Skip to content

vm networking: add flag vnet_hdr #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
akerouanton wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

vm networking: add flag vnet_hdr #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/vm-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ that take the following fields:
VFKIT magic sequence after connecting to the `socket`. Accept any of `1, t, T,
TRUE, true, True, 0, f, F, FALSE, false, False`. Any other value is invalid and
will produce an error.
- `vnet_hdr` (optional, defaults to false): Indicate whether the VMM includes
virtio-net headers along with Ethernet frames.
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new vnet_hdr field is parsed with strconv.ParseBool, but the docs don't describe what values are accepted (unlike vfkit, which lists the accepted boolean strings). Consider documenting the accepted boolean values (or referencing that it follows Go's ParseBool rules) for consistency and to reduce configuration errors.

Suggested change
virtio-net headers along with Ethernet frames.
virtio-net headers along with Ethernet frames. Accept any of `1, t, T, TRUE,
true, True, 0, f, F, FALSE, false, False`. Any other value is invalid and will
produce an error.

Copilot uses AI. Check for mistakes.

Note that the first network specified will be used as the default gateway.

Expand Down
18 changes: 17 additions & 1 deletion internal/shim/task/networking_unix.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ import (
"github.com/containerd/nerdbox/internal/vm"
)

const (
NET_FLAG_VFKIT = 1 << iota // See https://github.com/containers/libkrun/blob/357ec63fee444b973e4fc76d2121fd41631f121e/include/libkrun.h#L271C9-L271C23
NET_FLAG_INCLUDE_VNET_HEADER
Comment on lines +34 to +35
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These flag constants are declared with exported (ALL_CAPS) names even though they're only used within this file; this diverges from the surrounding unexported constants (e.g., socketField/modeField) and unnecessarily widens the package surface. Consider renaming them to unexported lowerCamelCase (or colocating them with other libkrun-related constants) to match local conventions.

Suggested change
NET_FLAG_VFKIT = 1 << iota // See https://github.com/containers/libkrun/blob/357ec63fee444b973e4fc76d2121fd41631f121e/include/libkrun.h#L271C9-L271C23
NET_FLAG_INCLUDE_VNET_HEADER
netFlagVfkit = 1 << iota // See https://github.com/containers/libkrun/blob/357ec63fee444b973e4fc76d2121fd41631f121e/include/libkrun.h#L271C9-L271C23
netFlagIncludeVnetHeader

Copilot uses AI. Check for mistakes.
)

type networksProvider struct {
nws []network
}
Expand All @@ -43,6 +48,7 @@ type network struct {
addr6 netip.Prefix // addr6 is the IPv6 address + subnet mask of the network interface
features uint32 // features is a bitmask of virtio-net features enabled on this network endpoint
vfkit bool // vfkit is a boolean flag indicating whether libkrun must send the VFKIT magic sequence after connecting to the socket.
vnetHdr bool // vnetHdr is a boolean flag indicating whether libkrun must include virtio-net headers along with Ethernet frames.
}

const (
Expand All @@ -57,6 +63,7 @@ const (
addrField = "addr"
featuresField = "features" // features is a bitwise-OR separated list of virtio-net features. See https://docs.oasis-open.org/virtio/virtio/v1.3/csd01/virtio-v1.3-csd01.html#x1-2370003
vfkitField = "vfkit" // vfkit is a boolean flag indicating whether libkrun must send the VFKIT magic sequence after connecting to the socket.
vnetHdrField = "vnet_hdr"

nwModeUnixgram = "unixgram"
nwModeUnixstream = "unixstream"
Expand Down Expand Up @@ -149,6 +156,12 @@ func parseNetwork(annotation string) (network, error) {
return network{}, fmt.Errorf("parsing vfkit field: %w", err)
}
n.vfkit = vfkit
case vnetHdrField:
vnetHdr, err := strconv.ParseBool(value)
if err != nil {
return network{}, fmt.Errorf("parsing vnet_hdr field: %w", err)
}
n.vnetHdr = vnetHdr
default:
return network{}, fmt.Errorf("unknown network field: %s", key)
}
Expand Down Expand Up @@ -180,7 +193,10 @@ func (p *networksProvider) SetupVM(ctx context.Context, vmi vm.Instance) error {

var flags uint32
if nw.vfkit {
flags = 1 // See https://github.com/containers/libkrun/blob/357ec63fee444b973e4fc76d2121fd41631f121e/include/libkrun.h#L271C9-L271C23
flags = NET_FLAG_VFKIT
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a bitmask, using assignment here is slightly error-prone/inconsistent with the later OR operation. Using a bitwise-OR update for the vfkit flag too keeps the pattern uniform and avoids accidentally overwriting previously set bits if additional flags are added later.

Suggested change
flags = NET_FLAG_VFKIT
flags |= NET_FLAG_VFKIT

Copilot uses AI. Check for mistakes.
}
if nw.vnetHdr {
flags |= NET_FLAG_INCLUDE_VNET_HEADER
}

if err := vmi.AddNIC(ctx, nw.endpoint, nw.mac, nwMode, nw.features, flags); err != nil {
Expand Down