Add --enable-isolation option

Vmnet provides an option to isolate vment guests. Supporting it is trivial so lets add it. /*! * @constant vmnet_enable_isolation_key * Enable isolation for this interface. Interface isolation ensures that * network communication between multiple vmnet_interface instances is * not possible. */ extern const char * vmnet_enable_isolation_key API_AVAILABLE(macos(11.0)) API_UNAVAILABLE(ios, watchos, tvos); The isolation feature seems to be broken. vmnet_start_interface() fails with both "shared" and "bridged" modes: ERROR [main] vmnet_start_interface: VMNET_FAILURE
nirs · Feb 12, 2025 · fc6fae2 · fc6fae2
1 parent 19790ce
commit fc6fae2
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 1 deletion.
diff --git a/example b/example
@@ -122,6 +122,11 @@ def main():
         "--shared-interface",
         help="vmnet shared interface, required for --operation-mode=bridged",
     )
+    p.add_argument(
+        "--enable-isolation",
+        action="store_true",
+        help="Isolate the guest from other guests on the vmnet interface",
+    )
     p.add_argument(
         "--vmnet-offload",
         choices=["auto", "on", "off"],
@@ -310,6 +315,9 @@ def start_helper(args, fd=None, socket=None):
     if args.shared_interface:
         cmd.append(f"--shared-interface={args.shared_interface}")
 
+    if args.enable_isolation:
+        cmd.append("--enable-isolation")
+
     if args.verbose:
         cmd.append("--verbose")
 

diff --git a/helper.c b/helper.c
@@ -256,6 +256,7 @@ static void start_host_interface(void)
 
     xpc_dictionary_set_bool(desc, vmnet_enable_tso_key, options.enable_tso);
     xpc_dictionary_set_bool(desc, vmnet_enable_checksum_offload_key, options.enable_checksum_offload);
+    xpc_dictionary_set_bool(desc, vmnet_enable_isolation_key, options.enable_isolation);
 
     dispatch_semaphore_t completed = dispatch_semaphore_create(0);
 

diff --git a/options.c b/options.c
@@ -29,7 +29,7 @@ static void usage(int code)
 "    vmnet-helper (--fd FD|--socket SOCKET) [--interface-id UUID]\n"
 "                 [--operation-mode shared|bridged|host] [--shared-interface NAME]\n"
 "                 [--start-address ADDR] [--end-address ADDR] [--subnet-mask MASK]\n"
-"                 [--enable-tso] [--enable-checksum-offload]\n"
+"                 [--enable-tso] [--enable-checksum-offload] [--enable-isolation]\n"
 "                 [-v|--verbose] [--version] [-h|--help]\n"
 "\n";
     fputs(msg, stderr);
@@ -44,6 +44,7 @@ enum {
     OPT_SUBNET_MASK,
     OPT_ENABLE_TSO,
     OPT_ENABLE_CHECKSUM_OFFLOAD,
+    OPT_ENABLE_ISOLATION,
     OPT_VERSION,
 };
 
@@ -60,6 +61,7 @@ static struct option long_options[] = {
     {"subnet-mask",             required_argument,  0,  OPT_SUBNET_MASK},
     {"enable-tso",              no_argument,        0,  OPT_ENABLE_TSO},
     {"enable-checksum-offload", no_argument,        0,  OPT_ENABLE_CHECKSUM_OFFLOAD},
+    {"enable-isolation",        no_argument,        0,  OPT_ENABLE_ISOLATION},
     {"verbose",                 no_argument,        0,  'v'},
     {"version",                 no_argument,        0,  OPT_VERSION},
     {"help",                    no_argument,        0,  'h'},
@@ -195,6 +197,9 @@ void parse_options(struct options *opts, int argc, char **argv)
         case OPT_ENABLE_CHECKSUM_OFFLOAD:
             opts->enable_checksum_offload = true;
             break;
+        case OPT_ENABLE_ISOLATION:
+            opts->enable_isolation = true;
+            break;
         case 'v':
             verbose = true;
             break;

diff --git a/options.h b/options.h
@@ -16,6 +16,7 @@ struct options {
     const char *end_address;
     const char *subnet_mask;
     const char *shared_interface;
+    bool enable_isolation;
     bool enable_tso;
     bool enable_checksum_offload;
     uid_t uid;