Initial support for network devices using passt (https://passt.top)
for the backend connection will require:
* new attributes of the <backend> subelement:
* "type" that can have the value "passt" (to differentiate from
slirp, because both slirp and passt will use <interface
type='user'>)
* "logFile" (a path to a file that passt should use for its logging)
* "upstream" (a netdev name, e.g. "eth0").
* a new subelement <portForward> (described in more detail later)
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/conf/schemas/domaincommon.rng | 65 +++++++++++++++++++++++
tests/qemuxml2argvdata/net-user-passt.xml | 57 ++++++++++++++++++++
2 files changed, 122 insertions(+)
create mode 100644 tests/qemuxml2argvdata/net-user-passt.xml
diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng
index 8bc627d114..0e66b84576 100644
--- a/src/conf/schemas/domaincommon.rng
+++ b/src/conf/schemas/domaincommon.rng
@@ -3581,6 +3581,7 @@
</element>
</optional>
<ref name="interface-ip-info"/>
+ <ref name="interface-port-forwards"/>
<optional>
<element name="script">
<attribute name="path">
@@ -3617,6 +3618,13 @@
</optional>
<optional>
<element name="backend">
+ <optional>
+ <attribute name="type">
+ <choice>
+ <value>passt</value>
+ </choice>
+ </attribute>
+ </optional>
<optional>
<attribute name="tap">
<ref name="absFilePath"/>
@@ -3627,6 +3635,16 @@
<ref name="absFilePath"/>
</attribute>
</optional>
+ <optional>
+ <attribute name="logFile">
+ <ref name="absFilePath"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="upstream">
+ <ref name="deviceName"/>
+ </attribute>
+ </optional>
</element>
</optional>
<optional>
@@ -3843,6 +3861,53 @@
</interleave>
</define>
+ <define name="interface-port-forwards">
+ <zeroOrMore>
+ <element name="portForward">
+ <attribute name="proto">
+ <choice>
+ <value>tcp</value>
+ <value>udp</value>
+ </choice>
+ </attribute>
+ <optional>
+ <attribute name="address">
+ <ref name="ipAddr"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dev">
+ <ref name="deviceName"/>
+ </attribute>
+ </optional>
+ <interleave>
+ <zeroOrMore>
+ <element name="range">
+ <attribute name="start">
+ <ref name="PortNumber"/>
+ </attribute>
+ <optional>
+ <attribute name="end">
+ <ref name="PortNumber"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="to">
+ <ref name="PortNumber"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="exclude">
+ <ref name="virYesNo"/>
+ </attribute>
+ </optional>
+ </element>
+ </zeroOrMore>
+ </interleave>
+ </element>
+ </zeroOrMore>
+ </define>
+
<define name="teaming">
<element name="teaming">
<choice>
diff --git a/tests/qemuxml2argvdata/net-user-passt.xml b/tests/qemuxml2argvdata/net-user-passt.xml
new file mode 100644
index 0000000000..b82eebd089
--- /dev/null
+++ b/tests/qemuxml2argvdata/net-user-passt.xml
@@ -0,0 +1,57 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219136</memory>
+ <currentMemory unit='KiB'>219136</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <disk type='block' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source dev='/dev/HostVG/QEMUGuest1'/>
+ <target dev='hda' bus='ide'/>
+ <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+ </disk>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='ide' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <interface type='user'>
+ <mac address='00:11:22:33:44:55'/>
+ <ip address='172.17.2.0' family='ipv4' prefix='24'/>
+ <ip address='2001:db8:ac10:fd01::feed' family='ipv6'/>
+ <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'>
+ <range start='22' to='2022'/>
+ <range start='1000' end='1050'/>
+ <range start='1020' exclude='yes'/>
+ <range start='1030' end='1040' exclude='yes'/>
+ </portForward>
+ <portForward proto='udp' address='1.2.3.4' dev='eth0'>
+ <range start='5000' end='5020' to='6000'/>
+ <range start='5010' end='5015' exclude='yes'/>
+ </portForward>
+ <portForward proto='tcp'>
+ <range start='80'/>
+ </portForward>
+ <portForward proto='tcp'>
+ <range start='443' to='344'/>
+ </portForward>
+ <model type='rtl8139'/>
+ <backend type='passt' logFile='/var/log/loglaw.blog' upstream='eth42'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </interface>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
--
2.38.1On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote: > Initial support for network devices using passt (https://passt.top) > for the backend connection will require: > > * new attributes of the <backend> subelement: > * "type" that can have the value "passt" (to differentiate from > slirp, because both slirp and passt will use <interface > type='user'>) > * "logFile" (a path to a file that passt should use for its logging) > * "upstream" (a netdev name, e.g. "eth0"). IMHO this attribute is inappropriate for <backend>.... > * a new subelement <portForward> (described in more detail later) > > Signed-off-by: Laine Stump <laine@redhat.com> > --- > src/conf/schemas/domaincommon.rng | 65 +++++++++++++++++++++++ > tests/qemuxml2argvdata/net-user-passt.xml | 57 ++++++++++++++++++++ > 2 files changed, 122 insertions(+) > create mode 100644 tests/qemuxml2argvdata/net-user-passt.xml > > diff --git a/tests/qemuxml2argvdata/net-user-passt.xml b/tests/qemuxml2argvdata/net-user-passt.xml > new file mode 100644 > index 0000000000..b82eebd089 > --- /dev/null > +++ b/tests/qemuxml2argvdata/net-user-passt.xml > @@ -0,0 +1,57 @@ > +<domain type='qemu'> > + <name>QEMUGuest1</name> > + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> > + <memory unit='KiB'>219136</memory> > + <currentMemory unit='KiB'>219136</currentMemory> > + <vcpu placement='static'>1</vcpu> > + <os> > + <type arch='x86_64' machine='pc'>hvm</type> > + <boot dev='hd'/> > + </os> > + <clock offset='utc'/> > + <on_poweroff>destroy</on_poweroff> > + <on_reboot>restart</on_reboot> > + <on_crash>destroy</on_crash> > + <devices> > + <emulator>/usr/bin/qemu-system-x86_64</emulator> > + <disk type='block' device='disk'> > + <driver name='qemu' type='raw'/> > + <source dev='/dev/HostVG/QEMUGuest1'/> > + <target dev='hda' bus='ide'/> > + <address type='drive' controller='0' bus='0' target='0' unit='0'/> > + </disk> > + <controller type='usb' index='0' model='none'/> > + <controller type='ide' index='0'> > + <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> > + </controller> > + <controller type='pci' index='0' model='pci-root'/> > + <interface type='user'> > + <mac address='00:11:22:33:44:55'/> > + <ip address='172.17.2.0' family='ipv4' prefix='24'/> > + <ip address='2001:db8:ac10:fd01::feed' family='ipv6'/> > + <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'> > + <range start='22' to='2022'/> > + <range start='1000' end='1050'/> > + <range start='1020' exclude='yes'/> > + <range start='1030' end='1040' exclude='yes'/> > + </portForward> > + <portForward proto='udp' address='1.2.3.4' dev='eth0'> > + <range start='5000' end='5020' to='6000'/> > + <range start='5010' end='5015' exclude='yes'/> > + </portForward> > + <portForward proto='tcp'> > + <range start='80'/> > + </portForward> > + <portForward proto='tcp'> > + <range start='443' to='344'/> > + </portForward> > + <model type='rtl8139'/> > + <backend type='passt' logFile='/var/log/loglaw.blog' upstream='eth42'/> I don't think that 'upstream' is really describing a property of the backend. This is expressing a traffic routing restriction for the 'user' networking type. IMHO it should probably be using the existing <source dev="xxxx"/> element, that is currently used by the 'direct' networking type. Can we see about fixing this before release. > + <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> > + </interface> > + <input type='mouse' bus='ps2'/> > + <input type='keyboard' bus='ps2'/> > + <audio id='1' type='none'/> > + <memballoon model='none'/> > + </devices> > +</domain> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 1/11/23 1:33 PM, Daniel P. Berrangé wrote: > On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote: >> Initial support for network devices using passt (https://passt.top) >> for the backend connection will require: >> >> * new attributes of the <backend> subelement: >> * "type" that can have the value "passt" (to differentiate from >> slirp, because both slirp and passt will use <interface >> type='user'>) >> * "logFile" (a path to a file that passt should use for its logging) >> * "upstream" (a netdev name, e.g. "eth0"). > > IMHO this attribute is inappropriate for <backend>.... > [...] >> + <interface type='user'> >> + <mac address='00:11:22:33:44:55'/> >> + <ip address='172.17.2.0' family='ipv4' prefix='24'/> >> + <ip address='2001:db8:ac10:fd01::feed' family='ipv6'/> >> + <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'> >> + <range start='22' to='2022'/> >> + <range start='1000' end='1050'/> >> + <range start='1020' exclude='yes'/> >> + <range start='1030' end='1040' exclude='yes'/> >> + </portForward> >> + <portForward proto='udp' address='1.2.3.4' dev='eth0'> >> + <range start='5000' end='5020' to='6000'/> >> + <range start='5010' end='5015' exclude='yes'/> >> + </portForward> >> + <portForward proto='tcp'> >> + <range start='80'/> >> + </portForward> >> + <portForward proto='tcp'> >> + <range start='443' to='344'/> >> + </portForward> >> + <model type='rtl8139'/> >> + <backend type='passt' logFile='/var/log/loglaw.blog' upstream='eth42'/> > > I don't think that 'upstream' is really describing a property of the > backend. > > This is expressing a traffic routing restriction for the 'user' > networking type. IMHO it should probably be using the existing > <source dev="xxxx"/> element, that is currently used by the > 'direct' networking type. I'm still not sure *exactly* what it does; it apparently grabs the routes that are fed to the guest from the given host interface; I should probably ask Stefano to explain it to me again (he described it once, but that was along with explanations of several other things). So it's not *exactly* the same as <source dev='xxx'/> for type='direct' (which determines the link-level connection rather than IP routing), but definitely very similar. > Can we see about fixing this before release. Yes, that makes sense. I'm not sure why I didn't think of it (usually I try *too* hard to re-use existing XML). I'll make a patch and send it later today.
On Thu, Jan 12, 2023 at 09:45:39 -0500, Laine Stump wrote: > On 1/11/23 1:33 PM, Daniel P. Berrangé wrote: > > On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote: > >> + <backend type='passt' logFile='/var/log/loglaw.blog' upstream='eth42'/> > > > > I don't think that 'upstream' is really describing a property of the > > backend. > > > > This is expressing a traffic routing restriction for the 'user' > > networking type. IMHO it should probably be using the existing > > <source dev="xxxx"/> element, that is currently used by the > > 'direct' networking type. > > I'm still not sure *exactly* what it does; it apparently grabs the > routes that are fed to the guest from the given host interface; I should > probably ask Stefano to explain it to me again (he described it once, > but that was along with explanations of several other things). > > So it's not *exactly* the same as <source dev='xxx'/> for type='direct' > (which determines the link-level connection rather than IP routing), but > definitely very similar. > > > > Can we see about fixing this before release. > > Yes, that makes sense. I'm not sure why I didn't think of it (usually I > try *too* hard to re-use existing XML). > > I'll make a patch and send it later today. Great, I'm waiting with tagging rc2 until this is done. Jirka
On Thu, 12 Jan 2023 09:45:39 -0500
Laine Stump <laine@redhat.com> wrote:
> On 1/11/23 1:33 PM, Daniel P. Berrangé wrote:
> > On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote:
> >> Initial support for network devices using passt (https://passt.top)
> >> for the backend connection will require:
> >>
> >> * new attributes of the <backend> subelement:
> >> * "type" that can have the value "passt" (to differentiate from
> >> slirp, because both slirp and passt will use <interface
> >> type='user'>)
> >> * "logFile" (a path to a file that passt should use for its logging)
> >> * "upstream" (a netdev name, e.g. "eth0").
> >
> > IMHO this attribute is inappropriate for <backend>....
> >
> [...]
> >> + <interface type='user'>
> >> + <mac address='00:11:22:33:44:55'/>
> >> + <ip address='172.17.2.0' family='ipv4' prefix='24'/>
> >> + <ip address='2001:db8:ac10:fd01::feed' family='ipv6'/>
> >> + <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'>
> >> + <range start='22' to='2022'/>
> >> + <range start='1000' end='1050'/>
> >> + <range start='1020' exclude='yes'/>
> >> + <range start='1030' end='1040' exclude='yes'/>
> >> + </portForward>
> >> + <portForward proto='udp' address='1.2.3.4' dev='eth0'>
> >> + <range start='5000' end='5020' to='6000'/>
> >> + <range start='5010' end='5015' exclude='yes'/>
> >> + </portForward>
> >> + <portForward proto='tcp'>
> >> + <range start='80'/>
> >> + </portForward>
> >> + <portForward proto='tcp'>
> >> + <range start='443' to='344'/>
> >> + </portForward>
> >> + <model type='rtl8139'/>
> >> + <backend type='passt' logFile='/var/log/loglaw.blog' upstream='eth42'/>
> >
> > I don't think that 'upstream' is really describing a property of the
> > backend.
> >
> > This is expressing a traffic routing restriction for the 'user'
> > networking type. IMHO it should probably be using the existing
> > <source dev="xxxx"/> element, that is currently used by the
> > 'direct' networking type.
>
> I'm still not sure *exactly* what it does; it apparently grabs the
> routes that are fed to the guest from the given host interface; I should
> probably ask Stefano to explain it to me again (he described it once,
> but that was along with explanations of several other things).
Yes, it's pretty much that... recycling from the man page:
-i, --interface name
Use host interface name to derive addresses and routes. Default
is to use the interfaces with the first default routes for each
IP version.
It's not actually a routing restriction -- passt can't do that. The
only interface binding that passt implements (with Linux kernel
versions >= 5.7) is an optional bound interface specification for port
forwarding.
> So it's not *exactly* the same as <source dev='xxx'/> for type='direct'
> (which determines the link-level connection rather than IP routing), but
> definitely very similar.
Right, I think so too, and "source" is probably a good name for that in
any case.
--
Stefano
On a Sunday in 2023, Laine Stump wrote: >Initial support for network devices using passt (https://passt.top) >for the backend connection will require: > >* new attributes of the <backend> subelement: > * "type" that can have the value "passt" (to differentiate from > slirp, because both slirp and passt will use <interface > type='user'>) > * "logFile" (a path to a file that passt should use for its logging) > * "upstream" (a netdev name, e.g. "eth0"). > >* a new subelement <portForward> (described in more detail later) > >Signed-off-by: Laine Stump <laine@redhat.com> >--- > src/conf/schemas/domaincommon.rng | 65 +++++++++++++++++++++++ > tests/qemuxml2argvdata/net-user-passt.xml | 57 ++++++++++++++++++++ > 2 files changed, 122 insertions(+) > create mode 100644 tests/qemuxml2argvdata/net-user-passt.xml > Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
© 2016 - 2025 Red Hat, Inc.