Re: [Qemu-devel] Anyone have functioning networking with a FreeBSD host?

[Christopher Nehren]

On Sun, Jun 13, 2004 at 14:59:26 EDT, Bakul Shah scribbled these
curious markings:
> I am using /dev/tap based networking, not the usermode one.
> It all works fine (thanks to some help from Juergen Lock).
> BTW, I am using the latest FreeBSD port &
> Freebsd-5.2-current.

Okay, I got mine working. :)

> - when using the tap device you need to ifconfig the interface.
>   You can do this manually or via a script.  Either copy this
>   script to /etc/qemu-ifup or run it from the command line.
>   Something like
> 
>       echo ifconfig $1 192.168.0.1    > /etc/qemu-ifup
>       chmod +x /etc/qemu-ifup
> 
>   This needs to be done on the *host*.

Right, got that.

> - make sure you are using -pci option (I needed this for
>   a FreeBSD guest -- do not know why).

This option (the undocumented one, sigh) was the one that I needed. With
it, I can get both tap and user-mode networking to function. :) For why 
it's needed, read Brat Watson's later message to this thread,
message ID <address@hidden>.

> - You may wish to use the linux-test image from the qemu
>   site, for debugging all this.  Give the *guest OS* an
>   address like 192.168.0.2 or something in the same subnet as
>   the tap interface.  Once the OS is up and its interface
>   configured, you should be able to ping the this address
>   from the host FreeBSD.  If this step works, you have a
>   working connection between the guest and the host; the
>   remaining work is all networking related, nothing to do
>   with qemu per se.

I already had NetBSD 1.6.2 fully installed using the i386cd.iso image,
so I tested with that.

> - Networking related changes: you will have to enable
>   forwarding on the host.  You will likely need to add static
>   routes or update your NAT rules or both.  You may have to
>   run dhcp proxy on the host....  Someone should come up with
>   a script that figures out the right thing to do based on
>   your setup.

Right; I have PF set up to do that. I love PF. With user-mode
networking, though, you don't need this.

> Some random thoughts:
> 
> * When qemu opens the tap device, it always returns a new
>   device.  You can change this behavior by patching vl.c.  On
>   line 1104 change the `for' loop to start at 0 instead of -1
>   -- line # as per the patched sources in the FreeBSD port.
>   This loop first tries /dev/tap and then /dev/tap0,
>   /dev/tap1 and so on.  The change skips /dev/tap.

Actually, I didn't see this. It kept using /dev/tap, but it was showing
up in ifconfig as tap0. Weird.

> * I am not sure if removing suser() test in if_tap.c is the
>   right thing to do from a security perspective so I left this
>   alone.

My _guess_ is that it would prevent any old user from creating 52k tap
devices, and the consequential resource starvation. I'm going to see if
I can't add a sysctl to control this; watch hackers@ and security@ for a
post by me in the near future.

> * I don't see why /dev/tap is an exclusive open device.  If
>   multiple opens were allowed, a number of VMs can be on the
>   same simulated network.  That is, qemu for each guest can
>   open the same device and they will all *see* each other as
>   well as the host!

Do you mean each /dev/tap interface being exclusive? Well, it _is_ bound
to the individual process, which may have something to do with it.
 
> * I first thought qemu should also have a qemu-ifdown script
>   but may be it is better to wrap qemu in a shell script that
>   does the initial setup and final cleanup.

Perhaps a good idea. It's more configurable that way, too.
 
> * It would be nice if qemu exited only on a power down
>   event instead of a reboot.  May be as an option.

Again, a good idea, at least IMO.
 
> Overall this is a very impressive emulator!  So far I have
> brought up Linux, FreeBSD-5.2.1 and a trial version of Window
> 2003.  Kudos to Fabrice Bellard and the other wizardly
> programmers!

Indeed. 't is quite wonderful.

-- 
I abhor a system designed for the "user", if that word is a coded
pejorative meaning "stupid and unsophisticated".  -- Ken Thompson
-
Unix is user friendly. However, it isn't idiot friendly.

pgpOaMpBGNzb_.pgp
Description: PGP signature