Conversation
| [Softnet](https://github.com/cirruslabs/softnet) (via `tart run --net-softnet <VM NAME>)`, then the network isolation | ||
| is stricter and it's not possible to access the host. | ||
|
|
||
| ## Using externally managed networking (`--net-fd`) |
There was a problem hiding this comment.
Since the --net-fd option is hidden for now, what do you think about entirely skipping the FAQ entry for it too?
| init(fd: Int32) throws { | ||
| self.fd = fd | ||
|
|
||
| try Self.validateFD(fd) |
There was a problem hiding this comment.
Since getsockopt(2) used in validateSocketType() already returns ENOTSOCK, do you think we can just drop validateFD(fd) for simplicity's sake?
| import XCTest | ||
| @testable import tart | ||
|
|
||
| final class RunNetworkValidationTests: XCTestCase { |
There was a problem hiding this comment.
Do you think this test suite is useful in the long-run?
|
|
||
| if getsockopt(fd, SOL_SOCKET, SO_TYPE, &socketType, &optionLength) == -1 { | ||
| throw RuntimeError.VMConfigurationError( | ||
| "invalid --net-fd \(fd): file descriptor must reference a socket (\(errnoDescription(errno)))" |
There was a problem hiding this comment.
getsockopt(2) may return an error for other reasons than just ENOTSOCK.
The easiest fix is to probably return an error as is, without adding our very specific explanation.
| } | ||
|
|
||
| private static func errnoDescription(_ code: CInt) -> String { | ||
| String(cString: strerror(code)) |
There was a problem hiding this comment.
Is this any better than simply using Errno(rawValue: CInt(errno)) directly after system error, the approach which we already use in the rest of the codebase?
2 participants
Summary
--net-fdoption totart run, validate mutual exclusion with other network flags, and pull in aNetworkFDimplementation when presentNetworkFDto validate a connected datagram socket FD, provide theVZFileHandleNetworkDeviceAttachment, and keep run/stop as no-opsNetworkFDbehavior with testsTesting