IOMMU isolated network support #47

Manually merged

ryan merged 15 commits from iommu-net into main 2025-05-01 20:46:10 +00:00

Conversation 0 Commits 15 Files Changed 43 +1034 -77

lrvick commented 2025-05-01 16:50:02 +00:00

Owner

Copy Link

Features

• Tethering from mobile device
  • iOS is more complex, but tested
• PCI ethernet passthrough
  • Any ethernet devices are automatically passed to netvm
• Push/pull files from netvm
• Attach USB devices to netvm
  • for tethering, or anything else

Usage

netvm

	Control network vm headlessly via QMP protocol

	Usage:
	  netvm start
	      Start headless network vm in the background
	  netvm stop
	      Stop headless network vm
	  netvm shell
	      Start interactive network vm in the foreground
      netvm attach <usb-id>
          Forward a USB device from the host to the netvm Guest
	  netvm status
	      Get hostname and uptime from running network vm
      	  netvm attach <vendorid:deviceid>
	      Hot-plug a USB device to network VM
	  netvm push <local-path> <remote-path>
	      Push a local file to the network VM
	  netvm pull <remote-path> <local-path>
	      Pull a file from the network VM
	  netvm run "<command>"
	      Run a command in network vm and get stdout

Example

Download new airgap.iso from within netvm:

netvm start
netvm attach xxx:xxx
netvm run nohup usbmuxd
netvm run nohup dhcpcd
netvm run wget http://216.176.190.42/airgap.iso
netvm run sha256sum airgap.iso

Known issues

• MVP implementation of netvm frontend is in shell and bad at unicode handling atm
• Socket flushing is currently slow due to the "0xFF" flush bit not working as documented
• Looking to address both of the above issues in a straight port to rust as a fast follow
• Attaching network devices is still manual. Will be addressed by udev rules after more testing

### Features - Tethering from mobile device - iOS is more complex, but tested - PCI ethernet passthrough - Any ethernet devices are automatically passed to netvm - Push/pull files from netvm - Attach USB devices to netvm - for tethering, or anything else ### Usage ``` netvm Control network vm headlessly via QMP protocol Usage: netvm start Start headless network vm in the background netvm stop Stop headless network vm netvm shell Start interactive network vm in the foreground netvm attach <usb-id> Forward a USB device from the host to the netvm Guest netvm status Get hostname and uptime from running network vm netvm attach <vendorid:deviceid> Hot-plug a USB device to network VM netvm push <local-path> <remote-path> Push a local file to the network VM netvm pull <remote-path> <local-path> Pull a file from the network VM netvm run "<command>" Run a command in network vm and get stdout ``` ## Example Download new airgap.iso from within netvm: ``` netvm start netvm attach xxx:xxx netvm run nohup usbmuxd netvm run nohup dhcpcd netvm run wget http://216.176.190.42/airgap.iso netvm run sha256sum airgap.iso ``` ### Known issues - MVP implementation of netvm frontend is in shell and bad at unicode handling atm - Socket flushing is currently slow due to the "0xFF" flush bit not working as documented - Looking to address both of the above issues in a straight port to rust as a fast follow - Attaching network devices is still manual. Will be addressed by udev rules after more testing

lrvick added 12 commits 2025-05-01 16:50:04 +00:00

b64d76b60d

wip

18fa25b87e

feat: initial qemu-ga based netvm command to control guest

ea07569187

feat: netvm push/pull support, fixed run, and lots of cleanup

3985d8ac19

feat: netvm start now auto-attaches network pci devices

22469ca0b9

feat: block netvm start until qemu responds to pings

b980eb3a97

feat: add dhcpcd to netvm

bb2f87d471

fix: netvm start edge case handling

24a254a914

fix: overhaul socket buffer handling for far higher stability and blocking boot

d1229c0f45

feat: add netvm shell for raw shel access

06010bea59

fix: add shell command to supported command list

c608ad5ccd

feat: add hot plugging for usb devices

723ba49cd3

fix: add missint cmd

lrvick changed title from iommu-net to IOMMU isolated network support 2025-05-01 17:10:24 +00:00

anton added 1 commit 2025-05-01 17:52:02 +00:00

72efb86b6f

fix: rename from repros to airgap-guest

lrvick added 1 commit 2025-05-01 20:21:36 +00:00

73ab8eae21

Merge branch 'main' into iommu-net

anton added 1 commit 2025-05-01 20:42:00 +00:00

8722409004

fix: remove git hooks

ryan manually merged commit 133a7c9b5b into main 2025-05-01 20:46:10 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/airgap#47

No description provided.