qemu & dedicated nic + macvtap

docs ini memahas solusi agar bisa akses tap (dari vm) tetapi hw yang diakses adalah nic asli, diusahakan tanpa bridge dan NAT NAT

ADA 2 strategi

add iface fisik ke bridge, lalu attach bridge tersebut ke vm.
pakai macvtap, dengan cara meredirect packet yang datang, ke arah tap device menggunakan fd (file descriptor). kita akan (ab)use option -net tap di qemu

strategi lain (tidak direkomendasikan, diluar topik macvtap)

membuat virtual eth pair, redirect pakai iptables
pakai -netdev user (somewhat slow, need triage)

normal

bagian ini tanpa macvtap ataupun hal hal lain dahulu, pure qemu bridging

configuration

eth1: mostly WAN
eth2: tap

qemu-system-x86_64 \
    -enable-kvm \
    -smp 4 -m 256M \
    -drive file=chr7.qcow2,format=qcow2 \
    -boot order=d \
    -net user,hostfwd=tcp::8291-:8291,hostfwd=tcp::10022-:22 \
    -net nic \
    -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
    -device virtio-net-pci,netdev=net0,mac=02:11:2a:3b:ff:c3 \
    -nographic

qemu-system-x86_64 \
	-name guest=ubuntu22.04 \
	-machine type=pc,accel=kvm \
	-cpu host -m 4G -smp 4 \
	-enable-kvm \
	-boot order=d \
	-drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
	-drive if=pflash,format=raw,file=OVMF_VARS_ubuntu_server_gpt.4m.fd \
	-drive file=ubuntu-server.img,format=qcow2 \
	-netdev user,id=net0,hostfwd=tcp::20022-:22,hostfwd=tcp::10000-:5432,hostfwd=tcp::10302-:10302 \
	-device virtio-net-pci,netdev=net0 \
	-netdev tap,id=net1,ifname=tap1,script=no,downscript=no \
	-device virtio-net-pci,netdev=net1,mac=02:11:2a:3b:aa:c4 \
	-nographic

network stack note:

ens3: come from qemu bridge (for ssh purpose)
ens4: come from tap1 (connected to bridge, internal lan)

netplan configuration

network:
  version: 2
  ethernets:
    ens4:
      addresses:
        - 192.168.1.2/24
      routes:
        - to: default
          via: 192.168.1.1
    ens3:
      dhcp4: true

// ip a 

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic ens3
       valid_lft 86314sec preferred_lft 86314sec
    inet6 fec0::5054:ff:fe12:3456/64 scope site dynamic mngtmpaddr noprefixroute 
       valid_lft 86317sec preferred_lft 14317sec
    inet6 fe80::5054:ff:fe12:3456/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 02:11:2a:3b:aa:c4 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 192.168.1.2/24 brd 192.168.1.255 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 fe80::11:2aff:fe3b:aac4/64 scope link 
       valid_lft forever preferred_lft forever

Fadhil Journal & Notes

qemu & dedicated nic + macvtap

normal