nics: Allow managing source mode of directly attached network interfaces

mvollmer · mvollmer · commit 3bc7baef853d · 2025-06-04T11:48:21.000+03:00
Virtual functions from SR-IOV devices might require "passthrough" to work, so let's surface the mode property of directly attached devices fully. See https://issues.redhat.com/browse/RHEL-88407
diff --git a/src/components/common/needsShutdown.tsx b/src/components/common/needsShutdown.tsx
@@ -70,6 +70,13 @@ export function needsShutdownIfaceSource(vm: VM, iface: VMInterface) {
         getIfaceSourceName(inactiveIface) !== getIfaceSourceName(iface);
 }
 
+export function needsShutdownIfaceSourceMode(vm: VM, iface: VMInterface) {
+    const inactiveIface = nicLookupByMAC(vm.inactiveXML.interfaces, iface.mac);
+
+    return inactiveIface && inactiveIface.type == "direct" && iface.type == "direct" &&
+        inactiveIface.source.mode !== iface.source.mode;
+}
+
 export function needsShutdownVcpu(vm: VM) {
     return ((vm.vcpus.count !== vm.inactiveXML.vcpus.count) ||
             (vm.vcpus.max !== vm.inactiveXML.vcpus.max) ||
@@ -122,7 +129,8 @@ export function getDevicesRequiringShutdown(vm: VM) {
     for (const iface of vm.interfaces) {
         if (needsShutdownIfaceType(vm, iface) ||
             needsShutdownIfaceModel(vm, iface) ||
-            needsShutdownIfaceSource(vm, iface)) {
+            needsShutdownIfaceSource(vm, iface) ||
+            needsShutdownIfaceSourceMode(vm, iface)) {
             devices.push(_("Network interface"));
             break;
         }
diff --git a/src/components/vm/nics/nicAdd.jsx b/src/components/vm/nics/nicAdd.jsx
@@ -109,6 +109,7 @@ export class AddNIC extends React.Component {
             dialogError: undefined,
             networkType: "network",
             networkSource: props.availableSources.network.length > 0 ? props.availableSources.network[0] : undefined,
+            networkSourceMode: "bridge",
             networkModel: "virtio",
             setNetworkMac: false,
             networkMac: "",
@@ -162,6 +163,7 @@ export class AddNIC extends React.Component {
             model: this.state.networkModel,
             sourceType: this.state.networkType,
             source: this.state.networkSource,
+            sourceMode: this.state.networkSourceMode,
             // Generate our own random MAC address because virt-xml has bug which generates different MAC for online and offline XML
             // https://github.com/virt-manager/virt-manager/issues/305
             mac: this.state.setNetworkMac ? this.state.networkMac : getRandomMac(vms),
diff --git a/src/components/vm/nics/nicBody.jsx b/src/components/vm/nics/nicBody.jsx
@@ -19,13 +19,12 @@
 
 import React from 'react';
 import PropTypes from 'prop-types';
-import { Button } from "@patternfly/react-core/dist/esm/components/Button";
 import { Flex } from "@patternfly/react-core/dist/esm/layouts/Flex";
 import { FormGroup } from "@patternfly/react-core/dist/esm/components/Form";
 import { FormSelect, FormSelectOption } from "@patternfly/react-core/dist/esm/components/FormSelect";
+import { Radio } from "@patternfly/react-core/dist/esm/components/Radio";
 import { PopoverPosition } from "@patternfly/react-core/dist/esm/components/Popover";
 import { Content, ContentVariants } from "@patternfly/react-core/dist/esm/components/Content";
-import { ExternalLinkSquareAltIcon } from '@patternfly/react-icons';
 
 import { InfoPopover } from '../../common/infoPopover.jsx';
 
@@ -83,7 +82,7 @@ export const NetworkTypeAndSourceRow = ({ idPrefix, onValueChanged, dialogValues
     const virtualNetwork = [{
         name: 'network',
         desc: 'Virtual network',
-        detailHeadline: _("This is the recommended config for general guest connectivity on hosts with dynamic / wireless networking configs."),
+        detailHeadline: _("This is the recommended type for general guest connectivity on hosts with dynamic / wireless networking configs."),
         detailParagraph: _("Provides a connection whose details are described by the named network definition.")
     }];
     if (connectionName !== 'session') {
@@ -92,26 +91,13 @@ export const NetworkTypeAndSourceRow = ({ idPrefix, onValueChanged, dialogValues
             {
                 name: 'bridge',
                 desc: 'Bridge to LAN',
-                detailHeadline: _("This is the recommended config for general guest connectivity on hosts with static wired networking configs."),
+                detailHeadline: _("This is the recommended type for general guest connectivity on hosts with static wired networking configs."),
                 detailParagraph: _("Provides a bridge from the guest virtual machine directly onto the LAN. This needs a bridge device on the host with one or more physical NICs.")
             },
             {
                 name: 'direct',
                 desc: 'Direct attachment',
-                detailHeadline: _("This is the recommended config for high performance or enhanced security."),
-                detailParagraph: _("In the default 'vepa' mode, switching is offloaded to the external switch. If the switch is not VEPA-capable, communication between guest virtual machines, or between a guests and the host is not possible."),
-                externalDocs: (
-                    <Button isInline
-                            className='ct-external-docs-link'
-                            variant="link"
-                            component="a"
-                            icon={<ExternalLinkSquareAltIcon />}
-                            iconPosition="right"
-                            target="__blank"
-                            href="https://libvirt.org/formatdomain.html#direct-attachment-to-physical-interface">
-                        {_("more info")}
-                    </Button>
-                )
+                detailParagraph: _("This is the recommended type for high performance or enhanced security."),
             },
         ];
     } else {
@@ -170,10 +156,7 @@ export const NetworkTypeAndSourceRow = ({ idPrefix, onValueChanged, dialogValues
                                         {availableNetworkTypes.map(type => (<Content key={type.name}>
                                             <Content component={ContentVariants.h4}>{type.desc}</Content>
                                             <strong>{type.detailHeadline}</strong>
-                                            <p>
-                                                {type.detailParagraph}
-                                                {type.externalDocs}
-                                            </p>
+                                            <p>{type.detailParagraph}</p>
                                         </Content>))}
                                     </Flex>}
                            />
@@ -203,6 +186,65 @@ export const NetworkTypeAndSourceRow = ({ idPrefix, onValueChanged, dialogValues
                     </FormSelect>
                 </FormGroup>
             )}
+            {dialogValues.networkType == "direct" && (
+                <FormGroup id={`${idPrefix}-source-mode`} label={_("Mode")} hasNoPaddingTop isInline
+                    data-value={dialogValues.networkSourceMode}
+                       labelHelp={
+                           <InfoPopover
+                               aria-label={_("Mode help")}
+                               position={PopoverPosition.bottom}
+                               enableFlip={false}
+                               bodyContent={
+                                   <Content>
+                                       <Content component={ContentVariants.h4}>
+                                           VEPA
+                                       </Content>
+                                       <Content component={ContentVariants.p}>
+                                           {_("All VMs' packets are sent to the external bridge. Packets whose destination is a VM on the same host as where the packet originates from are sent back to the host by the VEPA capable bridge (today's bridges are typically not VEPA capable)")}.
+                                       </Content>
+                                       <Content component={ContentVariants.h4}>
+                                           {_("Bridge")}
+                                       </Content>
+                                       <Content component={ContentVariants.p}>
+                                           {_("Packets whose destination is on the same host as where they originate from are directly delivered to the target macvtap device. Both origin and destination devices need to be in bridge mode for direct delivery. If either one of them is in \"VEPA\" mode, a VEPA capable bridge is required.")}
+                                       </Content>
+                                       <Content component={ContentVariants.h4}>
+                                           {_("Private")}
+                                       </Content>
+                                       <Content component={ContentVariants.p}>
+                                           {_("All packets are sent to the external bridge and will only be delivered to a target VM on the same host if they are sent through an external router or gateway and that device sends them back to the host. This procedure is followed if either the source or destination device is in \"Private\" mode.")}
+                                       </Content>
+                                       <Content component={ContentVariants.h4}>
+                                           {_("Passthrough")}
+                                       </Content>
+                                       <Content component={ContentVariants.p}>
+                                           {_("This feature attaches a virtual function of a SRIOV capable NIC directly to a VM without losing the migration capability. All packets are sent to the VF/IF of the configured network device. Depending on the capabilities of the device additional prerequisites or limitations may apply.")}
+                                       </Content>
+                                   </Content>}
+                           />
+                       }>
+                    <Radio id={`${idPrefix}-source-mode-vepa`}
+                        name="mode-vepa"
+                        isChecked={dialogValues.networkSourceMode == "vepa"}
+                        label="VEPA"
+                        onChange={() => onValueChanged('networkSourceMode', "vepa")} />
+                    <Radio id={`${idPrefix}-source-mode-bridge`}
+                        name="mode-bridge"
+                        isChecked={dialogValues.networkSourceMode == "bridge"}
+                        label={_("Bridge")}
+                        onChange={() => onValueChanged('networkSourceMode', "bridge")} />
+                    <Radio id={`${idPrefix}-source-mode-private`}
+                        name="mode-private"
+                        isChecked={dialogValues.networkSourceMode == "private"}
+                        label={_("Private")}
+                        onChange={() => onValueChanged('networkSourceMode', "private")} />
+                    <Radio id={`${idPrefix}-source-mode-passthrough`}
+                        name="mode-passthrough"
+                        isChecked={dialogValues.networkSourceMode == "passthrough"}
+                        label={_("Passthrough")}
+                        onChange={() => onValueChanged('networkSourceMode', "passthrough")} />
+                </FormGroup>
+            )}
         </>
     );
 };
diff --git a/src/components/vm/nics/nicEdit.jsx b/src/components/vm/nics/nicEdit.jsx
@@ -78,6 +78,7 @@ export class EditNICModal extends React.Component {
             dialogError: undefined,
             networkType: props.network.type,
             networkSource: defaultNetworkSource,
+            networkSourceMode: props.network.type == "direct" ? props.network.source.mode : "bridge",
             networkModel: props.network.model,
             networkMac: props.network.mac,
             saveDisabled: false,
@@ -141,6 +142,7 @@ export class EditNICModal extends React.Component {
             networkModel: this.state.networkModel,
             networkType: this.state.networkType,
             networkSource: this.state.networkSource,
+            networkSourceMode: this.state.networkSourceMode,
         })
                 .then(() => {
                     domainGet({ connectionName: vm.connectionName, id: vm.id });
diff --git a/src/components/vm/nics/vmNicsCard.jsx b/src/components/vm/nics/vmNicsCard.jsx
@@ -145,6 +145,16 @@ const NetworkSource = ({ network, networkId, vm, hostDevices }) => {
                         {needsShutdownIfaceSource(vm, network) && <NeedsShutdownTooltip iconId={`${id}-network-${networkId}-source-tooltip`} tooltipId="tip-network" />}
                     </Flex>
                 </DescriptionListDescription>
+                { network.source.mode &&
+                    <>
+                        <DescriptionListTerm>
+                            {_("Mode")}
+                        </DescriptionListTerm>
+                        <DescriptionListDescription id={`${id}-network-${networkId}-source-mode`}>
+                            {network.source.mode}
+                        </DescriptionListDescription>
+                    </>
+                }
             </DescriptionListGroup>
         );
     };
diff --git a/src/libvirtApi/domain.ts b/src/libvirtApi/domain.ts
@@ -226,6 +226,7 @@ interface InterfaceSpec {
     hotplug: boolean,
     sourceType: string,
     source: string,
+    sourceMode: string,
     model: string,
 }
 
@@ -237,10 +238,11 @@ export function domainAttachIface({
     hotplug,
     sourceType,
     source,
+    sourceMode,
     model
 }: { connectionName: ConnectionName, vmName: string } & InterfaceSpec): cockpit.Spawn<string> {
     const macArg = mac ? "mac=" + mac + "," : "";
-    const args = ['virt-xml', '-c', `qemu:///${connectionName}`, vmName, '--add-device', '--network', `${macArg}type=${sourceType},source=${source},source.mode=bridge,model=${model}`];
+    const args = ['virt-xml', '-c', `qemu:///${connectionName}`, vmName, '--add-device', '--network', `${macArg}type=${sourceType},source=${source},source.mode=${sourceMode},model=${model}`];
 
     if (hotplug) {
         args.push("--update");
@@ -258,6 +260,7 @@ interface InterfaceChangeSpec {
     newMacAddress?: string,
     networkType?: string,
     networkSource?: string,
+    networkSourceMode?: string,
     networkModel?: string,
     state?: string,
 }
@@ -271,6 +274,7 @@ export function domainChangeInterfaceSettings({
     newMacAddress,
     networkType,
     networkSource,
+    networkSourceMode,
     networkModel,
     state,
 }: { connectionName: ConnectionName, vmName: string } & InterfaceChangeSpec): cockpit.Spawn<string> {
@@ -287,6 +291,8 @@ export function domainChangeInterfaceSettings({
         }
         if (networkSource)
             networkParams += `source=${networkSource},`;
+        if (networkSourceMode)
+            networkParams += `source.mode=${networkSourceMode},`;
         if (networkModel)
             networkParams += `model=${networkModel},`;
     }
diff --git a/test/check-machines-nics b/test/check-machines-nics
