Skip to content

feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+ #4394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
norio-nomura wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+ #4394

norio-nomura wants to merge 2 commits into from

Conversation

@norio-nomura
Copy link
Contributor

@norio-nomura norio-nomura commented Nov 22, 2025

Based on VMNET_SHARED_MODE, and VMNET_HOST_MODE

networks:
- vzShared: true
- vzHost: true

But, to sharing network between multiple VMs, VZVmnetNetworkDeviceAttachment requires VMs are launched by same process.

It depends on Code-Hex/vz#205

@norio-nomura
Copy link
Contributor Author

norio-nomura commented Nov 22, 2025

Currently, both vzShared and vzHost have almost the same functions as vzNAT.

AkihiroSuda
AkihiroSuda reviewed Nov 22, 2025
View reviewed changes
@AkihiroSuda
Copy link
Member

AkihiroSuda commented Nov 22, 2025

Currently, both vzShared and vzHost have almost the same functions as vzNAT.

Any advantage using them?

@norio-nomura
Copy link
Contributor Author

norio-nomura commented Nov 22, 2025

Currently, both vzShared and vzHost have almost the same functions as vzNAT.

Any advantage using them?

As far as the API is concerned, customization that is not supported by vzNAT should be possible.
https://github.com/Code-Hex/vz/pull/205/files#diff-d7ec6a7a97f55e264883085a4676c2b0a5466a657e0e87312accd40caa67295dR80-R106
I still don't know what can be done with those APIs (including unimplemented).

@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch from 07eebec to 270556e Compare December 3, 2025 07:59
@norio-nomura
Copy link
Contributor Author

norio-nomura commented Dec 3, 2025
edited
Loading

Obsoleted by changes

Added limactl vz-vmnet-shared

It shares VmnetNetwork serialization between VMs using SharedMode.

  • limactl vz-vmnet-shared --enable-mach-service: register Mach service and launch
  • limactl vz-vmnet-shared --enable-mach-service=false: unregister Mach service

When the limactl executable file is updated due to rebuilds, etc., the VM using the serialization data held by the Mach server before the update cannot be booted.
It is necessary to add a version check and restart the service as appropriate.
Also, it seems that it cannot be used with an external vz driver.~~

@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch 2 times, most recently from 81d4cc6 to 57553f8 Compare December 4, 2025 01:54
@norio-nomura
feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+
0f6d2d9 
Based on `VMNET_SHARED_MODE`, and `VMNET_HOST_MODE`
```yaml
networks:
- vzShared: true
- vzHost: true
```
But, to sharing network between multiple VMs, `VZVmnetNetworkDeviceAttachment` requires VMs are launched by same process.

It depends on Code-Hex/vz#205

Signed-off-by: Norio Nomura <norio.nomura@gmail.com>
@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch 3 times, most recently from 1fe9e8a to 433432d Compare December 15, 2025 05:19
@norio-nomura
feat: Add limactl vz-vmnet
adf5456 
It shares `VmnetNetwork` serialization between VMs.
- `limactl vz-vmnet --enable-mach-service`: register Mach service and launch
- `limactl vz-vmnet --enable-mach-service=false`: unregister Mach service

`limactl vz-vmnet` does:
- Receives a registration payload from VZ driver with fields:
  - `Network`: name of the network ("shared", "host", etc)
  - `CDHash`: `cdhash` bytes of the executable.
  - `Configuration`: `[]bytes@ representing `VzNetworkConfig` in JSON.
  - `Serialization`: serialization created by `VmnetNetwork.CopySerialization()`
- Validates the provided cdhash matches to client's cdhash by using xpc_peer_requirement API.
- Check the existence of the host interface using `VzNetworkConfig.Subnet`.
- If the cdhash is valid and the interface is not exists, accepts registration to serialization entries.
- If `Serialization` is not in payload and the network registration exists,
  reply the payload to client if the registered network still exists.
- reply error on otherwise.

VZ driver does:
- Check the existence of the host interface using `VzNetworkConfig.Subnet`.
- If exists:
  - Retrieves the existing registration payload from `lima vz-vmnet`.
  - Validate cdhash in payload matches with the self cdhash
  - If the `VzNetworkConfig` changed, produce a warning to log
  - Create a VmnetNetwork from the serialization
- If not exists, Create a VmnetNetwork from `VzNetworkConfig`, and register them to `lima vz-vmnet`

Signed-off-by: Norio Nomura <norio.nomura@gmail.com>
@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch from 433432d to adf5456 Compare December 15, 2025 05:32
@norio-nomura
Copy link
Contributor Author

norio-nomura commented Dec 16, 2025
edited
Loading

In the latest commit, the serialization of VmnetNetwork created with VZ driver (hostagent) is shared with other VMs via limactl vz-vmnet.
However, it was found that when the process that first started (or created?) VmnetNetwork ended, Vmnet would also end. Even if Vmnet is still in use in other VMs, it will end.
It is necessary to change limactl vz-vmnet to start VmnetNetwork and pass serialization to VMs. And with that mechanism, this VmnetNetwork will actually not be available with the external VZ driver that uses another executable file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@norio-nomura @AkihiroSuda