-macos.c | 444 ++++++++++++++++++++++++++++++++++++++++++++++ qapi/net.json | 64 ++++++- qemu-options.hx | 9 + 7 files changed, 530 insertions(+), 3 deletions(-) create mode 100644 net/vmnet-macos.c -- 2.24.3 (Apple Git-128)