Skip to content

feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+ #4394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
norio-nomura wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+ #4394

norio-nomura wants to merge 2 commits into from
+1,208 −10

Conversation

@norio-nomura
Copy link
Contributor

@norio-nomura norio-nomura commented Nov 22, 2025

Based on VMNET_SHARED_MODE, and VMNET_HOST_MODE

networks:
- vzShared: true
- vzHost: true

But, to sharing network between multiple VMs, VZVmnetNetworkDeviceAttachment requires VMs are launched by same process.

It depends on Code-Hex/vz#205

@norio-nomura
Copy link
Contributor Author

norio-nomura commented Nov 22, 2025
edited
Loading

Currently, both vzShared and vzHost have almost the same functions as vzNAT.

AkihiroSuda
AkihiroSuda reviewed Nov 22, 2025
View reviewed changes
@AkihiroSuda
Copy link
Member

AkihiroSuda commented Nov 22, 2025

Currently, both vzShared and vzHost have almost the same functions as vzNAT.

Any advantage using them?

@norio-nomura
Copy link
Contributor Author

norio-nomura commented Nov 22, 2025

Currently, both vzShared and vzHost have almost the same functions as vzNAT.

Any advantage using them?

As far as the API is concerned, customization that is not supported by vzNAT should be possible.
https://github.com/Code-Hex/vz/pull/205/files#diff-d7ec6a7a97f55e264883085a4676c2b0a5466a657e0e87312accd40caa67295dR80-R106
I still don't know what can be done with those APIs (including unimplemented).

@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch from 07eebec to 270556e Compare December 3, 2025 07:59
@norio-nomura
Copy link
Contributor Author

norio-nomura commented Dec 3, 2025
edited
Loading

Obsoleted by changes

Added limactl vz-vmnet-shared

It shares VmnetNetwork serialization between VMs using SharedMode.

  • limactl vz-vmnet-shared --enable-mach-service: register Mach service and launch
  • limactl vz-vmnet-shared --enable-mach-service=false: unregister Mach service

When the limactl executable file is updated due to rebuilds, etc., the VM using the serialization data held by the Mach server before the update cannot be booted.
It is necessary to add a version check and restart the service as appropriate.
Also, it seems that it cannot be used with an external vz driver.~~

@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch 2 times, most recently from 81d4cc6 to 57553f8 Compare December 4, 2025 01:54
@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch 4 times, most recently from 433432d to adf5456 Compare December 15, 2025 05:32
@norio-nomura
Copy link
Contributor Author

norio-nomura commented Dec 16, 2025
edited
Loading

In the latest commit, the serialization of VmnetNetwork created with VZ driver (hostagent) is shared with other VMs via limactl vz-vmnet.
However, it was found that when the process that first started (or created?) VmnetNetwork ended, Vmnet would also end. Even if Vmnet is still in use in other VMs, it will end.
It is necessary to change limactl vz-vmnet to start VmnetNetwork and pass serialization to VMs. And with that mechanism, this VmnetNetwork will actually not be available with the external VZ driver that uses another executable file.

@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch from adf5456 to aa15ed7 Compare December 16, 2025 16:09
@norio-nomura
feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+
8ef8be5 
Based on `VMNET_SHARED_MODE`, and `VMNET_HOST_MODE`
```yaml
networks:
- vzShared: true
- vzHost: true
```
But, to sharing network between multiple VMs, `VZVmnetNetworkDeviceAttachment` requires VMs are launched by same process.

It depends on Code-Hex/vz#205

Signed-off-by: Norio Nomura <[email protected]>
@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch 6 times, most recently from 614105f to d560fae Compare December 17, 2025 01:33
@norio-nomura
feat: Add limactl vz-vmnet
4cd78ff 
It provides `VmnetNetwork` serialization to VMs.
`limactl vz-vmnet` takes flags:
- `--enable-mach-service[=true,false]`: register/unregister Mach service to `launchd`
  - It creates a launchd plist under ~/Library/LaunchAgents and bootstraps it.
  - The Mach service "io.lima-vm.vz.vmnet" is registered.
  - The working directory is $LIMA_HOME/_networks/vz-vmnet.
  - It also creates a shell script named "io.lima-vm.vz.vmnet.sh" that runs
    "limactl vz-vmnet" to avoid launching "limactl" directly from launchd.
    macOS System Settings (General > Login Items & Extensions) shows the first
    element of `ProgramArguments` as the login item name; using a shell script with
    a fixed filename makes the item easier to identify.
  - There is no need to register manually because the VZ driver is registered as appropriate.

- `--mach-service=<service name>`: launched as Mach server by `launchd` via `io.lima-vm.vz.vmnet.plist`
  - Launched on demand to connection from VZ driver by `launchd`.
  - Receives a request payload from VZ driver with fields:
    - `Network`: name of the network ("shared", "host", etc)
    - `Configuration`: `[]bytes@ representing `VzNetworkConfig` in JSON.
  - Validates clients are the same executable (cdhash) by using xpc_peer_requirement API.
  - Create `VmnetNetwork` from provided `Configuration` if cached one does not exist.
  - Replies to VZ driver with fields:
    - `Configuration`: If `VmnetNetwork` is cached, it may be created by different configuration.
    - `Serialization`: newly created or cached.
  - Monitors changes of networks
    - When the interface created by `VmnetNetwork` disappears from host, remove them from cache.
    - If all `VmnetNetwork` are removed, `limactl vz-vmnet` exits.

VZ driver (hostagent) does:
- Read `.vz` VzVmnetConfig from `networks.yaml`
- Use them on `- vz: <network>` fields; "shared" and "host" network are predefined.
- Register `limactl vz-vmnet` to `launchd` if not registered.
- Request serialization to the Mach service "io.lima-vm.vz.vmnet".
- Create `VmnetNetwork` by provided serialization, then use them.

Additional changes:
- Because shutdown takes longer on using `VmnetNetwork`:
  - Extend VZ driver's shutdown timeout from 5 seconds to 15 seconds
  - Add `ExitTimeOut` key with 20 seconds to autostart `io.lima-vm.autostart.INSTANCE.plist`
- `lima.yaml`: `- vzShared` and `- vzHost` are renamed to `- vz: shared` and `- vz: host`

Signed-off-by: Norio Nomura <[email protected]>
@norio-nomura norio-nomura force-pushed the use-vz-vmnet-network-device-attachment branch from d560fae to 4cd78ff Compare December 17, 2025 03:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@norio-nomura @AkihiroSuda