Add macOS user-mode networking support

[jserv]

This enables SLIRP (userspace networking) and vmnet backend for macOS, providing both privileged (vmnet) and unprivileged (user) networking options.

• virtio-net: Fix user mode RX/TX/refresh for cross-platform support
• netdev: Add user mode initialization for macOS, fix error handling
• netdev-vmnet: Add vmnet.framework backend (C with Blocks)

User mode (SLIRP) works without sudo on both Linux and macOS. vmnet mode requires sudo but provides better performance.

Tested on macOS 14.6 arm64 - ping successful, 0% packet loss.

Close #33

---

Summary by cubic

Adds macOS networking with a vmnet backend (fast, needs sudo) and user-mode SLIRP (no sudo). Improves virtio-net for cross-platform user mode. Closes #33.

• New Features

  • macOS vmnet backend (shared NAT with DHCP); requires sudo or com.apple.vm.networking entitlement; best performance.
  • macOS user-mode networking via minislirp; runs unprivileged (also works on Linux).
  • Cross-platform virtio-net fixes for RX/TX/refresh to stabilize user-mode networking.
  • Build/CI/script updates: Darwin defaults to vmnet, adds -fblocks and -framework vmnet; conditional sudo tests; detailed networking docs.

• Migration

  • macOS: use sudo make check or -n vmnet for vmnet; use -n user to run without sudo (macOS 11+).
  • Linux: no change; tap still requires sudo, user mode needs no sudo.

[cubic-dev-ai]

3 issues found across 10 files

Prompt for AI agents (all 3 issues)

Understand the root cause of the following 3 issues and fix them.


<file name="netdev.c">

<violation number="1" location="netdev.c:94">
If `net_vmnet_init` fails, this path returns without freeing the vmnet state allocated just above, leaking memory. Consider freeing `netdev-&gt;op` (and nulling it) before returning false so repeated init attempts don&#39;t leak.</violation>
</file>

<file name="virtio-net.c">

<violation number="1" location="virtio-net.c:146">
The vmnet RX path treats a successful vnet_iovec_write() as an overflow, so normal packets are discarded and vmnet networking breaks.</violation>
</file>

<file name=".ci/test-netdev.sh">

<violation number="1" location=".ci/test-netdev.sh:85">
`udhcpc` stays attached to the shell by default; without `-q` it never returns the prompt, so this expect waits the full 600s timeout and the vmnet test hangs/fails. Please make the client exit after acquiring the lease.</violation>
</file>

_{React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.}

[cubic-dev-ai]

1 issue found across 14 files

Prompt for AI agents (all 1 issues)

Understand the root cause of the following 1 issues and fix them.


<file name="docs/networking.md">

<violation number="1" location="docs/networking.md:23">
Bridge mode is marked as supported for macOS vmnet, but the implementation only exposes shared mode today; please document bridge mode as unavailable until the CLI support lands.</violation>
</file>

_{React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.}