[1/4] Introduce krun_set_passt_fd API and use it in chroot_vm

For now chroot_vm is hardcoded to use /tmp/passt_1.socket as a passt socket.

krun_set_passt_fd will be implemented in the next commit.

Signed-off-by: Matej Hrica <[email protected]>

Author: mtjhrc

examples/chroot_vm.c

@@ -9,6 +9,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
 #include <unistd.h>
 #include <libkrun.h>
 #include <getopt.h>
@@ -20,12 +22,19 @@
 #define MAX_PATH 4096
 #endif
 
+enum net_mode {
+    NET_MODE_PASST = 0,
+    NET_MODE_TSI,
+};
+
 static void print_help(char *const name)
 {
     fprintf(stderr,
         "Usage: %s [OPTIONS] NEWROOT COMMAND [COMMAND_ARGS...]\n"
         "OPTIONS: \n"
         "        -h    --help            Show help\n"
+        "              --net=NET_MODE    Set network mode\n"
+        "NET_MODE can be either TSI (default) or PASST\n"
         "\n"
         "NEWROOT:      the root directory of the vm\n"
         "COMMAND:      the command you want to execute in the vm\n"
@@ -36,11 +45,13 @@ static void print_help(char *const name)
 
 static const struct option long_options[] = {
     { "help", no_argument, NULL, 'h' },
+    { "net_mode", required_argument, NULL, 'N' },
     { NULL, 0, NULL, 0 }
 };
 
 struct cmdline {
     bool show_help;
+    enum net_mode net_mode;
     char const *new_root;
     char *const *guest_argv;
 };
@@ -52,6 +63,7 @@ bool parse_cmdline(int argc, char *const argv[], struct cmdline *cmdline)
     // set the defaults
     *cmdline = (struct cmdline){
         .show_help = false,
+        .net_mode = NET_MODE_TSI,
         .new_root = NULL,
         .guest_argv = NULL,
     };
@@ -64,6 +76,16 @@ bool parse_cmdline(int argc, char *const argv[], struct cmdline *cmdline)
         case 'h':
             cmdline->show_help = true;
             return true;
+        case 'N':
+            if (strcasecmp("TSI", optarg) == 0) {
+                cmdline->net_mode = NET_MODE_TSI;
+            } else if(strcasecmp("PASST", optarg) == 0) {
+                cmdline->net_mode = NET_MODE_PASST;
+            } else {
+                fprintf(stderr, "Unknown mode %s\n", optarg);
+                return false;
+            }
+            break;
         case '?':
             return false;
         default:
@@ -89,6 +111,27 @@ bool parse_cmdline(int argc, char *const argv[], struct cmdline *cmdline)
     return false;
 }
 
+int connect_to_passt()
+{
+    struct sockaddr_un addr;
+    int socket_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (socket_fd < 0) {
+        perror("Failed to create passt socket fd");
+        return -1;
+    }
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    strncpy(addr.sun_path, "/tmp/passt_1.socket", sizeof(addr.sun_path) - 1);
+
+    if (connect(socket_fd, (const struct sockaddr *) &addr, sizeof(addr)) < 0) {
+        perror("Failed to bind passt socket");
+        return -1;
+    }
+
+    return socket_fd;
+}
+
 
 int main(int argc, char *const argv[])
 {
@@ -182,11 +225,24 @@ int main(int argc, char *const argv[])
         return -1;
     }
 
-    // Map port 18000 in the host to 8000 in the guest.
-    if (err = krun_set_port_map(ctx_id, &port_map[0])) {
-        errno = -err;
-        perror("Error configuring port map");
-        return -1;
+    // Map port 18000 in the host to 8000 in the guest (if networking uses TSI)
+    if (cmdline.net_mode == NET_MODE_TSI) {
+        if (err = krun_set_port_map(ctx_id, &port_map[0])) {
+            errno = -err;
+            perror("Error configuring port map");
+            return -1;
+        }
+    } else {
+        int passt_fd = connect_to_passt();
+        if (passt_fd < 0) {
+            return -1;
+        }
+
+        if (err = krun_set_passt_fd(ctx_id, passt_fd)) {
+            errno = -err;
+            perror("Error configuring net mode");
+            return -1;
+        }
     }
 
     // Configure the rlimits that will be set in the guest

include/libkrun.h

@@ -103,6 +103,23 @@ int32_t krun_set_data_disk(uint32_t ctx_id, const char *disk_path);
  */
 int32_t krun_set_mapped_volumes(uint32_t ctx_id, char *const mapped_volumes[]);
 
+/*
+ * Configures the networking to use passt.
+ * Call to this function disables TSI backend to use passt instead.
+ *
+ * Arguments:
+ *  "ctx_id"         - the configuration context ID.
+ *  "fd"             - a file descriptor to communicate with passt
+ *
+ * Notes:
+ * If you never call this function, networking uses the TSI backend.
+ * This function should be called before krun_set_port_map.
+ *
+ * Returns:
+ *  Zero on success or a negative error number on failure.
+ */
+int32_t krun_set_passt_fd(uint32_t ctx_id, int fd);
+
 /*
  * Configures a map of host to guest TCP ports for the microVM.
  *
@@ -112,6 +129,8 @@ int32_t krun_set_mapped_volumes(uint32_t ctx_id, char *const mapped_volumes[]);
  *
  * Returns:
  *  Zero on success or a negative error number on failure.
+ *  Documented errors:
+ *       -ENOTSUP when passt networking is used
  *
  * Notes:
  *  Passing NULL (or not calling this function) as "port_map" has a different meaning than
@@ -123,6 +142,8 @@ int32_t krun_set_mapped_volumes(uint32_t ctx_id, char *const mapped_volumes[]);
  *  means that for a map such as "8080:80", applications running inside the guest will also
  *  need to access the service through the "8080" port.
  *
+ * If past networking mode is used (krun_set_passt_fd was called), port mapping is not supported
+ * as an API of libkrun (but you can still do port mapping using command line arguments of passt)
  */
 int32_t krun_set_port_map(uint32_t ctx_id, char *const port_map[]);
 

src/libkrun/src/lib.rs

@@ -19,7 +19,7 @@ use std::sync::Mutex;
 #[cfg(feature = "tee")]
 use devices::virtio::CacheType;
 use env_logger::Env;
-use libc::{c_char, size_t};
+use libc::{c_char, c_int, size_t};
 use once_cell::sync::Lazy;
 use polly::event_manager::EventManager;
 use vmm::resources::VmResources;
@@ -458,6 +458,12 @@ pub unsafe extern "C" fn krun_set_data_disk(ctx_id: u32, c_disk_path: *const c_c
     KRUN_SUCCESS
 }
 
+#[allow(clippy::missing_safety_doc)]
+#[no_mangle]
+pub unsafe extern "C" fn krun_set_passt_fd(ctx_id: u32, fd: c_int) -> i32 {
+    todo!("krun_set_passt_fd({},{})", ctx_id, fd);
+}
+
 #[allow(clippy::missing_safety_doc)]
 #[no_mangle]
 pub unsafe extern "C" fn krun_set_port_map(ctx_id: u32, c_port_map: *const *const c_char) -> i32 {