New subject: [libvirt PATCH 1/9] conf: rename virDomainNetBackend* to virDomainNetDriver*

9 Jan 2023

      passt (https://passt.top) provides a method for connecting a guest to
the larger network without requiring any elevated privileges. This set
of patches allows libvirt/QEMU users to easily configure a QEMU domain to
use passt for the backend of any emulated network interface.

More details are in the individual patches, but the short explanation is that
you will use:

   <interface type='user'>
     <backend type='passt'>
     ...

to select the passt backend. (We decided to do it this way since the
concept is so similar to slirp, which was the original "type='user'")

The following caveats currently apply:

1) passt support requires "-netdev stream" in QEMU, which is only
   available starting with qemu-7.2.0. So if you want to test these
   patches out, you need the latest upstream release of QEMU.

2) SELinux must be set to "permissive". This is of course
   temporary. As I understand it, the remedy to this is a new SELinux
   profile for the passt binary, which is outside the control of
   libvirt and so not something that can be addressed in this patchset
   (or any other patch to libvirt).

3) Although there is a a new option for QEMU's -netdev that will tell
   QEMU to attempt to reconnect to a new incarnation of the same
   socket if passt unexpectedly exits, and a new QEMU event that will
   be put into QEMU to inform libvirt that the passt process has
   exited (so that it can start a new, identical passt process), I
   think this hasn't been pushed upstream yet (??), and I haven't
   implemented any support for it here. So, if the passt process
   unexpectedly exits, the guest will be without networking. However,
   Stefano (passt author) is emphatic that passt will never
   unexpectedly exit :-)

passt has *many* other options that libvirt could support, but the
small subset here are the things that seem most useful (and/or were
specifically requested by prospective users of passt). It is always
easier to add more stuff in the future than to remove "mistakes", so I
tried to no go overboard.

Laine Stump (9):
  conf: rename virDomainNetBackend* to virDomainNetDriver*
  conf: move anonymous backend struct from virDomainNetDef into its own
    struct
  conf: put interface <backend> parsing/formatting separate functions
  conf: add passt XML additions to schema
  conf: parse/format passt-related XML additions
  qemu: new capability QEMU_CAPS_NETDEV_STREAM
  qemu: add passtStateDir to qemu driver config
  qemu: hook up passt config to qemu domains
  specfile: require passt for the build if fedora >= 36 or rhel >= 9

 docs/formatdomain.rst                         |  95 +++++-
 libvirt.spec.in                               |   7 +
 meson.build                                   |   1 +
 po/POTFILES                                   |   1 +
 src/conf/domain_conf.c                        | 303 ++++++++++++++++--
 src/conf/domain_conf.h                        |  64 +++-
 src/conf/domain_validate.c                    |  32 +-
 src/conf/schemas/domaincommon.rng             |  65 ++++
 src/conf/virconftypes.h                       |   6 +
 src/libvirt_private.syms                      |   1 +
 src/qemu/meson.build                          |   2 +
 src/qemu/qemu_capabilities.c                  |   4 +
 src/qemu/qemu_capabilities.h                  |   3 +
 src/qemu/qemu_command.c                       |  11 +-
 src/qemu/qemu_command.h                       |   3 +-
 src/qemu/qemu_conf.c                          |   2 +
 src/qemu/qemu_conf.h                          |   1 +
 src/qemu/qemu_domain.c                        |   5 +-
 src/qemu/qemu_domain.h                        |   3 +-
 src/qemu/qemu_driver.c                        |  12 +
 src/qemu/qemu_extdevice.c                     |  25 +-
 src/qemu/qemu_hotplug.c                       |  26 +-
 src/qemu/qemu_interface.c                     |   8 +-
 src/qemu/qemu_passt.c                         | 284 ++++++++++++++++
 src/qemu/qemu_passt.h                         |  38 +++
 src/qemu/qemu_process.c                       |   1 +
 src/qemu/qemu_validate.c                      |   9 +-
 src/security/virt-aa-helper.c                 |   2 +-
 .../caps_7.2.0.x86_64.xml                     |   1 +
 tests/qemuxml2argvdata/net-user-passt.args    |  34 ++
 .../net-user-passt.x86_64-latest.args         |  37 +++
 tests/qemuxml2argvdata/net-user-passt.xml     |  57 ++++
 tests/qemuxml2argvtest.c                      |   2 +
 tests/qemuxml2xmloutdata/net-user-passt.xml   |   1 +
 tests/qemuxml2xmltest.c                       |   1 +
 35 files changed, 1087 insertions(+), 60 deletions(-)
 create mode 100644 src/qemu/qemu_passt.c
 create mode 100644 src/qemu/qemu_passt.h
 create mode 100644 tests/qemuxml2argvdata/net-user-passt.args
 create mode 100644 tests/qemuxml2argvdata/net-user-passt.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/net-user-passt.xml
 create mode 120000 tests/qemuxml2xmloutdata/net-user-passt.xml

-- 
2.38.1

[libvirt PATCH 0/9] Support libvirt-managed QEMU domain <interface> backed by a passt process

Laine Stump

Laine Stump

Ján Tomko

Laine Stump

Ján Tomko

Laine Stump

Ján Tomko

Laine Stump

Laine Stump

Ján Tomko

Daniel P. Berrangé

Laine Stump

Stefano Brivio

Jiri Denemark

Laine Stump

Ján Tomko

Laine Stump

Ján Tomko

Laine Stump

Ján Tomko

Laine Stump

Laine Stump

Ján Tomko

Laine Stump

Ján Tomko

Laine Stump

Laine Stump

Ján Tomko

tags

participants (5)