-
-
Save networkop/4e04ef70b8c5f96d20cdf73ea32900d1 to your computer and use it in GitHub Desktop.
qemu-macvtap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Prep work | |
| curl -O http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img | |
| cat << EOF > Dockerfile | |
| FROM centos:7 | |
| RUN yum -y install epel-release && \ | |
| yum makecache fast && \ | |
| yum install -y qemu-kvm bridge-utils iproute libvirt libvirt-client genisoimage virt-install telnet tcpdump && \ | |
| yum clean all | |
| COPY cirros-0.5.1-x86_64-disk.img . | |
| COPY entrypoint.sh / | |
| ENTRYPOINT /entrypoint.sh | |
| EOF | |
| cat << EOF > entrypoint.sh | |
| #!/bin/bash | |
| trap : TERM INT; sleep infinity & wait | |
| EOF | |
| ## Image build | |
| docker build -t macvtap . | |
| docker rm -f test | |
| docker run -d -v /dev:/dev --name test --privileged macvtap | |
| docker exec -it test bash | |
| ## Inside the container | |
| ip link show dev eth0 | |
| ip link add link eth0 name macvtap0 type macvtap mode bridge | |
| ip link set dev macvtap0 up | |
| /usr/libexec/qemu-kvm -daemonize \ | |
| -name test \ | |
| -no-user-config -nodefaults \ | |
| -machine pc \ | |
| -enable-kvm \ | |
| -cpu host \ | |
| -display none \ | |
| -serial telnet:0.0.0.0:23,server,nowait \ | |
| -boot order=d,menu=on \ | |
| -drive file=/cirros-0.5.1-x86_64-disk.img,format=qcow2,if=ide \ | |
| -netdev tap,fd=88,id=hostnet0,vhost=on,vhostfd=99 88<>/dev/tap$(cat /sys/class/net/macvtap0/ifindex) 99<>/dev/vhost-net \ | |
| -device virtio-net-pci,netdev=hostnet0,id=net0,mac=$(cat /sys/class/net/macvtap0/address) |
yeah, tried passthru and bridge modes
both modes screwed me over =)
…On Fri, Feb 12, 2021 at 4:17 PM Michael Kashin ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
hm... have you tried a different macvtap mode?
The default "bridge" mode may use the standard Linux bridge under the hood.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://gist.github.com/4e04ef70b8c5f96d20cdf73ea32900d1#gistcomment-3629294>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABLKV5KJRAIY3PYW2DBXWYDS6VA7HANCNFSM4XAXKGCA>
.
@hellt have you seen this? "Using tc redirect to connect a virtual machine to a container network · GitHub" https://gist.github.com/mcastelino/7d85f4164ffdaf48242f9281bb1d0f9b
Interesting, worth trying if layer2 frames are transparently passing.
Have you tried it?
…On Sat, 20 Feb 2021, 09:29 Michael Kashin, ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
@hellt <https://github.com/hellt> have you seen this? "Using tc redirect
to connect a virtual machine to a container network · GitHub"
https://gist.github.com/mcastelino/7d85f4164ffdaf48242f9281bb1d0f9b
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://gist.github.com/4e04ef70b8c5f96d20cdf73ea32900d1#gistcomment-3638209>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABLKV5MGJ6A3J3HKBHTLFV3S75XH3ANCNFSM4XAXKGCA>
.
no, haven't tried it, just stumbled across it by accident, thought you'd find it interesting
I noticed 'ip' in the filter rule, which likely means only ip packets will
get mirrored.
Uh, why it can't be L2 :(
…On Sat, 20 Feb 2021, 10:02 Michael Kashin, ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
no, haven't tried it, just stumbled across it by accident, thought you'd
find it interesting
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://gist.github.com/4e04ef70b8c5f96d20cdf73ea32900d1#gistcomment-3638224>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABLKV5L6YS63FMOM2ZYW3BDS753DTANCNFSM4XAXKGCA>
.
that account's got a lot of interesting gists, like this one https://gist.github.com/mcastelino/fb841c7e7d26b08240e0a19d3b95c0a7 showing the use of trace-cmd
I noticed 'ip' in the filter rule,
where?
it seems like it was build for packet mirroring, link, which most likely means it'll redirect all packets
where?
mislooked. I was reading the original post where he saw this technique for the first time, and it was using ip protocol match.
but indeed in his pasting he uses all which should be all frames. Will test it.
Thanks, that might be a groundbreaking approach if it works
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hm... have you tried a different macvtap mode?
The default "bridge" mode may use the standard Linux bridge under the hood.