2009-10-22 20:49:07 +04:00
|
|
|
/*
|
|
|
|
* QEMU System Emulator
|
|
|
|
*
|
|
|
|
* Copyright (c) 2003-2008 Fabrice Bellard
|
|
|
|
* Copyright (c) 2009 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
2016-01-29 20:50:00 +03:00
|
|
|
#include "qemu/osdep.h"
|
2012-10-24 10:43:34 +04:00
|
|
|
#include "tap_int.h"
|
2009-10-22 20:49:07 +04:00
|
|
|
|
|
|
|
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/wait.h>
|
2009-10-31 00:27:00 +03:00
|
|
|
#include <sys/socket.h>
|
2009-10-22 20:49:07 +04:00
|
|
|
#include <net/if.h>
|
|
|
|
|
net: Pad short frames to minimum size before sending from SLiRP/TAP
The minimum Ethernet frame length is 60 bytes. For short frames with
smaller length like ARP packets (only 42 bytes), on a real world NIC
it can choose either padding its length to the minimum required 60
bytes, or sending it out directly to the wire. Such behavior can be
hardcoded or controled by a register bit. Similarly on the receive
path, NICs can choose either dropping such short frames directly or
handing them over to software to handle.
On the other hand, for the network backends like SLiRP/TAP, they
don't expose a way to control the short frame behavior. As of today
they just send/receive data from/to the other end connected to them,
which means any sized packet is acceptable. So they can send and
receive short frames without any problem. It is observed that ARP
packets sent from SLiRP/TAP are 42 bytes, and SLiRP/TAP just send
these ARP packets to the other end which might be a NIC model that
does not allow short frames to pass through.
To provide better compatibility, for packets sent from QEMU network
backends like SLiRP/TAP, we change to pad short frames before sending
it out to the other end, if the other end does not forbid it via the
nc->do_not_pad flag. This ensures a backend as an Ethernet sender
does not violate the spec. But with this change, the behavior of
dropping short frames from SLiRP/TAP interfaces in the NIC model
cannot be emulated because it always receives a packet that is spec
complaint. The capability of sending short frames from NIC models is
still supported and short frames can still pass through SLiRP/TAP.
This commit should be able to fix the issue as reported with some
NIC models before, that ARP requests get dropped, preventing the
guest from becoming visible on the network. It was workarounded in
these NIC models on the receive path, that when a short frame is
received, it is padded up to 60 bytes.
The following 2 commits seem to be the one to workaround this issue
in e1000 and vmxenet3 before, and should probably be reverted.
commit 78aeb23eded2 ("e1000: Pad short frames to minimum size (60 bytes)")
commit 40a87c6c9b11 ("vmxnet3: Pad short frames to minimum size (60 bytes)")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-03-17 09:26:29 +03:00
|
|
|
#include "net/eth.h"
|
2012-10-24 10:43:34 +04:00
|
|
|
#include "net/net.h"
|
2012-09-17 20:43:51 +04:00
|
|
|
#include "clients.h"
|
2012-12-17 21:19:49 +04:00
|
|
|
#include "monitor/monitor.h"
|
2012-12-17 21:20:04 +04:00
|
|
|
#include "sysemu/sysemu.h"
|
include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.
Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.
Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.
This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-14 11:01:28 +03:00
|
|
|
#include "qapi/error.h"
|
2016-03-20 20:16:19 +03:00
|
|
|
#include "qemu/cutils.h"
|
2012-12-17 21:20:00 +04:00
|
|
|
#include "qemu/error-report.h"
|
Include qemu/main-loop.h less
In my "build everything" tree, changing qemu/main-loop.h triggers a
recompile of some 5600 out of 6600 objects (not counting tests and
objects that don't depend on qemu/osdep.h). It includes block/aio.h,
which in turn includes qemu/event_notifier.h, qemu/notify.h,
qemu/processor.h, qemu/qsp.h, qemu/queue.h, qemu/thread-posix.h,
qemu/thread.h, qemu/timer.h, and a few more.
Include qemu/main-loop.h only where it's needed. Touching it now
recompiles only some 1700 objects. For block/aio.h and
qemu/event_notifier.h, these numbers drop from 5600 to 2800. For the
others, they shrink only slightly.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190812052359.30071-21-armbru@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-12 08:23:50 +03:00
|
|
|
#include "qemu/main-loop.h"
|
2018-04-06 21:51:25 +03:00
|
|
|
#include "qemu/sockets.h"
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2012-10-24 10:43:34 +04:00
|
|
|
#include "net/tap.h"
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2013-02-05 20:06:20 +04:00
|
|
|
#include "net/vhost_net.h"
|
2010-03-17 14:08:24 +03:00
|
|
|
|
2009-10-22 20:49:07 +04:00
|
|
|
typedef struct TAPState {
|
2012-07-24 19:35:13 +04:00
|
|
|
NetClientState nc;
|
2009-10-22 20:49:07 +04:00
|
|
|
int fd;
|
|
|
|
char down_script[1024];
|
|
|
|
char down_script_arg[128];
|
2013-03-18 22:43:44 +04:00
|
|
|
uint8_t buf[NET_BUFSIZE];
|
2013-01-30 15:12:20 +04:00
|
|
|
bool read_poll;
|
|
|
|
bool write_poll;
|
|
|
|
bool using_vnet_hdr;
|
|
|
|
bool has_ufo;
|
2023-08-01 01:31:46 +03:00
|
|
|
bool has_uso;
|
2013-01-30 15:12:32 +04:00
|
|
|
bool enabled;
|
2010-03-17 14:08:24 +03:00
|
|
|
VHostNetState *vhost_net;
|
2010-07-13 18:55:31 +04:00
|
|
|
unsigned host_vnet_hdr_len;
|
2016-07-11 17:48:47 +03:00
|
|
|
Notifier exit;
|
2009-10-22 20:49:07 +04:00
|
|
|
} TAPState;
|
|
|
|
|
2015-05-15 14:58:57 +03:00
|
|
|
static void launch_script(const char *setup_script, const char *ifname,
|
|
|
|
int fd, Error **errp);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
|
|
|
static void tap_send(void *opaque);
|
|
|
|
static void tap_writable(void *opaque);
|
|
|
|
|
|
|
|
static void tap_update_fd_handler(TAPState *s)
|
|
|
|
{
|
Change qemu_set_fd_handler2(..., NULL, ...) to qemu_set_fd_handler
Done with following Coccinelle semantic patch, plus manual cosmetic changes in
net/*.c.
@@
expression E1, E2, E3, E4;
@@
- qemu_set_fd_handler2(E1, NULL, E2, E3, E4);
+ qemu_set_fd_handler(E1, E2, E3, E4);
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1433400324-7358-8-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-04 09:45:18 +03:00
|
|
|
qemu_set_fd_handler(s->fd,
|
|
|
|
s->read_poll && s->enabled ? tap_send : NULL,
|
|
|
|
s->write_poll && s->enabled ? tap_writable : NULL,
|
|
|
|
s);
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2013-01-30 15:12:20 +04:00
|
|
|
static void tap_read_poll(TAPState *s, bool enable)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2013-01-30 15:12:20 +04:00
|
|
|
s->read_poll = enable;
|
2009-10-22 20:49:07 +04:00
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
|
2013-01-30 15:12:20 +04:00
|
|
|
static void tap_write_poll(TAPState *s, bool enable)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2013-01-30 15:12:20 +04:00
|
|
|
s->write_poll = enable;
|
2009-10-22 20:49:07 +04:00
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void tap_writable(void *opaque)
|
|
|
|
{
|
|
|
|
TAPState *s = opaque;
|
|
|
|
|
2013-01-30 15:12:20 +04:00
|
|
|
tap_write_poll(s, false);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2009-11-25 21:49:04 +03:00
|
|
|
qemu_flush_queued_packets(&s->nc);
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t tap_write_packet(TAPState *s, const struct iovec *iov, int iovcnt)
|
|
|
|
{
|
|
|
|
ssize_t len;
|
|
|
|
|
2022-10-23 12:04:22 +03:00
|
|
|
len = RETRY_ON_EINTR(writev(s->fd, iov, iovcnt));
|
2009-10-22 20:49:07 +04:00
|
|
|
|
|
|
|
if (len == -1 && errno == EAGAIN) {
|
2013-01-30 15:12:20 +04:00
|
|
|
tap_write_poll(s, true);
|
2009-10-22 20:49:07 +04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
static ssize_t tap_receive_iov(NetClientState *nc, const struct iovec *iov,
|
2009-10-22 20:49:07 +04:00
|
|
|
int iovcnt)
|
|
|
|
{
|
2009-11-25 21:49:04 +03:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 20:49:07 +04:00
|
|
|
const struct iovec *iovp = iov;
|
2023-08-24 18:32:24 +03:00
|
|
|
g_autofree struct iovec *iov_copy = NULL;
|
2024-04-28 10:00:49 +03:00
|
|
|
struct virtio_net_hdr hdr = { };
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2010-07-13 18:55:31 +04:00
|
|
|
if (s->host_vnet_hdr_len && !s->using_vnet_hdr) {
|
2023-08-24 18:32:24 +03:00
|
|
|
iov_copy = g_new(struct iovec, iovcnt + 1);
|
2009-10-22 20:49:07 +04:00
|
|
|
iov_copy[0].iov_base = &hdr;
|
2010-07-13 18:55:31 +04:00
|
|
|
iov_copy[0].iov_len = s->host_vnet_hdr_len;
|
2009-10-22 20:49:07 +04:00
|
|
|
memcpy(&iov_copy[1], iov, iovcnt * sizeof(*iov));
|
|
|
|
iovp = iov_copy;
|
|
|
|
iovcnt++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return tap_write_packet(s, iovp, iovcnt);
|
|
|
|
}
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
static ssize_t tap_receive(NetClientState *nc, const uint8_t *buf, size_t size)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2024-04-28 10:00:48 +03:00
|
|
|
struct iovec iov = {
|
|
|
|
.iov_base = (void *)buf,
|
|
|
|
.iov_len = size
|
|
|
|
};
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2024-04-28 10:00:48 +03:00
|
|
|
return tap_receive_iov(nc, &iov, 1);
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2009-10-22 20:49:09 +04:00
|
|
|
#ifndef __sun__
|
|
|
|
ssize_t tap_read_packet(int tapfd, uint8_t *buf, int maxlen)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
|
|
|
return read(tapfd, buf, maxlen);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
static void tap_send_completed(NetClientState *nc, ssize_t len)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2009-11-25 21:49:04 +03:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2013-01-30 15:12:20 +04:00
|
|
|
tap_read_poll(s, true);
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static void tap_send(void *opaque)
|
|
|
|
{
|
|
|
|
TAPState *s = opaque;
|
|
|
|
int size;
|
2014-07-18 13:33:42 +04:00
|
|
|
int packets = 0;
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2015-06-04 09:45:17 +03:00
|
|
|
while (true) {
|
2009-10-27 21:16:39 +03:00
|
|
|
uint8_t *buf = s->buf;
|
net: Pad short frames to minimum size before sending from SLiRP/TAP
The minimum Ethernet frame length is 60 bytes. For short frames with
smaller length like ARP packets (only 42 bytes), on a real world NIC
it can choose either padding its length to the minimum required 60
bytes, or sending it out directly to the wire. Such behavior can be
hardcoded or controled by a register bit. Similarly on the receive
path, NICs can choose either dropping such short frames directly or
handing them over to software to handle.
On the other hand, for the network backends like SLiRP/TAP, they
don't expose a way to control the short frame behavior. As of today
they just send/receive data from/to the other end connected to them,
which means any sized packet is acceptable. So they can send and
receive short frames without any problem. It is observed that ARP
packets sent from SLiRP/TAP are 42 bytes, and SLiRP/TAP just send
these ARP packets to the other end which might be a NIC model that
does not allow short frames to pass through.
To provide better compatibility, for packets sent from QEMU network
backends like SLiRP/TAP, we change to pad short frames before sending
it out to the other end, if the other end does not forbid it via the
nc->do_not_pad flag. This ensures a backend as an Ethernet sender
does not violate the spec. But with this change, the behavior of
dropping short frames from SLiRP/TAP interfaces in the NIC model
cannot be emulated because it always receives a packet that is spec
complaint. The capability of sending short frames from NIC models is
still supported and short frames can still pass through SLiRP/TAP.
This commit should be able to fix the issue as reported with some
NIC models before, that ARP requests get dropped, preventing the
guest from becoming visible on the network. It was workarounded in
these NIC models on the receive path, that when a short frame is
received, it is padded up to 60 bytes.
The following 2 commits seem to be the one to workaround this issue
in e1000 and vmxenet3 before, and should probably be reverted.
commit 78aeb23eded2 ("e1000: Pad short frames to minimum size (60 bytes)")
commit 40a87c6c9b11 ("vmxnet3: Pad short frames to minimum size (60 bytes)")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-03-17 09:26:29 +03:00
|
|
|
uint8_t min_pkt[ETH_ZLEN];
|
|
|
|
size_t min_pktsz = sizeof(min_pkt);
|
2009-10-27 21:16:39 +03:00
|
|
|
|
|
|
|
size = tap_read_packet(s->fd, s->buf, sizeof(s->buf));
|
|
|
|
if (size <= 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2010-07-13 18:55:31 +04:00
|
|
|
if (s->host_vnet_hdr_len && !s->using_vnet_hdr) {
|
|
|
|
buf += s->host_vnet_hdr_len;
|
|
|
|
size -= s->host_vnet_hdr_len;
|
2009-10-27 21:16:39 +03:00
|
|
|
}
|
|
|
|
|
2021-04-23 06:18:03 +03:00
|
|
|
if (net_peer_needs_padding(&s->nc)) {
|
net: Pad short frames to minimum size before sending from SLiRP/TAP
The minimum Ethernet frame length is 60 bytes. For short frames with
smaller length like ARP packets (only 42 bytes), on a real world NIC
it can choose either padding its length to the minimum required 60
bytes, or sending it out directly to the wire. Such behavior can be
hardcoded or controled by a register bit. Similarly on the receive
path, NICs can choose either dropping such short frames directly or
handing them over to software to handle.
On the other hand, for the network backends like SLiRP/TAP, they
don't expose a way to control the short frame behavior. As of today
they just send/receive data from/to the other end connected to them,
which means any sized packet is acceptable. So they can send and
receive short frames without any problem. It is observed that ARP
packets sent from SLiRP/TAP are 42 bytes, and SLiRP/TAP just send
these ARP packets to the other end which might be a NIC model that
does not allow short frames to pass through.
To provide better compatibility, for packets sent from QEMU network
backends like SLiRP/TAP, we change to pad short frames before sending
it out to the other end, if the other end does not forbid it via the
nc->do_not_pad flag. This ensures a backend as an Ethernet sender
does not violate the spec. But with this change, the behavior of
dropping short frames from SLiRP/TAP interfaces in the NIC model
cannot be emulated because it always receives a packet that is spec
complaint. The capability of sending short frames from NIC models is
still supported and short frames can still pass through SLiRP/TAP.
This commit should be able to fix the issue as reported with some
NIC models before, that ARP requests get dropped, preventing the
guest from becoming visible on the network. It was workarounded in
these NIC models on the receive path, that when a short frame is
received, it is padded up to 60 bytes.
The following 2 commits seem to be the one to workaround this issue
in e1000 and vmxenet3 before, and should probably be reverted.
commit 78aeb23eded2 ("e1000: Pad short frames to minimum size (60 bytes)")
commit 40a87c6c9b11 ("vmxnet3: Pad short frames to minimum size (60 bytes)")
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-03-17 09:26:29 +03:00
|
|
|
if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
|
|
|
|
buf = min_pkt;
|
|
|
|
size = min_pktsz;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-11-25 21:49:04 +03:00
|
|
|
size = qemu_send_packet_async(&s->nc, buf, size, tap_send_completed);
|
2009-10-27 21:16:39 +03:00
|
|
|
if (size == 0) {
|
2013-01-30 15:12:20 +04:00
|
|
|
tap_read_poll(s, false);
|
2014-03-08 19:00:43 +04:00
|
|
|
break;
|
|
|
|
} else if (size < 0) {
|
|
|
|
break;
|
2009-10-27 21:16:39 +03:00
|
|
|
}
|
2014-07-18 13:33:42 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* When the host keeps receiving more packets while tap_send() is
|
2024-01-02 18:35:29 +03:00
|
|
|
* running we can hog the BQL. Limit the number of
|
2014-07-18 13:33:42 +04:00
|
|
|
* packets that are processed per tap_send() callback to prevent
|
|
|
|
* stalling the guest.
|
|
|
|
*/
|
|
|
|
packets++;
|
|
|
|
if (packets >= 50) {
|
|
|
|
break;
|
|
|
|
}
|
2014-03-08 19:00:43 +04:00
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2014-02-06 20:02:19 +04:00
|
|
|
static bool tap_has_ufo(NetClientState *nc)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2009-11-25 21:49:04 +03:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
|
|
|
return s->has_ufo;
|
|
|
|
}
|
|
|
|
|
2023-08-01 01:31:46 +03:00
|
|
|
static bool tap_has_uso(NetClientState *nc)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
|
|
|
|
|
|
|
return s->has_uso;
|
|
|
|
}
|
|
|
|
|
2014-02-06 20:02:19 +04:00
|
|
|
static bool tap_has_vnet_hdr(NetClientState *nc)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2009-11-25 21:49:04 +03:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2010-07-13 18:55:31 +04:00
|
|
|
return !!s->host_vnet_hdr_len;
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2014-02-06 20:02:19 +04:00
|
|
|
static bool tap_has_vnet_hdr_len(NetClientState *nc, int len)
|
2010-07-16 12:16:06 +04:00
|
|
|
{
|
2024-04-28 10:00:44 +03:00
|
|
|
return tap_has_vnet_hdr(nc);
|
2010-07-16 12:16:06 +04:00
|
|
|
}
|
|
|
|
|
2014-02-06 20:02:19 +04:00
|
|
|
static void tap_set_vnet_hdr_len(NetClientState *nc, int len)
|
2010-07-16 12:16:06 +04:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
2010-07-16 12:16:06 +04:00
|
|
|
|
|
|
|
tap_fd_set_vnet_hdr_len(s->fd, len);
|
|
|
|
s->host_vnet_hdr_len = len;
|
2024-04-28 10:00:45 +03:00
|
|
|
s->using_vnet_hdr = true;
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2015-06-17 16:23:44 +03:00
|
|
|
static int tap_set_vnet_le(NetClientState *nc, bool is_le)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
|
|
|
return tap_fd_set_vnet_le(s->fd, is_le);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tap_set_vnet_be(NetClientState *nc, bool is_be)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
|
|
|
return tap_fd_set_vnet_be(s->fd, is_be);
|
|
|
|
}
|
|
|
|
|
2014-02-06 20:02:19 +04:00
|
|
|
static void tap_set_offload(NetClientState *nc, int csum, int tso4,
|
2023-08-01 01:31:45 +03:00
|
|
|
int tso6, int ecn, int ufo, int uso4, int uso6)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2009-11-25 21:49:04 +03:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2010-10-31 20:06:47 +03:00
|
|
|
if (s->fd < 0) {
|
|
|
|
return;
|
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2023-08-01 01:31:45 +03:00
|
|
|
tap_fd_set_offload(s->fd, csum, tso4, tso6, ecn, ufo, uso4, uso6);
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2016-07-11 17:48:47 +03:00
|
|
|
static void tap_exit_notify(Notifier *notifier, void *data)
|
|
|
|
{
|
|
|
|
TAPState *s = container_of(notifier, TAPState, exit);
|
|
|
|
Error *err = NULL;
|
|
|
|
|
|
|
|
if (s->down_script[0]) {
|
|
|
|
launch_script(s->down_script, s->down_script_arg, s->fd, &err);
|
|
|
|
if (err) {
|
|
|
|
error_report_err(err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
static void tap_cleanup(NetClientState *nc)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2009-11-25 21:49:04 +03:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2010-03-17 14:08:24 +03:00
|
|
|
if (s->vhost_net) {
|
|
|
|
vhost_net_cleanup(s->vhost_net);
|
2016-07-27 00:15:12 +03:00
|
|
|
g_free(s->vhost_net);
|
2010-10-27 22:03:43 +04:00
|
|
|
s->vhost_net = NULL;
|
2010-03-17 14:08:24 +03:00
|
|
|
}
|
|
|
|
|
2009-11-25 21:49:04 +03:00
|
|
|
qemu_purge_queued_packets(nc);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2016-07-11 17:48:47 +03:00
|
|
|
tap_exit_notify(&s->exit, NULL);
|
|
|
|
qemu_remove_exit_notifier(&s->exit);
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2013-01-30 15:12:20 +04:00
|
|
|
tap_read_poll(s, false);
|
|
|
|
tap_write_poll(s, false);
|
2009-10-22 20:49:07 +04:00
|
|
|
close(s->fd);
|
2010-10-31 20:06:47 +03:00
|
|
|
s->fd = -1;
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
static void tap_poll(NetClientState *nc, bool enable)
|
2009-12-24 15:46:29 +03:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
tap_read_poll(s, enable);
|
|
|
|
tap_write_poll(s, enable);
|
|
|
|
}
|
|
|
|
|
2021-05-14 14:48:30 +03:00
|
|
|
static bool tap_set_steering_ebpf(NetClientState *nc, int prog_fd)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
|
|
|
|
|
|
|
return tap_fd_set_steering_ebpf(s->fd, prog_fd) == 0;
|
|
|
|
}
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
int tap_get_fd(NetClientState *nc)
|
2010-03-17 14:07:50 +03:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
2010-03-17 14:07:50 +03:00
|
|
|
return s->fd;
|
|
|
|
}
|
|
|
|
|
2009-10-22 20:49:07 +04:00
|
|
|
/* fd support */
|
|
|
|
|
2009-11-25 21:49:04 +03:00
|
|
|
static NetClientInfo net_tap_info = {
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
.type = NET_CLIENT_DRIVER_TAP,
|
2009-11-25 21:49:04 +03:00
|
|
|
.size = sizeof(TAPState),
|
|
|
|
.receive = tap_receive,
|
|
|
|
.receive_iov = tap_receive_iov,
|
2009-12-24 15:46:29 +03:00
|
|
|
.poll = tap_poll,
|
2009-11-25 21:49:04 +03:00
|
|
|
.cleanup = tap_cleanup,
|
2014-02-06 20:02:17 +04:00
|
|
|
.has_ufo = tap_has_ufo,
|
2023-08-01 01:31:46 +03:00
|
|
|
.has_uso = tap_has_uso,
|
2014-02-06 20:02:17 +04:00
|
|
|
.has_vnet_hdr = tap_has_vnet_hdr,
|
|
|
|
.has_vnet_hdr_len = tap_has_vnet_hdr_len,
|
|
|
|
.set_offload = tap_set_offload,
|
|
|
|
.set_vnet_hdr_len = tap_set_vnet_hdr_len,
|
2015-06-17 16:23:44 +03:00
|
|
|
.set_vnet_le = tap_set_vnet_le,
|
|
|
|
.set_vnet_be = tap_set_vnet_be,
|
2021-05-14 14:48:30 +03:00
|
|
|
.set_steering_ebpf = tap_set_steering_ebpf,
|
2009-11-25 21:49:04 +03:00
|
|
|
};
|
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
static TAPState *net_tap_fd_init(NetClientState *peer,
|
2009-10-22 20:49:07 +04:00
|
|
|
const char *model,
|
|
|
|
const char *name,
|
|
|
|
int fd,
|
|
|
|
int vnet_hdr)
|
|
|
|
{
|
2012-07-24 19:35:13 +04:00
|
|
|
NetClientState *nc;
|
2009-10-22 20:49:07 +04:00
|
|
|
TAPState *s;
|
|
|
|
|
2012-07-24 19:35:08 +04:00
|
|
|
nc = qemu_new_net_client(&net_tap_info, peer, model, name);
|
2009-11-25 21:49:04 +03:00
|
|
|
|
|
|
|
s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
2009-10-22 20:49:07 +04:00
|
|
|
s->fd = fd;
|
2010-07-13 18:55:31 +04:00
|
|
|
s->host_vnet_hdr_len = vnet_hdr ? sizeof(struct virtio_net_hdr) : 0;
|
2013-01-30 15:12:20 +04:00
|
|
|
s->using_vnet_hdr = false;
|
2009-10-22 20:49:16 +04:00
|
|
|
s->has_ufo = tap_probe_has_ufo(s->fd);
|
2023-08-01 01:31:46 +03:00
|
|
|
s->has_uso = tap_probe_has_uso(s->fd);
|
2013-01-30 15:12:32 +04:00
|
|
|
s->enabled = true;
|
2023-08-01 01:31:45 +03:00
|
|
|
tap_set_offload(&s->nc, 0, 0, 0, 0, 0, 0, 0);
|
2012-11-13 14:23:23 +04:00
|
|
|
/*
|
|
|
|
* Make sure host header length is set correctly in tap:
|
|
|
|
* it might have been modified by another instance of qemu.
|
|
|
|
*/
|
2024-04-28 10:00:44 +03:00
|
|
|
if (vnet_hdr) {
|
2012-11-13 14:23:23 +04:00
|
|
|
tap_fd_set_vnet_hdr_len(s->fd, s->host_vnet_hdr_len);
|
|
|
|
}
|
2013-01-30 15:12:20 +04:00
|
|
|
tap_read_poll(s, true);
|
2010-03-17 14:08:24 +03:00
|
|
|
s->vhost_net = NULL;
|
2016-07-11 17:48:47 +03:00
|
|
|
|
|
|
|
s->exit.notify = tap_exit_notify;
|
|
|
|
qemu_add_exit_notifier(&s->exit);
|
|
|
|
|
2009-10-22 20:49:07 +04:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2024-08-02 17:54:19 +03:00
|
|
|
static void close_all_fds_after_fork(int excluded_fd)
|
|
|
|
{
|
2024-08-02 17:54:21 +03:00
|
|
|
const int skip_fd[] = {STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO,
|
|
|
|
excluded_fd};
|
|
|
|
unsigned int nskip = ARRAY_SIZE(skip_fd);
|
2024-08-02 17:54:19 +03:00
|
|
|
|
2024-08-02 17:54:21 +03:00
|
|
|
/*
|
|
|
|
* skip_fd must be an ordered array of distinct fds, exclude
|
|
|
|
* excluded_fd if already included in the [STDIN_FILENO - STDERR_FILENO]
|
|
|
|
* range
|
|
|
|
*/
|
|
|
|
if (excluded_fd <= STDERR_FILENO) {
|
|
|
|
nskip--;
|
2024-08-02 17:54:19 +03:00
|
|
|
}
|
2024-08-02 17:54:21 +03:00
|
|
|
|
|
|
|
qemu_close_all_open_fd(skip_fd, nskip);
|
2024-08-02 17:54:19 +03:00
|
|
|
}
|
|
|
|
|
2015-05-15 14:58:57 +03:00
|
|
|
static void launch_script(const char *setup_script, const char *ifname,
|
|
|
|
int fd, Error **errp)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
|
|
|
int pid, status;
|
|
|
|
char *args[3];
|
|
|
|
char **parg;
|
|
|
|
|
|
|
|
/* try to launch network script */
|
|
|
|
pid = fork();
|
2015-05-15 14:58:57 +03:00
|
|
|
if (pid < 0) {
|
|
|
|
error_setg_errno(errp, errno, "could not launch network script %s",
|
|
|
|
setup_script);
|
|
|
|
return;
|
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
if (pid == 0) {
|
2024-08-02 17:54:19 +03:00
|
|
|
close_all_fds_after_fork(fd);
|
2009-10-22 20:49:07 +04:00
|
|
|
parg = args;
|
|
|
|
*parg++ = (char *)setup_script;
|
|
|
|
*parg++ = (char *)ifname;
|
2010-04-25 22:35:52 +04:00
|
|
|
*parg = NULL;
|
2009-10-22 20:49:07 +04:00
|
|
|
execv(setup_script, args);
|
|
|
|
_exit(1);
|
2015-05-15 14:58:57 +03:00
|
|
|
} else {
|
2009-10-22 20:49:07 +04:00
|
|
|
while (waitpid(pid, &status, 0) != pid) {
|
|
|
|
/* loop */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
|
2015-05-15 14:58:57 +03:00
|
|
|
return;
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
2015-05-15 14:58:57 +03:00
|
|
|
error_setg(errp, "network script %s failed with status %d",
|
|
|
|
setup_script, status);
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
static int recv_fd(int c)
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
uint8_t msgbuf[CMSG_SPACE(sizeof(fd))];
|
|
|
|
struct msghdr msg = {
|
|
|
|
.msg_control = msgbuf,
|
|
|
|
.msg_controllen = sizeof(msgbuf),
|
|
|
|
};
|
|
|
|
struct cmsghdr *cmsg;
|
|
|
|
struct iovec iov;
|
|
|
|
uint8_t req[1];
|
|
|
|
ssize_t len;
|
|
|
|
|
|
|
|
cmsg = CMSG_FIRSTHDR(&msg);
|
|
|
|
cmsg->cmsg_level = SOL_SOCKET;
|
|
|
|
cmsg->cmsg_type = SCM_RIGHTS;
|
|
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
|
|
|
|
msg.msg_controllen = cmsg->cmsg_len;
|
|
|
|
|
|
|
|
iov.iov_base = req;
|
|
|
|
iov.iov_len = sizeof(req);
|
|
|
|
|
|
|
|
msg.msg_iov = &iov;
|
|
|
|
msg.msg_iovlen = 1;
|
|
|
|
|
|
|
|
len = recvmsg(c, &msg, 0);
|
|
|
|
if (len > 0) {
|
|
|
|
memcpy(&fd, CMSG_DATA(cmsg), sizeof(fd));
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
static int net_bridge_run_helper(const char *helper, const char *bridge,
|
|
|
|
Error **errp)
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
{
|
|
|
|
sigset_t oldmask, mask;
|
2020-08-18 12:56:16 +03:00
|
|
|
g_autofree char *default_helper = NULL;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
int pid, status;
|
|
|
|
char *args[5];
|
|
|
|
char **parg;
|
|
|
|
int sv[2];
|
|
|
|
|
|
|
|
sigemptyset(&mask);
|
|
|
|
sigaddset(&mask, SIGCHLD);
|
|
|
|
sigprocmask(SIG_BLOCK, &mask, &oldmask);
|
|
|
|
|
2020-08-18 12:56:16 +03:00
|
|
|
if (!helper) {
|
|
|
|
helper = default_helper = get_relocated_path(DEFAULT_BRIDGE_HELPER);
|
|
|
|
}
|
|
|
|
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
error_setg_errno(errp, errno, "socketpair() failed");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* try to launch bridge helper */
|
|
|
|
pid = fork();
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
if (pid < 0) {
|
|
|
|
error_setg_errno(errp, errno, "Can't fork bridge helper");
|
|
|
|
return -1;
|
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
if (pid == 0) {
|
2019-07-23 13:47:54 +03:00
|
|
|
char *fd_buf = NULL;
|
|
|
|
char *br_buf = NULL;
|
|
|
|
char *helper_cmd = NULL;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
2024-08-02 17:54:19 +03:00
|
|
|
close_all_fds_after_fork(sv[1]);
|
2019-07-23 13:47:54 +03:00
|
|
|
fd_buf = g_strdup_printf("%s%d", "--fd=", sv[1]);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
|
|
|
if (strrchr(helper, ' ') || strrchr(helper, '\t')) {
|
|
|
|
/* assume helper is a command */
|
|
|
|
|
|
|
|
if (strstr(helper, "--br=") == NULL) {
|
2019-07-23 13:47:54 +03:00
|
|
|
br_buf = g_strdup_printf("%s%s", "--br=", bridge);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
}
|
|
|
|
|
2019-07-23 13:47:54 +03:00
|
|
|
helper_cmd = g_strdup_printf("%s %s %s %s", helper,
|
|
|
|
"--use-vnet", fd_buf, br_buf ? br_buf : "");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
|
|
|
parg = args;
|
|
|
|
*parg++ = (char *)"sh";
|
|
|
|
*parg++ = (char *)"-c";
|
|
|
|
*parg++ = helper_cmd;
|
|
|
|
*parg++ = NULL;
|
|
|
|
|
|
|
|
execv("/bin/sh", args);
|
2019-07-23 13:47:54 +03:00
|
|
|
g_free(helper_cmd);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
} else {
|
|
|
|
/* assume helper is just the executable path name */
|
|
|
|
|
2019-07-23 13:47:54 +03:00
|
|
|
br_buf = g_strdup_printf("%s%s", "--br=", bridge);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
|
|
|
parg = args;
|
|
|
|
*parg++ = (char *)helper;
|
|
|
|
*parg++ = (char *)"--use-vnet";
|
|
|
|
*parg++ = fd_buf;
|
|
|
|
*parg++ = br_buf;
|
|
|
|
*parg++ = NULL;
|
|
|
|
|
|
|
|
execv(helper, args);
|
|
|
|
}
|
2019-07-23 13:47:54 +03:00
|
|
|
g_free(fd_buf);
|
|
|
|
g_free(br_buf);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
_exit(1);
|
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
} else {
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
int fd;
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
int saved_errno;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
|
|
|
close(sv[1]);
|
|
|
|
|
2022-10-23 12:04:22 +03:00
|
|
|
fd = RETRY_ON_EINTR(recv_fd(sv[0]));
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
saved_errno = errno;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
|
|
|
close(sv[0]);
|
|
|
|
|
|
|
|
while (waitpid(pid, &status, 0) != pid) {
|
|
|
|
/* loop */
|
|
|
|
}
|
|
|
|
sigprocmask(SIG_SETMASK, &oldmask, NULL);
|
|
|
|
if (fd < 0) {
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
error_setg_errno(errp, saved_errno,
|
|
|
|
"failed to recv file descriptor");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
return -1;
|
|
|
|
}
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
|
|
|
|
error_setg(errp, "bridge helper failed");
|
|
|
|
return -1;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
}
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
return fd;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-14 06:50:12 +03:00
|
|
|
int net_init_bridge(const Netdev *netdev, const char *name,
|
2015-05-15 14:58:50 +03:00
|
|
|
NetClientState *peer, Error **errp)
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
{
|
2012-07-17 18:17:20 +04:00
|
|
|
const NetdevBridgeOptions *bridge;
|
|
|
|
const char *helper, *br;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
TAPState *s;
|
|
|
|
int fd, vnet_hdr;
|
|
|
|
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(netdev->type == NET_CLIENT_DRIVER_BRIDGE);
|
|
|
|
bridge = &netdev->u.bridge;
|
2022-11-04 19:07:00 +03:00
|
|
|
helper = bridge->helper;
|
|
|
|
br = bridge->br ?: DEFAULT_BRIDGE_INTERFACE;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
fd = net_bridge_run_helper(helper, br, errp);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2022-04-25 16:39:06 +03:00
|
|
|
if (!g_unix_set_fd_nonblocking(fd, true, NULL)) {
|
|
|
|
error_setg_errno(errp, errno, "Failed to set FD nonblocking");
|
|
|
|
return -1;
|
|
|
|
}
|
net: detect errors from probing vnet hdr flag for TAP devices
When QEMU sets up a tap based network device backend, it mostly ignores errors
reported from various ioctl() calls it makes, assuming the TAP file descriptor
is valid. This assumption can easily be violated when the user is passing in a
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
the user passes in a bogus FD number that happens to clash with a FD number that
QEMU has opened internally for another reason, a wide variety of errnos may
result, as the TUNGETIFF ioctl number may map to a completely different command
on a different type of file.
By ignoring all these errors, QEMU sets up a zombie network backend that will
never pass any data. Even worse, when QEMU shuts down, or that network backend
is hot-removed, it will close this bogus file descriptor, which could belong to
another QEMU device backend.
There's no obvious guaranteed reliable way to detect that a FD genuinely is a
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
the errno from probing vnet hdr flag though, does catch the big common cases.
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
a UNIX socket, or pipe which catches accidental collisions with FDs used for
stdio, or monitor socket.
Previously the example below where bogus fd 9 collides with the FD used for the
chardev saw:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Bad address
QEMU 2.9.1 monitor - type 'help' for more information
(qemu) Warning: netdev hostnet0 has no peer
which gives a running QEMU with a zombie network backend.
With this change applied we get an error message and QEMU immediately exits
before carrying on and making a bigger disaster:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query TUNGETIFF on FD 9: Inappropriate ioctl for device
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20171027085548.3472-1-berrange@redhat.com
[lv: to simplify, don't check on EINVAL with TUNGETIFF as it exists since v2.6.27]
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:15 +03:00
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
|
|
|
if (vnet_hdr < 0) {
|
|
|
|
close(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
2012-07-24 19:35:05 +04:00
|
|
|
s = net_tap_fd_init(peer, "bridge", name, fd, vnet_hdr);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
2022-10-21 12:09:10 +03:00
|
|
|
qemu_set_info_str(&s->nc, "helper=%s,br=%s", helper, br);
|
2021-04-02 06:03:12 +03:00
|
|
|
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-07-17 18:17:19 +04:00
|
|
|
static int net_tap_init(const NetdevTapOptions *tap, int *vnet_hdr,
|
|
|
|
const char *setup_script, char *ifname,
|
2015-05-15 14:58:58 +03:00
|
|
|
size_t ifname_sz, int mq_required, Error **errp)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2015-05-15 14:58:57 +03:00
|
|
|
Error *err = NULL;
|
2009-10-22 20:49:07 +04:00
|
|
|
int fd, vnet_hdr_required;
|
|
|
|
|
2012-07-17 18:17:19 +04:00
|
|
|
if (tap->has_vnet_hdr) {
|
|
|
|
*vnet_hdr = tap->vnet_hdr;
|
2009-10-22 20:49:07 +04:00
|
|
|
vnet_hdr_required = *vnet_hdr;
|
|
|
|
} else {
|
2012-07-17 18:17:19 +04:00
|
|
|
*vnet_hdr = 1;
|
2009-10-22 20:49:07 +04:00
|
|
|
vnet_hdr_required = 0;
|
|
|
|
}
|
|
|
|
|
2022-10-23 12:04:21 +03:00
|
|
|
fd = RETRY_ON_EINTR(tap_open(ifname, ifname_sz, vnet_hdr, vnet_hdr_required,
|
2015-05-15 14:58:58 +03:00
|
|
|
mq_required, errp));
|
2009-10-22 20:49:07 +04:00
|
|
|
if (fd < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (setup_script &&
|
|
|
|
setup_script[0] != '\0' &&
|
2015-05-15 14:58:57 +03:00
|
|
|
strcmp(setup_script, "no") != 0) {
|
|
|
|
launch_script(setup_script, ifname, fd, &err);
|
|
|
|
if (err) {
|
2015-05-15 14:58:58 +03:00
|
|
|
error_propagate(errp, err);
|
2015-05-15 14:58:57 +03:00
|
|
|
close(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
2013-01-30 15:12:34 +04:00
|
|
|
#define MAX_TAP_QUEUES 1024
|
|
|
|
|
2015-05-15 14:58:56 +03:00
|
|
|
static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
|
|
|
|
const char *model, const char *name,
|
|
|
|
const char *ifname, const char *script,
|
|
|
|
const char *downscript, const char *vhostfdname,
|
2021-04-02 06:05:20 +03:00
|
|
|
int vnet_hdr, int fd, Error **errp)
|
2013-01-30 15:12:30 +04:00
|
|
|
{
|
2015-02-09 16:03:19 +03:00
|
|
|
Error *err = NULL;
|
2015-05-15 14:58:53 +03:00
|
|
|
TAPState *s = net_tap_fd_init(peer, model, name, fd, vnet_hdr);
|
2014-05-27 16:05:22 +04:00
|
|
|
int vhostfd;
|
2013-01-30 15:12:30 +04:00
|
|
|
|
2015-05-15 14:58:55 +03:00
|
|
|
tap_set_sndbuf(s->fd, tap, &err);
|
|
|
|
if (err) {
|
2015-05-15 14:58:56 +03:00
|
|
|
error_propagate(errp, err);
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
2013-01-30 15:12:30 +04:00
|
|
|
}
|
|
|
|
|
2022-11-04 19:07:00 +03:00
|
|
|
if (tap->fd || tap->fds) {
|
2022-10-21 12:09:10 +03:00
|
|
|
qemu_set_info_str(&s->nc, "fd=%d", fd);
|
2022-11-04 19:07:00 +03:00
|
|
|
} else if (tap->helper) {
|
2022-10-21 12:09:10 +03:00
|
|
|
qemu_set_info_str(&s->nc, "helper=%s", tap->helper);
|
2013-01-30 15:12:30 +04:00
|
|
|
} else {
|
2022-10-21 12:09:10 +03:00
|
|
|
qemu_set_info_str(&s->nc, "ifname=%s,script=%s,downscript=%s", ifname,
|
|
|
|
script, downscript);
|
2021-04-02 06:03:12 +03:00
|
|
|
|
2013-01-30 15:12:30 +04:00
|
|
|
if (strcmp(downscript, "no") != 0) {
|
|
|
|
snprintf(s->down_script, sizeof(s->down_script), "%s", downscript);
|
|
|
|
snprintf(s->down_script_arg, sizeof(s->down_script_arg),
|
|
|
|
"%s", ifname);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tap->has_vhost ? tap->vhost :
|
|
|
|
vhostfdname || (tap->has_vhostforce && tap->vhostforce)) {
|
2014-05-27 16:05:22 +04:00
|
|
|
VhostNetOptions options;
|
|
|
|
|
2014-05-27 16:05:49 +04:00
|
|
|
options.backend_type = VHOST_BACKEND_TYPE_KERNEL;
|
2014-05-27 16:05:22 +04:00
|
|
|
options.net_backend = &s->nc;
|
2016-07-06 04:57:55 +03:00
|
|
|
if (tap->has_poll_us) {
|
|
|
|
options.busyloop_timeout = tap->poll_us;
|
|
|
|
} else {
|
|
|
|
options.busyloop_timeout = 0;
|
|
|
|
}
|
2013-01-30 15:12:30 +04:00
|
|
|
|
2016-02-26 02:05:57 +03:00
|
|
|
if (vhostfdname) {
|
2020-10-05 18:58:44 +03:00
|
|
|
vhostfd = monitor_fd_param(monitor_cur(), vhostfdname, &err);
|
2013-01-30 15:12:30 +04:00
|
|
|
if (vhostfd == -1) {
|
2023-09-21 12:37:59 +03:00
|
|
|
error_propagate(errp, err);
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
2013-01-30 15:12:30 +04:00
|
|
|
}
|
2022-04-25 16:39:06 +03:00
|
|
|
if (!g_unix_set_fd_nonblocking(vhostfd, true, NULL)) {
|
|
|
|
error_setg_errno(errp, errno, "%s: Can't use file descriptor %d",
|
net: check if the file descriptor is valid before using it
qemu_set_nonblock() checks that the file descriptor can be used and, if
not, crashes QEMU. An assert() is used for that. The use of assert() is
used to detect programming error and the coredump will allow to debug
the problem.
But in the case of the tap device, this assert() can be triggered by
a misconfiguration by the user. At startup, it's not a real problem, but it
can also happen during the hot-plug of a new device, and here it's a
problem because we can crash a perfectly healthy system.
For instance:
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
# ip link set macvtap0 up
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
(qemu) device_del net0
(qemu) netdev_del hostnet0
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
Aborted (core dumped)
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
problem without crashing.
In the same way, we also update the function for vhostfd in net_init_tap_one() and
for fd in net_init_socket() (both descriptors are provided by the user and can
be wrong).
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:14 +03:00
|
|
|
name, fd);
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
net: check if the file descriptor is valid before using it
qemu_set_nonblock() checks that the file descriptor can be used and, if
not, crashes QEMU. An assert() is used for that. The use of assert() is
used to detect programming error and the coredump will allow to debug
the problem.
But in the case of the tap device, this assert() can be triggered by
a misconfiguration by the user. At startup, it's not a real problem, but it
can also happen during the hot-plug of a new device, and here it's a
problem because we can crash a perfectly healthy system.
For instance:
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
# ip link set macvtap0 up
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
(qemu) device_del net0
(qemu) netdev_del hostnet0
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
Aborted (core dumped)
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
problem without crashing.
In the same way, we also update the function for vhostfd in net_init_tap_one() and
for fd in net_init_socket() (both descriptors are provided by the user and can
be wrong).
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:14 +03:00
|
|
|
}
|
2013-01-30 15:12:30 +04:00
|
|
|
} else {
|
2014-05-27 16:05:22 +04:00
|
|
|
vhostfd = open("/dev/vhost-net", O_RDWR);
|
|
|
|
if (vhostfd < 0) {
|
2023-09-21 12:37:59 +03:00
|
|
|
error_setg_errno(errp, errno,
|
|
|
|
"tap: open vhost char device failed");
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
2014-05-27 16:05:22 +04:00
|
|
|
}
|
2022-04-25 16:39:06 +03:00
|
|
|
if (!g_unix_set_fd_nonblocking(vhostfd, true, NULL)) {
|
|
|
|
error_setg_errno(errp, errno, "Failed to set FD nonblocking");
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
2022-04-25 16:39:06 +03:00
|
|
|
}
|
2013-01-30 15:12:30 +04:00
|
|
|
}
|
2014-05-27 16:05:22 +04:00
|
|
|
options.opaque = (void *)(uintptr_t)vhostfd;
|
2021-09-03 12:10:15 +03:00
|
|
|
options.nvqs = 2;
|
2013-01-30 15:12:30 +04:00
|
|
|
|
2014-05-27 16:05:22 +04:00
|
|
|
s->vhost_net = vhost_net_init(&options);
|
2013-01-30 15:12:30 +04:00
|
|
|
if (!s->vhost_net) {
|
2023-09-21 12:37:59 +03:00
|
|
|
error_setg(errp,
|
|
|
|
"vhost-net requested but could not be initialized");
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
2013-01-30 15:12:30 +04:00
|
|
|
}
|
2016-02-26 02:05:57 +03:00
|
|
|
} else if (vhostfdname) {
|
2016-07-06 04:57:55 +03:00
|
|
|
error_setg(errp, "vhostfd(s)= is not valid without vhost");
|
2022-09-23 18:50:46 +03:00
|
|
|
goto failed;
|
2013-01-30 15:12:30 +04:00
|
|
|
}
|
2022-09-23 18:50:46 +03:00
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
failed:
|
|
|
|
qemu_del_net_client(&s->nc);
|
2013-01-30 15:12:30 +04:00
|
|
|
}
|
|
|
|
|
2013-01-30 15:12:34 +04:00
|
|
|
static int get_fds(char *str, char *fds[], int max)
|
|
|
|
{
|
|
|
|
char *ptr = str, *this;
|
|
|
|
size_t len = strlen(str);
|
|
|
|
int i = 0;
|
|
|
|
|
|
|
|
while (i < max && ptr < str + len) {
|
|
|
|
this = strchr(ptr, ':');
|
|
|
|
|
|
|
|
if (this == NULL) {
|
|
|
|
fds[i] = g_strdup(ptr);
|
|
|
|
} else {
|
|
|
|
fds[i] = g_strndup(ptr, this - ptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
i++;
|
|
|
|
if (this == NULL) {
|
|
|
|
break;
|
|
|
|
} else {
|
|
|
|
ptr = this + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
2016-07-14 06:50:12 +03:00
|
|
|
int net_init_tap(const Netdev *netdev, const char *name,
|
2015-05-15 14:58:50 +03:00
|
|
|
NetClientState *peer, Error **errp)
|
2009-10-22 20:49:07 +04:00
|
|
|
{
|
2012-07-17 18:17:19 +04:00
|
|
|
const NetdevTapOptions *tap;
|
2013-01-30 15:12:34 +04:00
|
|
|
int fd, vnet_hdr = 0, i = 0, queues;
|
2012-07-17 18:17:19 +04:00
|
|
|
/* for the no-fd, no-helper case */
|
2020-08-18 12:56:16 +03:00
|
|
|
const char *script;
|
|
|
|
const char *downscript;
|
2015-02-09 16:03:19 +03:00
|
|
|
Error *err = NULL;
|
2013-01-30 15:12:34 +04:00
|
|
|
const char *vhostfdname;
|
2012-07-17 18:17:19 +04:00
|
|
|
char ifname[128];
|
net: check if the file descriptor is valid before using it
qemu_set_nonblock() checks that the file descriptor can be used and, if
not, crashes QEMU. An assert() is used for that. The use of assert() is
used to detect programming error and the coredump will allow to debug
the problem.
But in the case of the tap device, this assert() can be triggered by
a misconfiguration by the user. At startup, it's not a real problem, but it
can also happen during the hot-plug of a new device, and here it's a
problem because we can crash a perfectly healthy system.
For instance:
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
# ip link set macvtap0 up
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
(qemu) device_del net0
(qemu) netdev_del hostnet0
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
Aborted (core dumped)
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
problem without crashing.
In the same way, we also update the function for vhostfd in net_init_tap_one() and
for fd in net_init_socket() (both descriptors are provided by the user and can
be wrong).
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:14 +03:00
|
|
|
int ret = 0;
|
2012-07-17 18:17:19 +04:00
|
|
|
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(netdev->type == NET_CLIENT_DRIVER_TAP);
|
|
|
|
tap = &netdev->u.tap;
|
2013-01-30 15:12:34 +04:00
|
|
|
queues = tap->has_queues ? tap->queues : 1;
|
2022-11-04 19:07:00 +03:00
|
|
|
vhostfdname = tap->vhostfd;
|
|
|
|
script = tap->script;
|
|
|
|
downscript = tap->downscript;
|
2009-10-22 20:49:07 +04:00
|
|
|
|
2018-04-30 21:02:24 +03:00
|
|
|
/* QEMU hubs do not support multiqueue tap, in this case peer is set.
|
2013-02-21 07:05:56 +04:00
|
|
|
* For -netdev, peer is always NULL. */
|
2022-11-04 19:07:00 +03:00
|
|
|
if (peer && (tap->has_queues || tap->fds || tap->vhostfds)) {
|
2018-04-30 21:02:24 +03:00
|
|
|
error_setg(errp, "Multiqueue tap cannot be used with hubs");
|
2013-02-21 07:05:56 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2022-11-04 19:07:00 +03:00
|
|
|
if (tap->fd) {
|
|
|
|
if (tap->ifname || tap->script || tap->downscript ||
|
|
|
|
tap->has_vnet_hdr || tap->helper || tap->has_queues ||
|
|
|
|
tap->fds || tap->vhostfds) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp, "ifname=, script=, downscript=, vnet_hdr=, "
|
|
|
|
"helper=, queues=, fds=, and vhostfds= "
|
|
|
|
"are invalid with fd=");
|
2009-10-22 20:49:07 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2020-10-05 18:58:44 +03:00
|
|
|
fd = monitor_fd_param(monitor_cur(), tap->fd, errp);
|
2009-10-22 20:49:07 +04:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2022-04-25 16:39:06 +03:00
|
|
|
if (!g_unix_set_fd_nonblocking(fd, true, NULL)) {
|
|
|
|
error_setg_errno(errp, errno, "%s: Can't use file descriptor %d",
|
net: check if the file descriptor is valid before using it
qemu_set_nonblock() checks that the file descriptor can be used and, if
not, crashes QEMU. An assert() is used for that. The use of assert() is
used to detect programming error and the coredump will allow to debug
the problem.
But in the case of the tap device, this assert() can be triggered by
a misconfiguration by the user. At startup, it's not a real problem, but it
can also happen during the hot-plug of a new device, and here it's a
problem because we can crash a perfectly healthy system.
For instance:
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
# ip link set macvtap0 up
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
(qemu) device_del net0
(qemu) netdev_del hostnet0
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
Aborted (core dumped)
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
problem without crashing.
In the same way, we also update the function for vhostfd in net_init_tap_one() and
for fd in net_init_socket() (both descriptors are provided by the user and can
be wrong).
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:14 +03:00
|
|
|
name, fd);
|
2020-11-19 12:25:32 +03:00
|
|
|
close(fd);
|
net: check if the file descriptor is valid before using it
qemu_set_nonblock() checks that the file descriptor can be used and, if
not, crashes QEMU. An assert() is used for that. The use of assert() is
used to detect programming error and the coredump will allow to debug
the problem.
But in the case of the tap device, this assert() can be triggered by
a misconfiguration by the user. At startup, it's not a real problem, but it
can also happen during the hot-plug of a new device, and here it's a
problem because we can crash a perfectly healthy system.
For instance:
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
# ip link set macvtap0 up
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
(qemu) device_del net0
(qemu) netdev_del hostnet0
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
Aborted (core dumped)
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
problem without crashing.
In the same way, we also update the function for vhostfd in net_init_tap_one() and
for fd in net_init_socket() (both descriptors are provided by the user and can
be wrong).
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:14 +03:00
|
|
|
return -1;
|
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
|
net: detect errors from probing vnet hdr flag for TAP devices
When QEMU sets up a tap based network device backend, it mostly ignores errors
reported from various ioctl() calls it makes, assuming the TAP file descriptor
is valid. This assumption can easily be violated when the user is passing in a
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
the user passes in a bogus FD number that happens to clash with a FD number that
QEMU has opened internally for another reason, a wide variety of errnos may
result, as the TUNGETIFF ioctl number may map to a completely different command
on a different type of file.
By ignoring all these errors, QEMU sets up a zombie network backend that will
never pass any data. Even worse, when QEMU shuts down, or that network backend
is hot-removed, it will close this bogus file descriptor, which could belong to
another QEMU device backend.
There's no obvious guaranteed reliable way to detect that a FD genuinely is a
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
the errno from probing vnet hdr flag though, does catch the big common cases.
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
a UNIX socket, or pipe which catches accidental collisions with FDs used for
stdio, or monitor socket.
Previously the example below where bogus fd 9 collides with the FD used for the
chardev saw:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Bad address
QEMU 2.9.1 monitor - type 'help' for more information
(qemu) Warning: netdev hostnet0 has no peer
which gives a running QEMU with a zombie network backend.
With this change applied we get an error message and QEMU immediately exits
before carrying on and making a bigger disaster:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query TUNGETIFF on FD 9: Inappropriate ioctl for device
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20171027085548.3472-1-berrange@redhat.com
[lv: to simplify, don't check on EINVAL with TUNGETIFF as it exists since v2.6.27]
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:15 +03:00
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
|
|
|
if (vnet_hdr < 0) {
|
|
|
|
close(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
2015-05-15 14:58:56 +03:00
|
|
|
net_init_tap_one(tap, peer, "tap", name, NULL,
|
|
|
|
script, downscript,
|
2021-04-02 06:05:20 +03:00
|
|
|
vhostfdname, vnet_hdr, fd, &err);
|
2015-05-15 14:58:56 +03:00
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_propagate(errp, err);
|
2020-11-19 12:25:32 +03:00
|
|
|
close(fd);
|
2013-01-30 15:12:34 +04:00
|
|
|
return -1;
|
|
|
|
}
|
2022-11-04 19:07:00 +03:00
|
|
|
} else if (tap->fds) {
|
2017-01-10 22:21:54 +03:00
|
|
|
char **fds;
|
|
|
|
char **vhost_fds;
|
2018-05-31 10:28:22 +03:00
|
|
|
int nfds = 0, nvhosts = 0;
|
2013-01-30 15:12:34 +04:00
|
|
|
|
2022-11-04 19:07:00 +03:00
|
|
|
if (tap->ifname || tap->script || tap->downscript ||
|
|
|
|
tap->has_vnet_hdr || tap->helper || tap->has_queues ||
|
|
|
|
tap->vhostfd) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp, "ifname=, script=, downscript=, vnet_hdr=, "
|
|
|
|
"helper=, queues=, and vhostfd= "
|
|
|
|
"are invalid with fds=");
|
2013-01-30 15:12:34 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2017-01-10 22:21:54 +03:00
|
|
|
fds = g_new0(char *, MAX_TAP_QUEUES);
|
|
|
|
vhost_fds = g_new0(char *, MAX_TAP_QUEUES);
|
|
|
|
|
2013-01-30 15:12:34 +04:00
|
|
|
nfds = get_fds(tap->fds, fds, MAX_TAP_QUEUES);
|
2022-11-04 19:07:00 +03:00
|
|
|
if (tap->vhostfds) {
|
2013-01-30 15:12:34 +04:00
|
|
|
nvhosts = get_fds(tap->vhostfds, vhost_fds, MAX_TAP_QUEUES);
|
|
|
|
if (nfds != nvhosts) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp, "The number of fds passed does not match "
|
|
|
|
"the number of vhostfds passed");
|
2018-05-31 10:28:22 +03:00
|
|
|
ret = -1;
|
2016-07-15 11:56:07 +03:00
|
|
|
goto free_fail;
|
2013-01-30 15:12:34 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
2020-10-05 18:58:44 +03:00
|
|
|
fd = monitor_fd_param(monitor_cur(), fds[i], errp);
|
2013-01-30 15:12:34 +04:00
|
|
|
if (fd == -1) {
|
2018-05-31 10:28:22 +03:00
|
|
|
ret = -1;
|
2016-07-15 11:56:07 +03:00
|
|
|
goto free_fail;
|
2013-01-30 15:12:34 +04:00
|
|
|
}
|
|
|
|
|
2022-04-25 16:39:06 +03:00
|
|
|
ret = g_unix_set_fd_nonblocking(fd, true, NULL);
|
|
|
|
if (!ret) {
|
|
|
|
error_setg_errno(errp, errno, "%s: Can't use file descriptor %d",
|
net: check if the file descriptor is valid before using it
qemu_set_nonblock() checks that the file descriptor can be used and, if
not, crashes QEMU. An assert() is used for that. The use of assert() is
used to detect programming error and the coredump will allow to debug
the problem.
But in the case of the tap device, this assert() can be triggered by
a misconfiguration by the user. At startup, it's not a real problem, but it
can also happen during the hot-plug of a new device, and here it's a
problem because we can crash a perfectly healthy system.
For instance:
# ip link add link virbr0 name macvtap0 type macvtap mode bridge
# ip link set macvtap0 up
# TAP=/dev/tap$(ip -o link show macvtap0 | cut -d: -f1)
# qemu-system-x86_64 -machine q35 -device pcie-root-port,id=pcie-root-port-0 -monitor stdio 9<> $TAP
(qemu) netdev_add type=tap,id=hostnet0,vhost=on,fd=9
(qemu) device_add driver=virtio-net-pci,netdev=hostnet0,id=net0,bus=pcie-root-port-0
(qemu) device_del net0
(qemu) netdev_del hostnet0
(qemu) netdev_add type=tap,id=hostnet1,vhost=on,fd=9
qemu-system-x86_64: .../util/oslib-posix.c:247: qemu_set_nonblock: Assertion `f != -1' failed.
Aborted (core dumped)
To avoid that, add a function, qemu_try_set_nonblock(), that allows to report the
problem without crashing.
In the same way, we also update the function for vhostfd in net_init_tap_one() and
for fd in net_init_socket() (both descriptors are provided by the user and can
be wrong).
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:14 +03:00
|
|
|
name, fd);
|
|
|
|
goto free_fail;
|
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
2013-01-30 15:12:34 +04:00
|
|
|
if (i == 0) {
|
net: detect errors from probing vnet hdr flag for TAP devices
When QEMU sets up a tap based network device backend, it mostly ignores errors
reported from various ioctl() calls it makes, assuming the TAP file descriptor
is valid. This assumption can easily be violated when the user is passing in a
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
the user passes in a bogus FD number that happens to clash with a FD number that
QEMU has opened internally for another reason, a wide variety of errnos may
result, as the TUNGETIFF ioctl number may map to a completely different command
on a different type of file.
By ignoring all these errors, QEMU sets up a zombie network backend that will
never pass any data. Even worse, when QEMU shuts down, or that network backend
is hot-removed, it will close this bogus file descriptor, which could belong to
another QEMU device backend.
There's no obvious guaranteed reliable way to detect that a FD genuinely is a
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
the errno from probing vnet hdr flag though, does catch the big common cases.
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
a UNIX socket, or pipe which catches accidental collisions with FDs used for
stdio, or monitor socket.
Previously the example below where bogus fd 9 collides with the FD used for the
chardev saw:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Bad address
QEMU 2.9.1 monitor - type 'help' for more information
(qemu) Warning: netdev hostnet0 has no peer
which gives a running QEMU with a zombie network backend.
With this change applied we get an error message and QEMU immediately exits
before carrying on and making a bigger disaster:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query TUNGETIFF on FD 9: Inappropriate ioctl for device
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20171027085548.3472-1-berrange@redhat.com
[lv: to simplify, don't check on EINVAL with TUNGETIFF as it exists since v2.6.27]
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:15 +03:00
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
|
|
|
if (vnet_hdr < 0) {
|
2022-01-14 08:08:58 +03:00
|
|
|
ret = -1;
|
net: detect errors from probing vnet hdr flag for TAP devices
When QEMU sets up a tap based network device backend, it mostly ignores errors
reported from various ioctl() calls it makes, assuming the TAP file descriptor
is valid. This assumption can easily be violated when the user is passing in a
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
the user passes in a bogus FD number that happens to clash with a FD number that
QEMU has opened internally for another reason, a wide variety of errnos may
result, as the TUNGETIFF ioctl number may map to a completely different command
on a different type of file.
By ignoring all these errors, QEMU sets up a zombie network backend that will
never pass any data. Even worse, when QEMU shuts down, or that network backend
is hot-removed, it will close this bogus file descriptor, which could belong to
another QEMU device backend.
There's no obvious guaranteed reliable way to detect that a FD genuinely is a
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
the errno from probing vnet hdr flag though, does catch the big common cases.
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
a UNIX socket, or pipe which catches accidental collisions with FDs used for
stdio, or monitor socket.
Previously the example below where bogus fd 9 collides with the FD used for the
chardev saw:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Bad address
QEMU 2.9.1 monitor - type 'help' for more information
(qemu) Warning: netdev hostnet0 has no peer
which gives a running QEMU with a zombie network backend.
With this change applied we get an error message and QEMU immediately exits
before carrying on and making a bigger disaster:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query TUNGETIFF on FD 9: Inappropriate ioctl for device
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20171027085548.3472-1-berrange@redhat.com
[lv: to simplify, don't check on EINVAL with TUNGETIFF as it exists since v2.6.27]
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:15 +03:00
|
|
|
goto free_fail;
|
|
|
|
}
|
|
|
|
} else if (vnet_hdr != tap_probe_vnet_hdr(fd, NULL)) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp,
|
|
|
|
"vnet_hdr not consistent across given tap fds");
|
2018-05-31 10:28:22 +03:00
|
|
|
ret = -1;
|
2016-07-15 11:56:07 +03:00
|
|
|
goto free_fail;
|
2013-01-30 15:12:34 +04:00
|
|
|
}
|
|
|
|
|
2015-05-15 14:58:56 +03:00
|
|
|
net_init_tap_one(tap, peer, "tap", name, ifname,
|
|
|
|
script, downscript,
|
2022-11-04 19:07:00 +03:00
|
|
|
tap->vhostfds ? vhost_fds[i] : NULL,
|
2021-04-02 06:05:20 +03:00
|
|
|
vnet_hdr, fd, &err);
|
2015-05-15 14:58:56 +03:00
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_propagate(errp, err);
|
2018-05-31 10:28:22 +03:00
|
|
|
ret = -1;
|
2016-07-15 11:56:07 +03:00
|
|
|
goto free_fail;
|
2013-01-30 15:12:34 +04:00
|
|
|
}
|
|
|
|
}
|
2016-07-15 11:56:07 +03:00
|
|
|
|
|
|
|
free_fail:
|
2018-05-31 10:28:22 +03:00
|
|
|
for (i = 0; i < nvhosts; i++) {
|
|
|
|
g_free(vhost_fds[i]);
|
|
|
|
}
|
2016-07-15 11:56:07 +03:00
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
g_free(fds[i]);
|
|
|
|
}
|
|
|
|
g_free(fds);
|
|
|
|
g_free(vhost_fds);
|
2018-05-31 10:28:22 +03:00
|
|
|
return ret;
|
2022-11-04 19:07:00 +03:00
|
|
|
} else if (tap->helper) {
|
|
|
|
if (tap->ifname || tap->script || tap->downscript ||
|
|
|
|
tap->has_vnet_hdr || tap->has_queues || tap->vhostfds) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp, "ifname=, script=, downscript=, vnet_hdr=, "
|
|
|
|
"queues=, and vhostfds= are invalid with helper=");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2016-09-13 10:11:54 +03:00
|
|
|
fd = net_bridge_run_helper(tap->helper,
|
2022-11-04 19:07:00 +03:00
|
|
|
tap->br ?: DEFAULT_BRIDGE_INTERFACE,
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:58:54 +03:00
|
|
|
errp);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2022-04-25 16:39:06 +03:00
|
|
|
if (!g_unix_set_fd_nonblocking(fd, true, NULL)) {
|
|
|
|
error_setg_errno(errp, errno, "Failed to set FD nonblocking");
|
|
|
|
return -1;
|
|
|
|
}
|
net: detect errors from probing vnet hdr flag for TAP devices
When QEMU sets up a tap based network device backend, it mostly ignores errors
reported from various ioctl() calls it makes, assuming the TAP file descriptor
is valid. This assumption can easily be violated when the user is passing in a
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
the user passes in a bogus FD number that happens to clash with a FD number that
QEMU has opened internally for another reason, a wide variety of errnos may
result, as the TUNGETIFF ioctl number may map to a completely different command
on a different type of file.
By ignoring all these errors, QEMU sets up a zombie network backend that will
never pass any data. Even worse, when QEMU shuts down, or that network backend
is hot-removed, it will close this bogus file descriptor, which could belong to
another QEMU device backend.
There's no obvious guaranteed reliable way to detect that a FD genuinely is a
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
the errno from probing vnet hdr flag though, does catch the big common cases.
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
a UNIX socket, or pipe which catches accidental collisions with FDs used for
stdio, or monitor socket.
Previously the example below where bogus fd 9 collides with the FD used for the
chardev saw:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Bad address
QEMU 2.9.1 monitor - type 'help' for more information
(qemu) Warning: netdev hostnet0 has no peer
which gives a running QEMU with a zombie network backend.
With this change applied we get an error message and QEMU immediately exits
before carrying on and making a bigger disaster:
$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
-chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query TUNGETIFF on FD 9: Inappropriate ioctl for device
Reported-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20171027085548.3472-1-berrange@redhat.com
[lv: to simplify, don't check on EINVAL with TUNGETIFF as it exists since v2.6.27]
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-07 21:45:15 +03:00
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd, errp);
|
|
|
|
if (vnet_hdr < 0) {
|
|
|
|
close(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
2015-05-15 14:58:56 +03:00
|
|
|
net_init_tap_one(tap, peer, "bridge", name, ifname,
|
|
|
|
script, downscript, vhostfdname,
|
2021-04-02 06:05:20 +03:00
|
|
|
vnet_hdr, fd, &err);
|
2015-05-15 14:58:56 +03:00
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_propagate(errp, err);
|
2014-11-02 08:37:17 +03:00
|
|
|
close(fd);
|
2013-01-30 15:12:34 +04:00
|
|
|
return -1;
|
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
} else {
|
2020-08-18 12:56:16 +03:00
|
|
|
g_autofree char *default_script = NULL;
|
|
|
|
g_autofree char *default_downscript = NULL;
|
2022-11-04 19:07:00 +03:00
|
|
|
if (tap->vhostfds) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp, "vhostfds= is invalid if fds= wasn't specified");
|
2013-06-04 09:18:17 +04:00
|
|
|
return -1;
|
|
|
|
}
|
2020-08-18 12:56:16 +03:00
|
|
|
|
|
|
|
if (!script) {
|
|
|
|
script = default_script = get_relocated_path(DEFAULT_NETWORK_SCRIPT);
|
|
|
|
}
|
|
|
|
if (!downscript) {
|
2020-11-23 09:29:54 +03:00
|
|
|
downscript = default_downscript =
|
|
|
|
get_relocated_path(DEFAULT_NETWORK_DOWN_SCRIPT);
|
2020-08-18 12:56:16 +03:00
|
|
|
}
|
2013-01-30 15:12:34 +04:00
|
|
|
|
2022-11-04 19:07:00 +03:00
|
|
|
if (tap->ifname) {
|
2013-01-30 15:12:34 +04:00
|
|
|
pstrcpy(ifname, sizeof ifname, tap->ifname);
|
|
|
|
} else {
|
|
|
|
ifname[0] = '\0';
|
2009-11-21 01:23:03 +03:00
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 18:42:27 +04:00
|
|
|
|
2013-01-30 15:12:34 +04:00
|
|
|
for (i = 0; i < queues; i++) {
|
|
|
|
fd = net_tap_init(tap, &vnet_hdr, i >= 1 ? "no" : script,
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
ifname, sizeof ifname, queues > 1, errp);
|
2013-01-30 15:12:34 +04:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2022-11-04 19:07:00 +03:00
|
|
|
if (queues > 1 && i == 0 && !tap->ifname) {
|
2013-01-30 15:12:34 +04:00
|
|
|
if (tap_fd_get_ifname(fd, ifname)) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_setg(errp, "Fail to get ifname");
|
2014-11-02 08:37:17 +03:00
|
|
|
close(fd);
|
2013-01-30 15:12:34 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-15 14:58:56 +03:00
|
|
|
net_init_tap_one(tap, peer, "tap", name, ifname,
|
|
|
|
i >= 1 ? "no" : script,
|
|
|
|
i >= 1 ? "no" : downscript,
|
2021-04-02 06:05:20 +03:00
|
|
|
vhostfdname, vnet_hdr, fd, &err);
|
2015-05-15 14:58:56 +03:00
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 14:59:03 +03:00
|
|
|
error_propagate(errp, err);
|
2014-11-02 08:37:17 +03:00
|
|
|
close(fd);
|
2013-01-30 15:12:34 +04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
|
|
|
|
2013-01-30 15:12:34 +04:00
|
|
|
return 0;
|
2009-10-22 20:49:07 +04:00
|
|
|
}
|
2010-03-17 14:08:38 +03:00
|
|
|
|
2012-07-24 19:35:13 +04:00
|
|
|
VHostNetState *tap_get_vhost_net(NetClientState *nc)
|
2010-03-17 14:08:38 +03:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
qapi: Change Netdev into a flat union
This is a mostly-mechanical conversion that creates a new flat
union 'Netdev' QAPI type that covers all the branches of the
former 'NetClientOptions' simple union, where the branches are
now listed in a new 'NetClientDriver' enum rather than generated
from the simple union. The existence of a flat union has no
change to the command line syntax accepted for new code, and
will make it possible for a future patch to switch the QMP
command to parse a boxed union for no change to valid QMP; but
it does have some ripple effect on the C code when dealing with
the new types.
While making the conversion, note that the 'NetLegacy' type
remains unchanged: it applies only to legacy command line options,
and will not be ported to QMP, so it should remain a wrapper
around a simple union; to avoid confusion, the type named
'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions'
in its place. Then, in the C code, we convert from NetLegacy to
Netdev as soon as possible, so that the bulk of the net stack
only has to deal with one QAPI type, not two. Note that since
the old legacy code always rejected 'hubport', we can just omit
that branch from the new 'NetLegacyOptions' simple union.
Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>:
Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com>
although the sed script in that patch no longer applies due to
other changes in the tree since then, and I also did some manual
cleanups (such as fixing whitespace to keep checkpatch happy).
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Fixup from Eric squashed in]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-07-14 06:50:23 +03:00
|
|
|
assert(nc->info->type == NET_CLIENT_DRIVER_TAP);
|
2010-03-17 14:08:38 +03:00
|
|
|
return s->vhost_net;
|
|
|
|
}
|
2013-01-30 15:12:32 +04:00
|
|
|
|
|
|
|
int tap_enable(NetClientState *nc)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (s->enabled) {
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
ret = tap_fd_enable(s->fd);
|
|
|
|
if (ret == 0) {
|
|
|
|
s->enabled = true;
|
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int tap_disable(NetClientState *nc)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (s->enabled == 0) {
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
ret = tap_fd_disable(s->fd);
|
|
|
|
if (ret == 0) {
|
|
|
|
qemu_purge_queued_packets(nc);
|
|
|
|
s->enabled = false;
|
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|