Feature Request: Support for disabling DHCP on `vmnet-host` networks

[pallotron]

Hello,

I am developing a virtual lab to test our PXE boot provisioning stack, and I've found socket_vmnet to be a very promising tool as it avoides me to run qemu with sudo. However, I've run into an issue where the DHCP server provided by socket_vmnet (more like by MacOS vmnet framework) conflicts with the custom DHCP server required for my setup.

Use Case

My lab environment consists of:

1. A "Provisioning" VM: This VM runs dhcpd, tftpd, and nginx. It's configured with two network interfaces:

   • One on a user type network for internet access.
   • One on a vmnet-host network, where its DHCP server provides addresses and routing for client VMs.

2. Multiple "Client" VMs: These VMs connect exclusively to the vmnet-host network and are intended to be provisioned by the main VM.

The Problem

The built-in DHCP server on the vmnet-host network (I believe it's bootp from MacOS) conflicts with the one running on my Provisioning VM. For my use case to work, I need a way to create a vmnet-host network without an active DHCP server.

Comparison with QEMU

I've found that QEMU's native vmnet support handles this scenario perfectly via the net-uuid parameter. As the QEMU help text explains, providing a UUID disables the built-in DHCP server and allows multiple VMs to communicate on an isolated network segment. This is what you find in the qemu-system-* --help:

❯ qemu-system-aarch64 --help | grep vmnet-host -A10
-netdev vmnet-host,id=str[,isolated=on|off][,net-uuid=uuid]
         [,start-address=addr,end-address=addr,subnet-mask=mask]
                configure a vmnet network backend in host mode with ID 'str',
                isolate this interface from others with 'isolated',
                configure the address range and choose a subnet mask,
                specify network UUID 'uuid' to disable DHCP and interact with
                vmnet-host interfaces within this isolated network

This allows me to successfully run my lab with the following QEMU configuration:

Provisioning VM:
net0 is a user network, net1 with net-uuid uses vmnet-host and disables dhcp:

    -device virtio-net-pci,netdev=net0
    -netdev user,id=net0,hostfwd=tcp::2222-:22
    -device virtio-net-pci,netdev=net1,mac=00:00:DE:AD:BE:EF
    -netdev vmnet-host,id=net1,net-uuid=99eddb74-3193-48e3-bafb-b3ca99e949c1

Client VM:
the client VM only has the net1 network, wiht net-uuid to disable dhcp:

    -device virtio-net-pci,netdev=net1,mac=12:23:bd:8f:df:2b
    -netdev vmnet-host,id=net1,net-uuid=99eddb74-3193-48e3-bafb-b3ca99e949c1

Proposal

I would greatly prefer to use socket_vmnet to avoid the need for sudo and to simplify network management. Would it be possible to add a feature to disable the DHCP server on vmnet-host networks, perhaps by exposing the underlying net-uuid functionality?

We can check how QEMU does this.

Thank you for creating such a useful project and for considering this request!

[pallotron]

this is what QEMU does:

https://github.com/qemu/qemu/blob/eb7abb4a719f93ddd56571bf91681044b4159399/net/vmnet-host.c#L47-L81

MacOS vmnet framework has a new vmnet_network_configuration_disable_dhcp but it seems it's only on 26.x onward.

https://developer.apple.com/documentation/vmnet/vmnet_network_configuration_disable_dhcp(_:)?language=objc

[pallotron]

uh! I think I got it working:

❯ sudo ./socket_vmnet --vmnet-mode=host "/opt/homebrew/var/run/socket_vmnet"
Password:
WARN | --vmnet-gateway=IP should be explicitly specified to avoid conflicting with other applications
INFO | Initializing vmnet.framework (mode 1000)
INFO | * vmnet_write_max_packets: 256
INFO | * vmnet_read_max_packets: 256
INFO | * vmnet_subnet_mask: 0.0.0.0
INFO | * vmnet_mtu: 1500
INFO | * vmnet_end_address: 255.255.255.254
INFO | * vmnet_start_address: 0.0.0.0
INFO | * vmnet_interface_id: A0A25C7C-46EC-4428-A04C-30359FAC0BF0
INFO | * vmnet_max_packet_size: 1514
INFO | * vmnet_mac_address: 2a:a9:cb:23:e9:37
INFO | Accepted a connection (fd 6)
INFO | Accepted a connection (fd 7)
INFO | Connection closed by peer (fd 7)
INFO | Closing a connection (fd 7)
INFO | Accepted a connection (fd 7)

I used this patch:

diff --git a/main.c b/main.c
index 2506674..ae0e335 100644
--- a/main.c
+++ b/main.c
@@ -237,6 +237,7 @@ static interface_ref start(struct state *state, struct cli_options *cliopt) {
   }

   xpc_dictionary_set_uuid(dict, vmnet_interface_id_key, cliopt->vmnet_interface_id);
+  xpc_dictionary_set_uuid(dict, vmnet_network_identifier_key, cliopt->vmnet_interface_id);

   if (cliopt->vmnet_nat66_prefix != NULL) {
     xpc_dictionary_set_string(dict, vmnet_nat66_prefix_key, cliopt->vmnet_nat66_prefix);

But it probably needs some polishing :)
Probably we need a new optoins --network-uuid to socket_vmnet.

[pallotron]

from /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/vmnet.framework/Headers/vmnet.h:

/*!
 * @constant vmnet_network_identifier_key
 * The identifier (uuid) to uniquely identify the network.
 *
 * This property is only applicable to a vmnet_interface in
 * VMNET_HOST_MODE.
 *
 * If this property is set, the vmnet_interface is added to
 * an isolated network with the specified identifier.
 *
 * No DHCP service is provided on this network.
 */
extern const char * const
vmnet_network_identifier_key API_AVAILABLE(macos(11.0)) API_UNAVAILABLE(ios, watchos, tvos);

[pallotron]

I will be sending a PR soon :)