Page MenuHomeFreeBSD
Differential D42510

bhyve: Add a slirp network backend
ClosedPublic
Actions

Authored by markj on Nov 8 2023, 6:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 13, 9:27 AM
Unknown Object (File)
Tue, Nov 12, 8:46 PM
Unknown Object (File)
Tue, Nov 12, 8:01 PM
Unknown Object (File)
Oct 3 2024, 11:01 PM
Unknown Object (File)
Oct 1 2024, 12:49 PM
Unknown Object (File)
Sep 28 2024, 12:25 AM
Unknown Object (File)
Sep 26 2024, 4:01 PM
Unknown Object (File)
Sep 23 2024, 9:53 PM
View All 80 Files
Subscribers
afedorov
bcran
bz
corvink
eduardo
imp
jhb
View All 11 Subscribers

Details

Reviewers
rew
jhb
Group Reviewers
bhyve
Commits
rG8b6d3fb0a79c: bhyve: Add a slirp network backend
rGc5359e2af5ab: bhyve: Add a slirp network backend
Summary

This enables a subset of the functionality provided by QEMU's user
networking implementation. In particular, it uses net/libslirp, the
same library as QEMU.

libslirp is permissively licensed but has some dependencies which make
it impractical to bring into the base system (glib in particular). I
thus opted to make bhyve dlopen the libslirp.so, which can be installed
via pkg. The library header is imported into bhyve.

The slirp backend takes a "hostfwd" which is identical to QEMU's
hostfwd. When configured, bhyve opens a host socket and listens for
connections, which get forwarded to the guest. For instance,
"hostfwd=tcp::1234-:22" allows one to ssh into the guest by ssh'ing to
port 1234 on the host, e.g., via 127.0.0.1. I didn't try to hook up
guestfwd support since I don't personally have a use-case for it yet,
and I think it won't interact nicely with the capsicum sandbox.

The data path is kind of complicated because there's quite a lot of
callbacks involved. When the backend receives a packet to be sent to
the guest, libslirp calls slirp_cb_send_packet(), which puts the packet
into a socket buffer, to be read by the mevent thread in slirp_recv().
Packets transmitted by the guest are handed to slirp_send(), which calls
slirp_input() to perform library processing.

We use a dedicated thread to handle events; the slirp interface is
really designed for a thread which calls poll(), so it was cleaner to
add a new event loop rather than try to translate between pollfds and
mevent. This loop polls for incoming connection requests and handles
libslirp timeout events (retransmits, etc.). A mutex is used to
serialize calls into libslirp after initialization is done.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Nov 8 2023, 6:05 PM
Herald added a reviewer: bhyve. · View Herald TranscriptNov 8 2023, 6:05 PM
Herald added subscribers: bcran, rgrimes, imp. · View Herald Transcript
markj requested review of this revision.Nov 8 2023, 6:05 PM
Harbormaster completed remote builds in B54334: Diff 129870.Nov 8 2023, 6:05 PM
afedorov added a subscriber: afedorov.Nov 8 2023, 6:26 PM
zlei added a subscriber: zlei.Nov 9 2023, 1:18 AM
bz added a subscriber: bz.Nov 9 2023, 11:12 AM

May I ask what use case you have for this? I am just wondering what this will solve that cannot be done already?

eduardo added a subscriber: eduardo.Nov 9 2023, 12:27 PM
markj added a comment.Nov 9 2023, 2:36 PM
In D42510#970280, @bz wrote:

May I ask what use case you have for this? I am just wondering what this will solve that cannot be done already?

It lets one access a VM without requiring any network configuration. In particular, you don't have to be root to configure networking. This removes one obstacle to running bhyve as a non-root user.

In my case, I use QEMU (and its user networking, which also uses libslirp) to automate running the test suite for different architectures, and I do this as a normal user. I would like to use bhyve instead.

bz added a comment.Nov 10 2023, 1:17 AM
In D42510#970286, @markj wrote:
In D42510#970280, @bz wrote:

May I ask what use case you have for this? I am just wondering what this will solve that cannot be done already?

It lets one access a VM without requiring any network configuration. In particular, you don't have to be root to configure networking. This removes one obstacle to running bhyve as a non-root user.

Can you put the bit (running bhyve as non-root user/no network config needed) somewhere into the description/proposed commit message as that'll help understand.

imp added inline comments.Nov 10 2023, 10:43 PM
usr.sbin/bhyve/libslirp.h
2

Is there an upstream for this file? Should we track it via contrib? Or is it slow moving enough that it wouldn't help much.

markj added inline comments.Nov 11 2023, 4:53 AM
usr.sbin/bhyve/libslirp.h
2

It's here: https://gitlab.freedesktop.org/slirp/libslirp

I think it's ok to keep it here. Assuming that the library is maintained properly, I expect it to stay ABI-compatible with this header. SlirpConfig may be extended but it has its own versioning scheme. I don't feel too strongly about this though. We could import libslirp, but it can't be built as part of the base system. (The glib dependency means that we can't build it; I think libslirp's use of glib is simple enough that we could shim it away. That's on my list of things to look into, but I think using dlopen() isn't too bad...)

I'll copy the libslirp copyright file into this header.

rew accepted this revision as: rew.Nov 12 2023, 7:54 AM
rew added a subscriber: rew.

Tested and works as expected - this will be nice to have, thanks.

This revision is now accepted and ready to land.Nov 12 2023, 7:54 AM
markj planned changes to this revision.Nov 12 2023, 3:52 PM
In D42510#970849, @rew wrote:

Tested and works as expected - this will be nice to have, thanks.

Thanks for testing.

I realized today that instantiating a libslirp context per NIC is wrong, it'll break DHCP. The libslirp context should be global, like the libslirp.so handle. I'm not sure why one might use more than one slirp interface with a VM but that's probably due to a lack of imagination.

markj updated this revision to Diff 129978.Nov 12 2023, 3:53 PM
  • Remove -fsanitize.
  • Add a license header to libslirp.h, copied from libslirp/COPYRIGHT.
  • Add a herald comment, to be expanded, and remove some copy-pasted comments.
Harbormaster completed remote builds in B54376: Diff 129978.Nov 12 2023, 3:54 PM
markj updated this revision to Diff 130030.Nov 13 2023, 7:00 PM

Let multiple hostfwd rules be delimited by semicolons. This is a bit
ugly since it requires escaping in the shell. I had an alternate implementation
which lets config.c optionally handle multiple values for a config node, but
it was a bit complex.

Add some comments.

Harbormaster completed remote builds in B54395: Diff 130030.Nov 13 2023, 7:00 PM
markj added a comment.Nov 13 2023, 7:04 PM
In D42510#970887, @markj wrote:

I realized today that instantiating a libslirp context per NIC is wrong, it'll break DHCP. The libslirp context should be global, like the libslirp.so handle. I'm not sure why one might use more than one slirp interface with a VM but that's probably due to a lack of imagination.

In fact, one slirp context per NIC appears to be the way to go. At least, that's what QEMU does. Having a global instance doesn't really work with multiple network devices, if only because it becomes unclear which device slirp_send() should be handing packets to.

In D42510#971248, @markj wrote:

Let multiple hostfwd rules be delimited by semicolons. This is a bit
ugly since it requires escaping in the shell. I had an alternate implementation
which lets config.c optionally handle multiple values for a config node, but
it was a bit complex.

If anyone is interested, the alternate implementation is here: https://reviews.freebsd.org/D42572

markj edited the summary of this revision. (Show Details)Nov 14 2023, 2:21 PM
markj updated this revision to Diff 130074.Nov 14 2023, 2:22 PM

Update the man page to document support for multiple hostfwd rules.

Harbormaster completed remote builds in B54416: Diff 130074.Nov 14 2023, 2:22 PM
jhb added a subscriber: jhb.Nov 15 2023, 7:02 PM

Would it be worth having a separate slirp.c perhaps for the bits in net_backends.c? I think you could also then just drop BHYVE_SLIRP. If people ever wanted this optional we could make adding slirp.c to SRCS conditional on MK_BHYVE_SLIRP or the like. Impressed that it fits into the existing net_backends abstraction as-is.

This is definitely a feature people have requested over the years, and this is the last major obstacle to non-root bhyve IIRC.

jhb added a comment.Nov 15 2023, 7:03 PM

Oh, also, bhyve_config.5 probably needs updating?

markj added a comment.Nov 15 2023, 7:50 PM
In D42510#972442, @jhb wrote:

Would it be worth having a separate slirp.c perhaps for the bits in net_backends.c?

Yes, though this will require a bit of refactoring since all of the net_backend bits are private to net_backend.c. To make things consistent, I'd move each backend into its own file. I think we'd end up with net_backend.c, net_backend_tap.c, net_backend_netgraph.c, net_backend_netmap.c, net_backend_slirp.c.

corvink added a subscriber: corvink.Nov 16 2023, 6:22 AM

I do agree with jhb. Why do we need to make it optional? If there's no use case, just drop BHYVE_SLIRP. We can add it later if required.

jhb added a comment.Nov 20 2023, 10:35 PM
In D42510#972447, @markj wrote:
In D42510#972442, @jhb wrote:

Would it be worth having a separate slirp.c perhaps for the bits in net_backends.c?

Yes, though this will require a bit of refactoring since all of the net_backend bits are private to net_backend.c. To make things consistent, I'd move each backend into its own file. I think we'd end up with net_backend.c, net_backend_tap.c, net_backend_netgraph.c, net_backend_netmap.c, net_backend_slirp.c.

Ah, ok. That refactoring would be fine with me, but I'd also be fine if it was just net_backend_slirp.c for now and the others were split out later? I'm not sure tied to it either way though.

markj updated this revision to Diff 130358.Nov 20 2023, 11:08 PM
  • Rebase on top of D42689.
  • Move the slirp backend into its own file.
  • Add a dummy notify callback.
  • Bump the socket buffer size.
  • Avoid using warn()/err().
Herald added a subscriber: jonathan. · View Herald TranscriptNov 20 2023, 11:08 PM
Harbormaster completed remote builds in B54530: Diff 130358.Nov 20 2023, 11:09 PM
markj updated this revision to Diff 130359.Nov 20 2023, 11:24 PM

Update bhyve_config.5.

Harbormaster completed remote builds in B54531: Diff 130359.Nov 20 2023, 11:24 PM
corvink added inline comments.Nov 21 2023, 7:31 AM
usr.sbin/bhyve/net_backends.c
54–55 ↗(On Diff #130359)

This seems unrelated to this patch.

markj marked an inline comment as done.Nov 21 2023, 3:34 PM
markj added inline comments.
usr.sbin/bhyve/net_backends.c
54–55 ↗(On Diff #130359)

I removed this change in my local tree.

jhb accepted this revision.Nov 22 2023, 5:59 PM
This revision is now accepted and ready to land.Nov 22 2023, 5:59 PM
Closed by commit rGc5359e2af5ab: bhyve: Add a slirp network backend (authored by markj). · Explain WhyNov 22 2023, 8:20 PM
This revision was automatically updated to reflect the committed changes.
markj marked an inline comment as done.
markj added a commit: rGc5359e2af5ab: bhyve: Add a slirp network backend.
markj added a commit: rG8b6d3fb0a79c: bhyve: Add a slirp network backend.Dec 26 2023, 2:08 AM

Revision Contents
Changeset List

PathSize
usr.sbin/
bhyve/
1 line
20 lines
22 lines
365 lines
662 lines

Diff 130442

View Options

usr.sbin/bhyve/Makefile

Loading...
View Options

usr.sbin/bhyve/bhyve.8

Loading...
View Options

usr.sbin/bhyve/bhyve_config.5

Loading...
View Options

usr.sbin/bhyve/libslirp.h

Loading...
View Options

usr.sbin/bhyve/net_backend_slirp.c

Loading...