Plumbing for networking
Design doc in progress. https://docs.google.com/document/d/1aGDddtG8Z3_OXds-yqCE1Y3ZAAQGzV-Tc-kfkX-7qD0/view
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/30df36c00ceed2a3c800c2f405634b3a3af4a3bb commit 30df36c00ceed2a3c800c2f405634b3a3af4a3bb Author: Stephen Barber <smbarber@chromium.org> Date: Mon Apr 17 21:06:22 2017 termina: add networking upstart conf For now, configure networking via kernel command line arguments. When we have a more robust solution, that should be used instead. Also remove unnecessary udev conf file, and use a second virtio block device as the container rootfs if available. BUG= chromium:703920 TEST=launch lkvm with modified kernel command line, check that eth0 is set up Change-Id: Idf155ddc465e55fa25a5f97958fb18b101d730f0 Reviewed-on: https://chromium-review.googlesource.com/475980 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> [modify] https://crrev.com/30df36c00ceed2a3c800c2f405634b3a3af4a3bb/project-termina/chromeos-base/chromeos-bsp-termina/files/container.conf [add] https://crrev.com/30df36c00ceed2a3c800c2f405634b3a3af4a3bb/project-termina/chromeos-base/chromeos-bsp-termina/files/network.conf [rename] https://crrev.com/30df36c00ceed2a3c800c2f405634b3a3af4a3bb/project-termina/chromeos-base/chromeos-bsp-termina/chromeos-bsp-termina-0.0.1-r2.ebuild [delete] https://crrev.com/8cff3ca99eeffd078c2278e1faec89433258b3bd/project-termina/chromeos-base/chromeos-bsp-termina/files/udev.conf [modify] https://crrev.com/30df36c00ceed2a3c800c2f405634b3a3af4a3bb/project-termina/chromeos-base/chromeos-bsp-termina/files/container-mount.conf
The following revision refers to this bug: https://chromium.googlesource.com/aosp/platform/system/connectivity/shill/+/4baa0da273fa51565aeb6bf661532ccb1c8752a9 commit 4baa0da273fa51565aeb6bf661532ccb1c8752a9 Author: Stephen Barber <smbarber@chromium.org> Date: Fri Apr 21 22:45:40 2017 shill: add "vm" as ignored device prefix for shill VM tap interfaces are managed by the VM hypervisor, and should not be managed by shill. BUG= chromium:703920 TEST=unittests Change-Id: I733e8d42c0e96d9b7c890aebda2610361116004a Reviewed-on: https://chromium-review.googlesource.com/482388 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Ben Chan <benchan@chromium.org> [modify] https://crrev.com/4baa0da273fa51565aeb6bf661532ccb1c8752a9/device_info.cc [modify] https://crrev.com/4baa0da273fa51565aeb6bf661532ccb1c8752a9/device_info.h [modify] https://crrev.com/4baa0da273fa51565aeb6bf661532ccb1c8752a9/device_info_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kvmtool/+/dcf35f1bc76bcb9c16332796a0ada82a636ed02c commit dcf35f1bc76bcb9c16332796a0ada82a636ed02c Author: Stephen Barber <smbarber@chromium.org> Date: Wed May 03 03:24:14 2017 HACK: set up iptables rules after setting up tap device BUG= chromium:703920 TEST=start vm and see that iptables mangle rule has been added Change-Id: Idd832396c9a420c273820bb980e8da9cca53cd82 Reviewed-on: https://chromium-review.googlesource.com/482704 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/dcf35f1bc76bcb9c16332796a0ada82a636ed02c/virtio/net.c
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kvmtool/+/6150fc9128a10211decdb44bf42ac8a04f699a64 commit 6150fc9128a10211decdb44bf42ac8a04f699a64 Author: Stephen Barber <smbarber@chromium.org> Date: Wed May 03 03:24:14 2017 HACK: use vmtap for tap interface name This will keep shill from trying to manage the tap interface. BUG= chromium:703920 TEST=start vm, see that host side tap interface starts with "vmtap" Change-Id: Ide955e35c09a79c1ee4cb7869a331ecc7dd1c707 Reviewed-on: https://chromium-review.googlesource.com/482705 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/6150fc9128a10211decdb44bf42ac8a04f699a64/virtio/net.c
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/4db7c8dbc0eb35b6cb59e22775123d79726430ac commit 4db7c8dbc0eb35b6cb59e22775123d79726430ac Author: Stephen Barber <smbarber@chromium.org> Date: Sun May 07 02:52:25 2017 vm_launcher: add vm_launcher utility vm_launcher is a frontend to kvmtool/crosvm that is meant to simplify the interface for launching a VM. This includes taking care of housekeeping tasks that don't have an appropriate home elsewhere, such as managing available IPv4 subnets and mac addresses. BUG= chromium:703920 TEST=vm_launcher --container=/mnt/stateful_partition/xenial --kvmtool Change-Id: Ibe7e6bd54ab745e47d7104f435e301a9cafea814 Reviewed-on: https://chromium-review.googlesource.com/482447 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Eric Caruso <ejcaruso@chromium.org> [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/pooled_resource.h [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/vm_launcher.gyp [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/vm_launcher.cc [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/constants.h [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/mac_address.h [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/subnet.h [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/subnet.cc [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/mac_address.cc [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/README.md [add] https://crrev.com/4db7c8dbc0eb35b6cb59e22775123d79726430ac/vm_launcher/pooled_resource.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/dfef112c715be58c2a5e44dcdbb26b83daf54eb6 commit dfef112c715be58c2a5e44dcdbb26b83daf54eb6 Author: Stephen Barber <smbarber@chromium.org> Date: Sun May 07 02:52:26 2017 vm_launcher: add initial ebuild BUG= chromium:703920 TEST=emerge-samus vm_launcher CQ-DEPEND=CL:482447 Change-Id: I404e3f3c8ad57245b856a61a1fee51cd45f8c2c9 Reviewed-on: https://chromium-review.googlesource.com/482425 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [add] https://crrev.com/dfef112c715be58c2a5e44dcdbb26b83daf54eb6/chromeos-base/vm_launcher/vm_launcher-9999.ebuild
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/316efae3368224308324e80c4fe7e0b0531e3e7c commit 316efae3368224308324e80c4fe7e0b0531e3e7c Author: Stephen Barber <smbarber@chromium.org> Date: Thu Jul 13 18:44:37 2017 target-chromium-os: add vm_launcher dep for USE=kvm_host BUG= chromium:703920 TEST=emerge-samus target-chromium-os Change-Id: Ifc48bb10077b2669892eca75ae66530244b75dc3 Reviewed-on: https://chromium-review.googlesource.com/508243 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/316efae3368224308324e80c4fe7e0b0531e3e7c/virtual/target-chromium-os/target-chromium-os-1.ebuild [rename] https://crrev.com/316efae3368224308324e80c4fe7e0b0531e3e7c/virtual/target-chromium-os/target-chromium-os-1-r70.ebuild
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/91f2242edc76c602c491c244ede8b8918321c4dc commit 91f2242edc76c602c491c244ede8b8918321c4dc Author: Stephen Barber <smbarber@chromium.org> Date: Sat Jul 22 04:24:11 2017 chromeos-nat-init: add initial ebuild Add a service for setting up IP forwarding and setting up a NAT for interested clients. This was previously handled by cheets during its bridge setup, but factoring it out allows termina to also NAT its traffic without necessarily depending on cheets scripts being installed. BUG= chromium:703920 TEST=emerge-samus chromeos-nat-init Change-Id: I561f61e3e789d104ea4b8f1b112eebc8fc552b31 Reviewed-on: https://chromium-review.googlesource.com/580569 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [add] https://crrev.com/91f2242edc76c602c491c244ede8b8918321c4dc/chromeos-base/chromeos-nat-init/files/nat.conf [add] https://crrev.com/91f2242edc76c602c491c244ede8b8918321c4dc/chromeos-base/chromeos-nat-init/chromeos-nat-init-0.0.1-r1.ebuild [add] https://crrev.com/91f2242edc76c602c491c244ede8b8918321c4dc/chromeos-base/chromeos-nat-init/chromeos-nat-init-0.0.1.ebuild
The following revision refers to this bug: https://chrome-internal.googlesource.com/chromeos/overlays/project-cheets-private/+/5721b631095b1b314cfc19c159209598f0b84dca commit 5721b631095b1b314cfc19c159209598f0b84dca Author: Stephen Barber <smbarber@chromium.org> Date: Sat Jul 22 09:46:00 2017
The following revision refers to this bug: https://chrome-internal.googlesource.com/chromeos/cheets-scripts/+/5eef2074fe1e9545f63e8ab19900e983048f971e commit 5eef2074fe1e9545f63e8ab19900e983048f971e Author: Stephen Barber <smbarber@chromium.org> Date: Sat Jul 22 09:46:00 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/crosvm/+/d579e3cd49c50bd06465c277f030ada3217e2a24 commit d579e3cd49c50bd06465c277f030ada3217e2a24 Author: Stephen Barber <smbarber@chromium.org> Date: Wed Aug 09 18:47:55 2017 crosvm: rename Net virtio device to VhostNet BUG= chromium:703920 TEST=networking still works Change-Id: I28517cc61a572998cd57868c2dbccec247140a58 Signed-off-by: Stephen Barber <smbarber@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/604936 Reviewed-by: Zach Reizner <zachr@chromium.org> [rename] https://crrev.com/d579e3cd49c50bd06465c277f030ada3217e2a24/vhost_net_device.policy [modify] https://crrev.com/d579e3cd49c50bd06465c277f030ada3217e2a24/src/main.rs [modify] https://crrev.com/d579e3cd49c50bd06465c277f030ada3217e2a24/src/hw/virtio/mod.rs [rename] https://crrev.com/d579e3cd49c50bd06465c277f030ada3217e2a24/src/hw/virtio/vhost_net.rs
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/6e43875e4e29182c7a76d62f64bda2210a60041b commit 6e43875e4e29182c7a76d62f64bda2210a60041b Author: Stephen Barber <smbarber@chromium.org> Date: Wed Aug 16 03:21:04 2017 chromeos-termina-scripts: add ebuild behind kvm_host USE flag This adds an init script to enable NAT for vm interfaces. BUG= chromium:703920 TEST=USE=kvm_host emerge-samus chromeos-termina-scripts Change-Id: I4ff60d42df3b60f2b18758b4370ee593ed47351b Reviewed-on: https://chromium-review.googlesource.com/447880 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Stephen Barber <smbarber@chromium.org> [rename] https://crrev.com/6e43875e4e29182c7a76d62f64bda2210a60041b/virtual/target-chromium-os/target-chromium-os-1-r73.ebuild [add] https://crrev.com/6e43875e4e29182c7a76d62f64bda2210a60041b/chromeos-base/chromeos-termina-scripts/chromeos-termina-scripts-0.0.1.ebuild [modify] https://crrev.com/6e43875e4e29182c7a76d62f64bda2210a60041b/virtual/target-chromium-os/target-chromium-os-1.ebuild [add] https://crrev.com/6e43875e4e29182c7a76d62f64bda2210a60041b/chromeos-base/chromeos-termina-scripts/chromeos-termina-scripts-0.0.1-r1.ebuild [add] https://crrev.com/6e43875e4e29182c7a76d62f64bda2210a60041b/chromeos-base/chromeos-termina-scripts/files/vm-nat.conf
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/crosvm/+/5e77e88062c65463a98d1c58ba9646e99b47d80f commit 5e77e88062c65463a98d1c58ba9646e99b47d80f Author: Stephen Barber <smbarber@chromium.org> Date: Wed Aug 16 14:48:27 2017 crosvm: add pure virtio net device While vhost_net can provide better performance than a userspace virtio device, it also requires a kernel module to function. This also prevents jailing the virtio device, since virtqueue operations (which necessarily touch guest memory) will be running directly in the kernel. Add a userspace virtio net device that can be jailed and works without vhost support in the kernel. BUG= chromium:703920 TEST=networking works Change-Id: I468114b48abd8e30e967ff16329a5dce6a75018f Signed-off-by: Stephen Barber <smbarber@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/604937 Reviewed-by: Dylan Reid <dgreid@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org> [modify] https://crrev.com/5e77e88062c65463a98d1c58ba9646e99b47d80f/src/main.rs [add] https://crrev.com/5e77e88062c65463a98d1c58ba9646e99b47d80f/src/hw/virtio/net.rs [modify] https://crrev.com/5e77e88062c65463a98d1c58ba9646e99b47d80f/src/hw/virtio/mod.rs [add] https://crrev.com/5e77e88062c65463a98d1c58ba9646e99b47d80f/net_device.policy
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/7aeaeaa36ae339d56a85a9f9124fb297ebf647a0 commit 7aeaeaa36ae339d56a85a9f9124fb297ebf647a0 Author: Stephen Barber <smbarber@chromium.org> Date: Fri Sep 08 22:05:14 2017 termina: target-termina-os: add iproute2, curl, and wget iproute2 is necessary on base images for setting up veth interfaces. curl/wget are useful on dev images for testing. BUG= chromium:703920 TEST=ip addr show Change-Id: I3ced7369e1915494491b9b7eedad67c1cc9afe04 Reviewed-on: https://chromium-review.googlesource.com/656977 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/7aeaeaa36ae339d56a85a9f9124fb297ebf647a0/project-termina/virtual/target-termina-os/target-termina-os-1.5.ebuild [rename] https://crrev.com/7aeaeaa36ae339d56a85a9f9124fb297ebf647a0/project-termina/virtual/target-termina-os-dev/target-termina-os-dev-1.5-r6.ebuild [modify] https://crrev.com/7aeaeaa36ae339d56a85a9f9124fb297ebf647a0/project-termina/virtual/target-termina-os-dev/target-termina-os-dev-1.5.ebuild [rename] https://crrev.com/7aeaeaa36ae339d56a85a9f9124fb297ebf647a0/project-termina/virtual/target-termina-os/target-termina-os-1.5-r7.ebuild
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/3069b8b9061c70a0427f00fd36a0878e3c44a0d2 commit 3069b8b9061c70a0427f00fd36a0878e3c44a0d2 Author: Stephen Barber <smbarber@chromium.org> Date: Sat Sep 09 00:36:03 2017 CHROMIUM: x86: configs: enable NAT for containers Signed-off-by: Stephen Barber <smbarber@chromium.org> BUG= chromium:703920 TEST=emerge-tatl chromeos-kernel-4_4 Change-Id: Ic77604bbbe24f2c3d2d935bcc6a5dfde23a31c1c Reviewed-on: https://chromium-review.googlesource.com/656572 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/3069b8b9061c70a0427f00fd36a0878e3c44a0d2/arch/x86/configs/chromiumos-container-vm-x86_64_defconfig
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/board-overlays/+/3a1fae16d6b8c470f698a462fca4d10d20ddd1fb commit 3a1fae16d6b8c470f698a462fca4d10d20ddd1fb Author: Stephen Barber <smbarber@chromium.org> Date: Fri Sep 15 05:25:00 2017 termina: chromeos-bsp-termina: add network hook script Add a network hook for network namespaces in containers. This sets up a veth pair, configures both interfaces, and enables NAT/DNAT. BUG= chromium:703920 TEST=Run web server in container in VM. Host can access web server, and container can access Internet. Change-Id: I9c322cf2c883d588d2e11c00ea99e5a97ccdd281 Reviewed-on: https://chromium-review.googlesource.com/656978 Commit-Ready: Stephen Barber <smbarber@chromium.org> Tested-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> [add] https://crrev.com/3a1fae16d6b8c470f698a462fca4d10d20ddd1fb/project-termina/chromeos-base/chromeos-bsp-termina/files/hook_prestart_network.sh [modify] https://crrev.com/3a1fae16d6b8c470f698a462fca4d10d20ddd1fb/project-termina/chromeos-base/chromeos-bsp-termina/chromeos-bsp-termina-0.0.1.ebuild [rename] https://crrev.com/3a1fae16d6b8c470f698a462fca4d10d20ddd1fb/project-termina/chromeos-base/chromeos-bsp-termina/chromeos-bsp-termina-0.0.1-r7.ebuild
Good enough to start with.
Comment 1 by smbar...@chromium.org
, Mar 27 2017