Add networking options for vde_vmnet support

jandubois · jandubois · commit cc6c3ffb5f5f · 2021-07-30T09:47:40.000-07:00
Signed-off-by: Jan Dubois &lt;jan.dubois@suse.com&gt;
diff --git a/pkg/limayaml/default.yaml b/pkg/limayaml/default.yaml
@@ -31,6 +31,19 @@ memory: "4GiB"
 # Default: "100GiB"
 disk: "100GiB"
 
+network:
+  # The instance can get a routable IP address from the vmnet framework using
+  # https://github.com/AkihiroSuda/vde_vmnet. Both vde_switch and vde_vmnet
+  # daemons must be running before the instance is started. The interface type
+  # (host, shared, or bridged) is configured in vde_vmnet and not lima.
+  vde:
+    # vde_switch socket directory, normally /var/run/vde.ctl
+    # Default: "" (vmnet is not being used)
+    url: ""
+    # MAC address of the instance; lima will pick one based on the instance name,
+    # so DHCP assigned ip addresses should remain constant over instance restarts.
+    macAddress: ""
+
 # Expose host directories to the guest
 # Default: none
 mounts:
diff --git a/pkg/limayaml/limayaml.go b/pkg/limayaml/limayaml.go
@@ -20,6 +20,7 @@ type LimaYAML struct {
 	Containerd   Containerd    `yaml:"containerd,omitempty"`
 	Probes       []Probe       `yaml:"probes,omitempty"`
 	PortForwards []PortForward `yaml:"portForwards,omitempty"`
+	Network      Network       `yaml:"network,omitempty"`
 }
 
 type Arch = string
@@ -105,3 +106,11 @@ type PortForward struct {
 	Proto          Proto  `yaml:"proto,omitempty"`
 	Ignore         bool   `yaml:"ignore,omitempty"`
 }
+
+type Network struct {
+	VDE VDE `yaml:"vde,omitempty"`
+}
+type VDE struct {
+	URL        string `yaml:"url,omitempty"`
+	MACAddress string `yaml:"macAddress,omitempty"`
+}
diff --git a/pkg/limayaml/validate.go b/pkg/limayaml/validate.go
@@ -2,6 +2,7 @@ package limayaml
 
 import (
 	"fmt"
+	"net"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -163,6 +164,35 @@ func ValidateRaw(y LimaYAML) error {
 		// Not validating that the various GuestPortRanges and HostPortRanges are not overlapping. Rules will be
 		// processed sequentially and the first matching rule for a guest port determines forwarding behavior.
 	}
+	if y.Network.VDE.URL != "" {
+		fieldRef := "field `network.vde.url`"
+		// The field is called VDE.URL in anticipation of QEMU upgrading VDE2 to VDEplug4,
+		// but right now the only valid value is a path to the vde_switch socket directory.
+		fi, err := os.Stat(y.Network.VDE.URL)
+		if err != nil {
+			return errors.Wrapf(err, "%s %q failed stat", fieldRef, y.Network.VDE.URL)
+		}
+		if !fi.IsDir() {
+			return errors.Wrapf(err, "%s %q is not a directory", fieldRef, y.Network.VDE.URL)
+		}
+		ctlSocket := filepath.Join(y.Network.VDE.URL, "ctl")
+		fi, err = os.Stat(ctlSocket)
+		if err != nil {
+			return errors.Wrapf(err, "%s control socket %q failed stat", fieldRef, ctlSocket)
+		}
+		if fi.Mode() & os.ModeSocket == 0 {
+			return errors.Errorf("%s file %q is not a UNIX socket", fieldRef, ctlSocket)
+		}
+	}
+	if y.Network.VDE.MACAddress != "" {
+		hw, err := net.ParseMAC(y.Network.VDE.MACAddress)
+		if err != nil {
+			return errors.Wrap(err,"field `vmnet.mac` invalid")
+		}
+		if len(hw) != 6 {
+			return errors.Errorf("field `vmnet.mac` must be a 48 bit (6 bytes) MAC address; actual length of %q is %d bytes", y.Network.VDE.MACAddress, len(hw))
+		}
+	}
 	return nil
 }
 
diff --git a/pkg/qemu/qemu.go b/pkg/qemu/qemu.go
@@ -1,7 +1,9 @@
 package qemu
 
 import (
+	"crypto/sha256"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -131,6 +133,18 @@ func appendArgsIfNoConflict(args []string, k, v string) []string {
 	return append(args, k, v)
 }
 
+func macAddress(cfg Config) string {
+	addr := cfg.LimaYAML.Network.VDE.MACAddress
+	if addr == "" {
+		sha := sha256.Sum256([]byte(cfg.InstanceDir))
+		// According to https://gitlab.com/wireshark/wireshark/-/blob/master/manuf
+		// no well-known MAC addresses start with 0x22.
+		hw := append(net.HardwareAddr{0x22}, sha[0:5]...)
+		addr = hw.String()
+	}
+	return addr
+}
+
 func Cmdline(cfg Config) (string, []string, error) {
 	y := cfg.LimaYAML
 	exe, args, err := getExe(y.Arch)
@@ -194,10 +208,13 @@ func Cmdline(cfg Config) (string, []string, error) {
 	args = append(args, "-cdrom", filepath.Join(cfg.InstanceDir, filenames.CIDataISO))
 
 	// Network
+	if y.Network.VDE.URL != "" {
+		args = append(args, "-device", fmt.Sprintf("virtio-net-pci,netdev=net0,mac=%s", macAddress(cfg)))
+		args = append(args, "-netdev", fmt.Sprintf("vde,id=net0,sock=%s", y.Network.VDE.URL))
+	}
 	// CIDR is intentionally hardcoded to 192.168.5.0/24, as each of QEMU has its own independent slirp network.
-	// TODO: enable bridge (with sudo?)
-	args = append(args, "-net", "nic,model=virtio")
-	args = append(args, "-net", fmt.Sprintf("user,net=192.168.5.0/24,hostfwd=tcp:127.0.0.1:%d-:22", y.SSH.LocalPort))
+	args = append(args, "-device", "virtio-net-pci,netdev=net1")
+	args = append(args, "-netdev", fmt.Sprintf("user,id=net1,net=192.168.5.0/24,hostfwd=tcp:127.0.0.1:%d-:22", y.SSH.LocalPort))
 
 	// virtio-rng-pci acceralates starting up the OS, according to https://wiki.gentoo.org/wiki/QEMU/Options
 	args = append(args, "-device", "virtio-rng-pci")
