From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTP id 1A6645A005E
	for <passt-dev@passt.top>; Mon,  9 Jan 2023 05:11:16 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1673237474;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=g1JHUZ5vsOEt4Na34RwA1AWVmvlcmwgc3QZC42mj740=;
	b=MpdJ65MyXmTYSCWYWgpEu8GYIpXkHRgg+a9TpMCvBxiigmokBoLUPG3ZhoYBj2WQ1Z12hg
	dycVoqLY4pPuJ0ne8SzmGAYHTIpxm/ezOZcOKKBsGNPA5Qtkaa02FICIheZEEcJgVx1QXh
	DHFVPnm0K6kWJw8Up2OdmnIxJPwZF8g=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-27-XkBAEPjiNqyNyE7hmmBFRw-1; Sun, 08 Jan 2023 23:11:13 -0500
X-MC-Unique: XkBAEPjiNqyNyE7hmmBFRw-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 64DA03C01DE3
	for <passt-dev@passt.top>; Mon,  9 Jan 2023 04:11:13 +0000 (UTC)
Received: from vhost3.router.laine.org (unknown [10.2.16.67])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 14CE51121314;
	Mon,  9 Jan 2023 04:11:13 +0000 (UTC)
From: Laine Stump <laine@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 0/9] Support libvirt-managed QEMU domain <interface> backed by a passt process
Date: Sun,  8 Jan 2023 23:11:03 -0500
Message-Id: <20230109041112.368790-1-laine@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: S372JQNIAWUW7HDLQMB7XC4GUYRVXKIT
X-Message-ID-Hash: S372JQNIAWUW7HDLQMB7XC4GUYRVXKIT
X-MailFrom: laine@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: sbrivio@redhat.com, passt-dev@passt.top
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20230109041112.368790-1-laine@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/S372JQNIAWUW7HDLQMB7XC4GUYRVXKIT/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

passt (https://passt.top) provides a method for connecting a guest to
the larger network without requiring any elevated privileges. This set
of patches allows libvirt/QEMU users to easily configure a QEMU domain to
use passt for the backend of any emulated network interface.

More details are in the individual patches, but the short explanation is that
you will use:

   <interface type='user'>
     <backend type='passt'>
     ...

to select the passt backend. (We decided to do it this way since the
concept is so similar to slirp, which was the original "type='user'")

The following caveats currently apply:

1) passt support requires "-netdev stream" in QEMU, which is only
   available starting with qemu-7.2.0. So if you want to test these
   patches out, you need the latest upstream release of QEMU.

2) SELinux must be set to "permissive". This is of course
   temporary. As I understand it, the remedy to this is a new SELinux
   profile for the passt binary, which is outside the control of
   libvirt and so not something that can be addressed in this patchset
   (or any other patch to libvirt).

3) Although there is a a new option for QEMU's -netdev that will tell
   QEMU to attempt to reconnect to a new incarnation of the same
   socket if passt unexpectedly exits, and a new QEMU event that will
   be put into QEMU to inform libvirt that the passt process has
   exited (so that it can start a new, identical passt process), I
   think this hasn't been pushed upstream yet (??), and I haven't
   implemented any support for it here. So, if the passt process
   unexpectedly exits, the guest will be without networking. However,
   Stefano (passt author) is emphatic that passt will never
   unexpectedly exit :-)

passt has *many* other options that libvirt could support, but the
small subset here are the things that seem most useful (and/or were
specifically requested by prospective users of passt). It is always
easier to add more stuff in the future than to remove "mistakes", so I
tried to no go overboard.

Laine Stump (9):
  conf: rename virDomainNetBackend* to virDomainNetDriver*
  conf: move anonymous backend struct from virDomainNetDef into its own
    struct
  conf: put interface <backend> parsing/formatting separate functions
  conf: add passt XML additions to schema
  conf: parse/format passt-related XML additions
  qemu: new capability QEMU_CAPS_NETDEV_STREAM
  qemu: add passtStateDir to qemu driver config
  qemu: hook up passt config to qemu domains
  specfile: require passt for the build if fedora >= 36 or rhel >= 9

 docs/formatdomain.rst                         |  95 +++++-
 libvirt.spec.in                               |   7 +
 meson.build                                   |   1 +
 po/POTFILES                                   |   1 +
 src/conf/domain_conf.c                        | 303 ++++++++++++++++--
 src/conf/domain_conf.h                        |  64 +++-
 src/conf/domain_validate.c                    |  32 +-
 src/conf/schemas/domaincommon.rng             |  65 ++++
 src/conf/virconftypes.h                       |   6 +
 src/libvirt_private.syms                      |   1 +
 src/qemu/meson.build                          |   2 +
 src/qemu/qemu_capabilities.c                  |   4 +
 src/qemu/qemu_capabilities.h                  |   3 +
 src/qemu/qemu_command.c                       |  11 +-
 src/qemu/qemu_command.h                       |   3 +-
 src/qemu/qemu_conf.c                          |   2 +
 src/qemu/qemu_conf.h                          |   1 +
 src/qemu/qemu_domain.c                        |   5 +-
 src/qemu/qemu_domain.h                        |   3 +-
 src/qemu/qemu_driver.c                        |  12 +
 src/qemu/qemu_extdevice.c                     |  25 +-
 src/qemu/qemu_hotplug.c                       |  26 +-
 src/qemu/qemu_interface.c                     |   8 +-
 src/qemu/qemu_passt.c                         | 284 ++++++++++++++++
 src/qemu/qemu_passt.h                         |  38 +++
 src/qemu/qemu_process.c                       |   1 +
 src/qemu/qemu_validate.c                      |   9 +-
 src/security/virt-aa-helper.c                 |   2 +-
 .../caps_7.2.0.x86_64.xml                     |   1 +
 tests/qemuxml2argvdata/net-user-passt.args    |  34 ++
 .../net-user-passt.x86_64-latest.args         |  37 +++
 tests/qemuxml2argvdata/net-user-passt.xml     |  57 ++++
 tests/qemuxml2argvtest.c                      |   2 +
 tests/qemuxml2xmloutdata/net-user-passt.xml   |   1 +
 tests/qemuxml2xmltest.c                       |   1 +
 35 files changed, 1087 insertions(+), 60 deletions(-)
 create mode 100644 src/qemu/qemu_passt.c
 create mode 100644 src/qemu/qemu_passt.h
 create mode 100644 tests/qemuxml2argvdata/net-user-passt.args
 create mode 100644 tests/qemuxml2argvdata/net-user-passt.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/net-user-passt.xml
 create mode 120000 tests/qemuxml2xmloutdata/net-user-passt.xml

-- 
2.38.1