diff options
| author | Stefan Hajnoczi <stefanha@redhat.com> | 2025-03-23 11:03:49 -0400 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2025-03-23 11:03:49 -0400 |
| commit | 330ad56b13bd9794550e2e859ce6cede3e22cbcf (patch) | |
| tree | 5d71a1531ba8633443149260da50849c2881d791 | |
| parent | 3907add7a6016401e58e8dbe5b2ddfa06cd1f66a (diff) | |
| parent | a028e04c89ea782f03c78db438239cfb7a47b4e9 (diff) | |
| download | qemu-330ad56b13bd9794550e2e859ce6cede3e22cbcf.zip qemu-330ad56b13bd9794550e2e859ce6cede3e22cbcf.tar.gz qemu-330ad56b13bd9794550e2e859ce6cede3e22cbcf.tar.bz2 | |
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2025-03-21
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmfdIHgACgkQgqpKJDse
# lHgPChAAmwahVIuN3PQOEZxCYC91vwB7hu1ANCF1C96YIP1A4ybCeglkEtUPLgZn
# Jn7u5xzyOaIG5chlRxrc6mEq/AbYPj3N76rcBpX1XZiCabI7kqkiPShrOXL0FEK/
# +ULGv50D8cPMYHBWKrlgUOXo3LLrXDw4ct0DwdGDSy4O13raN2yAxnmui2KADnfX
# 9jszAspeELWgMXStBqobzMNL2SZy2n0BXBYMGWyrUOrzs0zDmQ0p5z12NwlN+ecg
# vChAF83Rk96rMRJ1Mx9Ewaf5ydAs1OwZk1HQO72+jKabUrJM111w/EJABPJFv9pY
# jhJgbQjUxXFmEdKHWtbrExrSAPOjzRlxG3Z3WDnM+W6zLrI7siDgxNrGbEuDo9ve
# 4DT8ldUuRkr4d1SwUq257RGu+qzTm2WvW7mkraCt+0NAPQNCZ22oZM7E79uKKv81
# 2XNKWr/0uElgUVgb+wOh0IWcCt8PDV4dkM8ivGNFmbP+z7+ckIJtXtWpD7/sHIzb
# zlMyUtbk7iDDqP7IwOiB19alcKHojOTeyXQAs/eZmnR8K0Rh6DaBYs5pMmVgou38
# 746POQteXsf78KzXCBG88WqbbI1cxZH8me9byFB9BRlTTVG/qo90OIzk+/A1x7uv
# 4uiVuzMcBtV3fp6r47V5Ru2HGonZAuaTbzTcWeJJ6rPm23MGNXg=
# =nng2
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 21 Mar 2025 04:16:56 EDT
# gpg: using RSA key 64AA2AB531D56903366BFEF982AA4A243B1E9478
# gpg: Good signature from "Michael Tokarev <mjt@debian.org>" [unknown]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [unknown]
# gpg: aka "Michael Tokarev <mjt@tls.msk.ru>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E
# Subkey fingerprint: 64AA 2AB5 31D5 6903 366B FEF9 82AA 4A24 3B1E 9478
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
mailmap: Update email address for Akihiko Odaki
docs: Explain how to use passt
Makefile: "make dist" generates a .xz, not .bz2
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| -rw-r--r-- | .mailmap | 1 | ||||
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | docs/system/devices/net.rst | 100 |
3 files changed, 104 insertions, 3 deletions
@@ -67,6 +67,7 @@ Andrey Drobyshev <andrey.drobyshev@virtuozzo.com> Andrey Drobyshev via <qemu-blo BALATON Zoltan <balaton@eik.bme.hu> BALATON Zoltan via <qemu-ppc@nongnu.org> # Next, replace old addresses by a more recent one. +Akihiko Odaki <akihiko.odaki@daynix.com> <akihiko.odaki@gmail.com> Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> <aleksandar.markovic@mips.com> Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> <aleksandar.markovic@imgtec.com> Aleksandar Markovic <aleksandar.qemu.devel@gmail.com> <amarkovic@wavecomp.com> @@ -207,10 +207,10 @@ clean: recurse-clean VERSION = $(shell cat $(SRC_PATH)/VERSION) -dist: qemu-$(VERSION).tar.bz2 +dist: qemu-$(VERSION).tar.xz -qemu-%.tar.bz2: - $(SRC_PATH)/scripts/make-release "$(SRC_PATH)" "$(patsubst qemu-%.tar.bz2,%,$@)" +qemu-%.tar.xz: + $(SRC_PATH)/scripts/make-release "$(SRC_PATH)" "$(patsubst qemu-%.tar.xz,%,$@)" distclean: clean recurse-distclean -$(quiet-@)test -f build.ninja && $(NINJA) $(NINJAFLAGS) -t clean -g || : diff --git a/docs/system/devices/net.rst b/docs/system/devices/net.rst index 2ab516d..a3efbdc 100644 --- a/docs/system/devices/net.rst +++ b/docs/system/devices/net.rst @@ -77,6 +77,106 @@ When using the ``'-netdev user,hostfwd=...'`` option, TCP or UDP connections can be redirected from the host to the guest. It allows for example to redirect X11, telnet or SSH connections. +Using passt as the user mode network stack +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +passt_ can be used as a simple replacement for SLIRP (``-net user``). +passt doesn't require any capability or privilege. passt has +better performance than ``-net user``, full IPv6 support and better security +as it's a daemon that is not executed in QEMU context. + +passt can be connected to QEMU either by using a socket +(``-netdev stream``) or using the vhost-user interface (``-netdev vhost-user``). +See `passt(1)`_ for more details on passt. + +.. _passt: https://passt.top/ +.. _passt(1): https://passt.top/builds/latest/web/passt.1.html + +To use socket based passt interface: +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Start passt as a daemon:: + + passt --socket ~/passt.socket + +If ``--socket`` is not provided, passt will print the path of the UNIX domain socket QEMU can connect to (``/tmp/passt_1.socket``, ``/tmp/passt_2.socket``, +...). Then you can connect your QEMU instance to passt: + +.. parsed-literal:: + |qemu_system| [...OPTIONS...] -device virtio-net-pci,netdev=netdev0 -netdev stream,id=netdev0,server=off,addr.type=unix,addr.path=~/passt.socket + +Where ``~/passt.socket`` is the UNIX socket created by passt to +communicate with QEMU. + +To use vhost-based interface: +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Start passt with ``--vhost-user``:: + + passt --vhost-user --socket ~/passt.socket + +Then to connect QEMU: + +.. parsed-literal:: + |qemu_system| [...OPTIONS...] -m $RAMSIZE -chardev socket,id=chr0,path=~/passt.socket -netdev vhost-user,id=netdev0,chardev=chr0 -device virtio-net,netdev=netdev0 -object memory-backend-memfd,id=memfd0,share=on,size=$RAMSIZE -numa node,memdev=memfd0 + +Where ``$RAMSIZE`` is the memory size of your VM ``-m`` and ``-object memory-backend-memfd,size=`` must match. + +Migration of passt: +^^^^^^^^^^^^^^^^^^^ + +When passt is connected to QEMU using the vhost-user interface it can +be migrated with QEMU and the network connections are not interrupted. + +As passt runs with no privileges, it relies on passt-repair to save and +load the TCP connections state, using the TCP_REPAIR socket option. +The passt-repair helper needs to have the CAP_NET_ADMIN capability, or run as root. If passt-repair is not available, TCP connections will not be preserved. + +Example of migration of a guest on the same host +________________________________________________ + +Before being able to run passt-repair, the CAP_NET_ADMIN capability must be set +on the file, run as root:: + + setcap cap_net_admin+eip ./passt-repair + +Start passt for the source side:: + + passt --vhost-user --socket ~/passt_src.socket --repair-path ~/passt-repair_src.socket + +Where ``~/passt-repair_src.socket`` is the UNIX socket created by passt to +communicate with passt-repair. The default value is the ``--socket`` path +appended with ``.repair``. + +Start passt-repair:: + + passt-repair ~/passt-repair_src.socket + +Start source side QEMU with a monitor to be able to send the migrate command: + +.. parsed-literal:: + |qemu_system| [...OPTIONS...] [...VHOST USER OPTIONS...] -monitor stdio + +Start passt for the destination side:: + + passt --vhost-user --socket ~/passt_dst.socket --repair-path ~/passt-repair_dst.socket + +Start passt-repair:: + + passt-repair ~/passt-repair_dst.socket + +Start QEMU with the ``-incoming`` parameter: + +.. parsed-literal:: + |qemu_system| [...OPTIONS...] [...VHOST USER OPTIONS...] -incoming tcp:localhost:4444 + +Then in the source guest monitor the migration can be started:: + + (qemu) migrate tcp:localhost:4444 + +A separate passt-repair instance must be started for every migration. In the case of a failed migration, passt-repair also needs to be restarted before trying +again. + Hubs ~~~~ |