From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-4.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.5 Received: by atuin.qyliss.net (Postfix, from userid 496) id 10F2EBD9C; Wed, 14 Apr 2021 20:49:49 +0000 (UTC) Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 0D9EBBD8F; Wed, 14 Apr 2021 20:49:43 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id 38EB9BCF8; Wed, 14 Apr 2021 20:49:41 +0000 (UTC) Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by atuin.qyliss.net (Postfix) with ESMTPS id 80C84BCF6 for ; Wed, 14 Apr 2021 20:49:37 +0000 (UTC) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id B434CCA9; Wed, 14 Apr 2021 16:49:35 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 14 Apr 2021 16:49:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=BbvsuoDP7yWcs6758ZgNf0Ab7Hs L6gzhBku8fs9JrhQ=; b=Rc/4fF25HU5OW/S3dUEEzcZny5YkeGbmTwSIatBoomM Enwn8qJhcaC5giWGG7TuyC87YdZRlDwIyXI7yZHyFIlNRlBonMbHJ8jJzRKCEj4U qJhov6nbNXRtrClzntxRRK1ICyXJhcmXR4BYqJpt0MaUuCH2S49yYsisMaN8zsTI sGJIIdmchttHkLNNGFCsAWZTgFGEzingcYh5bkVHWv4btGpXJOjKYKKXd4aU9TBb XcEKwN4Y8C7aSjJUvQ8NB96EMVRblwTnUcJmbhTrjnzzRWxkl1MB1ukKRsFO/iKW NK3mAE/fTBCRX1ikh4u6641pSGN6yUbd7HcamceDs8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Bbvsuo DP7yWcs6758ZgNf0Ab7HsL6gzhBku8fs9JrhQ=; b=HA2drKEZUcQK3TpMfw5KWH S1OikVkvqJchPo9wjgPWU1mPitPvAzK2TiBWSRY0ssSGcIUAGtQXXf32xd29ngKR yMYl2B7rEEdi0UXOTiC7b5ogfCI9t2t4JsVp+bPn6IvkR9h4BrNKFAFtGa6p9coa ooGuOzGy1xX8vUpMvGfxqMRwJnVS4upuyO6JFJoEYd7ESZhaSmSWUVCmo5RTf/4A By1+pm1loxh/URx6HrKF1GOMj09bjyvocAMnbpBYEfFO1ICZ8q/Mm6DSpX27hWdy f9bQcXt0aL7m0RHiWpnLlvJr7QitARmrfXCjn10LzjQVh+5pHQ9vEXiEYUbs6UFg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudeluddgudehiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesghdttdertddtvdenucfhrhhomheptehlhihs shgrucftohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepfe dtudevjeeuleeluedufeeggeejffduffekhffhfeevkeetkeeuhfetffffkedunecuffho mhgrihhnpehkvghrnhgvlhdrohhrghdpghhoohhglhgvshhouhhrtggvrdgtohhmpdhshi hsqdhvmhhsrdhnvghtnecukfhppeekgedrudekgedrvddviedrkedunecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepqhihlhhishhssegvvhgvrd hqhihlihhsshdrnhgvth X-ME-Proxy: Received: from eve.qyliss.net (p54b8e251.dip0.t-ipconnect.de [84.184.226.81]) by mail.messagingengine.com (Postfix) with ESMTPA id 0282224005A; Wed, 14 Apr 2021 16:49:35 -0400 (EDT) Received: by eve.qyliss.net (Postfix, from userid 1000) id CB9A2EFE; Wed, 14 Apr 2021 20:49:31 +0000 (UTC) Date: Wed, 14 Apr 2021 20:49:31 +0000 From: Alyssa Ross To: Cole Helbling Subject: Re: [PATCH nixpkgs 14/16] spectrumPackages.sys-vms.net: init Message-ID: <20210414204931.bs373beu65kdpl6e@eve.qyliss.net> References: <20210411115740.29615-1-hi@alyssa.is> <20210411115740.29615-15-hi@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="btk5toronj4mpity" Content-Disposition: inline In-Reply-To: <20210411115740.29615-15-hi@alyssa.is> Message-ID-Hash: XMT5OYD5CBP3E4JNDMXNMLDT3HPTZQBB X-Message-ID-Hash: XMT5OYD5CBP3E4JNDMXNMLDT3HPTZQBB X-MailFrom: qyliss@eve.qyliss.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: devel@spectrum-os.org X-Mailman-Version: 3.3.4 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --btk5toronj4mpity Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Apr 11, 2021 at 11:57:38AM +0000, Alyssa Ross wrote: > This is a VM that acts as a router. It handles talking to network > hardware, and other VMs can be connected to it by attaching virtual > ethernet devices. > > It expects to get a physical ethernet device passed through to it > using VFIO. Wi-Fi should work too, but would need to be configured so > I've stuck with Ethernet for now. We use ConnMan[1] to configure > physical network interfaces, and it automatically takes care of DHCP > and stuff for us. I chose ConnMan over NetworkManager because it was > easier to get set up. > > Virtual ethernet devices are identified by a specific OUI in their MAC > address. The NIC part of the MAC address is used to encode the last > three octets of the IPv4 address this VM should assign to the > interface. This way, the host can tell this VM what the address of > each virtual interface is without having to resort to a secondary > communication channel. The first octet will always be 100, as the > intention is to use the IPv4 shared address space (aka the CGNAT > space) for inter-VM networks to match the behaviour of Chromium OS[2]. > > Every networking client will be connected to a router VM with a /31, > where the low address is for the router, and the high address is for > the client. This way the host's job is as simple as possible -- it > just has to connect two TAPs together, without worrying about any > routing rules or anything -- that can all happen in the VM. This does > mean that the router has to have a virtio-net device for every client, > though. We may run into scaling limitations with this approach, in > which case we might have to revisit how this works on the host. > > [1]: https://git.kernel.org/pub/scm/network/connman/connman.git/about/ > [2]: https://chromium.googlesource.com/chromiumos/platform2/+/39e48f668a937d266638f3f7d31d3427a4966464/patchpanel/address_manager.cc#13 > --- > .../os-specific/linux/spectrum/vm/default.nix | 2 + > .../linux/spectrum/vm/net/default.nix | 165 ++++++++++++++++++ > 2 files changed, 167 insertions(+) > create mode 100644 pkgs/os-specific/linux/spectrum/vm/net/default.nix Cole, if you want to test this, you'll probably need the following additional diff to make it work with your hardware. It's quite clearly time to support loadable modules in this VM, but I'd like to leave that for a follow up after this series is sorted. diff --git i/pkgs/os-specific/linux/spectrum/vm/net/default.nix w/pkgs/os-specific/linux/spectrum/vm/net/default.nix index 079311c80e6..1deb7031caf 100644 --- i/pkgs/os-specific/linux/spectrum/vm/net/default.nix +++ w/pkgs/os-specific/linux/spectrum/vm/net/default.nix @@ -6,6 +6,7 @@ runCommand "vm-net" rec { linux = linux_vm.override { structuredExtraConfig = with lib.kernel; { E1000E = yes; + IGB = yes; PACKET = yes; IP_NF_NAT = yes; --btk5toronj4mpity Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmB3VVoACgkQ+dvtSFmy ccANWxAAqWR9ObzNQgEhlZ8SSreNR4rh95hsLCnZYqPWsTBIWfcphfICme7Zef3a lfXvqQigESq9/Gq+p+uk/kWurg4q531JyHUlfDGEs+8+/reqsFECnAHw/VEgXSC2 40d/Ms+ztEoVLfU8LDDI5awtovQXCmTBC7eBy9SSp0zxAZNCvWZUvPPB4JbKJAmB my/saWDjV50eJQSEGtKTSbl8RdxFVDySORzXkR5PULSoTSNlxef2qHpEetWmpnH+ 43oRHQZIJCRj7ctLhD9/bdUgzXB97VAvXmCMiY4yw6aOi8MaQtF6OH3OVxarlCQ9 KnzMTSoBFaGCXQaAEPd/qIPgzK6YsUlmIhulT/VsIJGc2ypx33CrYwpa4TsmHJXt ZRMF6UqaJDpt6/WibDG5xiy6AqbwcpgQl6Xw5VovFV86z7MxKMpaOpbzaeFzGmvq fJdY/tT1bS+4LRnYs9cGjnMnRaKlB2iyhR5xw5X6K/zby3yU33HeXgsakETErfQP ZCGEAxP6B6pJFBuuBICUPhOd6im8MZjdLH3olcjVLIPqI07lqQ4/BD6N5tGRrdhD 8vFJYVU8ajmGgfRyD/3sddpsqH0UR1s2C5eAAz5D+P/2v33Ly3zHwp+qTn/Zm7Dn u/1YBepdfQoUCKSy5dTrF1U95RlmMsk5BBNjGjkYSG8A+GC1HDg= =YPNC -----END PGP SIGNATURE----- --btk5toronj4mpity--