Skip to content

feat(vmm): add bridge networking support #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kvinwang merged 12 commits into from
Feb 2, 2026
Merged

feat(vmm): add bridge networking support #487

kvinwang merged 12 commits into from
Feb 2, 2026

Conversation

@kvinwang
Copy link
Collaborator

@kvinwang kvinwang commented Feb 2, 2026
edited
Loading

Summary

  • Add bridge networking mode for VMs with TAP/macvtap devices
  • Implement userspace TCP/UDP port forwarding for bridge-mode VMs
  • Add DHCP lease PRPC API for querying VM IP addresses
  • Add info command and instance_id to vmm-cli
  • Fix passt port spec parsing for large port lists
  • Add bridge setup script and documentation
  • Add forward_service_enabled config flag (default false, must be explicit in vmm.toml)

Changes

  • vmm/: Bridge networking config, QEMU TAP/macvtap support, port forwarding integration
  • port-forward/: New crate for userspace TCP/UDP port forwarding
  • scripts/setup-bridge.sh: Host bridge setup automation
  • docs/bridge-networking.md: Bridge networking guide with DHCP notification and firewall rules
  • vmm/src/vmm-cli.py: Add info command with instance_id display

Test results

  • Deploy VM in bridge mode — VM gets DHCP lease via dstack-br0 (IP 10.20.0.79, MAC 52:54:00:57:99:2f)
  • QEMU correctly uses -netdev bridge,br=dstack-br0 for bridge-mode VMs
  • Existing bridge-mode TEE CVMs continue running on the same VMM build
  • forward_service_enabled = false correctly disables port forwarding

kvinwang added 12 commits February 2, 2026 07:47
@kvinwang
fix(vmm): pass passt port specs individually to avoid parser limit
53a021b 
Use separate --tcp-ports/--udp-ports arguments per port spec instead
of comma-joining them, which could exceed passt's argument parser limit
with large port ranges.
@kvinwang
feat(vmm): add info command and instance_id to vmm-cli
3548289 
Add 'info' subcommand showing detailed VM information including
instance ID, app URL, boot progress, and recent events. Also show
instance_id column in verbose lsvm output.
@kvinwang
vmm: Add bridge networking support
99b1788
@kvinwang
feat(vmm): add userspace port forwarding for bridge-mode VMs
21fa320 
Introduce dstack-port-forward crate with TCP (splice zero-copy with
fallback) and UDP forwarding. Integrate ForwardService into VMM to
dynamically manage port forwarding rules when bridge-mode guests
report their eth0 IP via the network.eth0 vsock event.

Key changes:
- New port-forward crate with ForwardService for dynamic rule add/remove
- Guest reports eth0 IP in dstack-prepare.sh via dstack-util notify-host
- VMM persists guest IP to disk and hot-reloads forwarding rules
- On VMM restart, forwarding is restored from persisted guest IPs
- guest-agent now includes eth0 interfaces in network info API
@kvinwang
feat(vmm): add DHCP lease PRPC API and refactor networking config
081ab50 
Replace guest-side IP reporting with a DHCP server-side ReportDhcpLease
PRPC endpoint. The VMM resolves MAC→VM via deterministic MAC derivation
and reconfigures port forwarding on lease events.

Refactor Networking from a tagged enum to a flat struct with a
NetworkingMode enum, so shared fields (bridge name, mac_prefix) are
accessible regardless of mode. Add mac_prefix config (0-3 hex bytes)
for deterministic MAC generation, now applied to all networking modes.
@kvinwang
docs(vmm): update bridge networking guide with DHCP notification and …
054e088 
…firewall rules

Add dhcp-notify.sh script integration, nftables firewall rules for
standalone bridges, and setup-bridge.sh improvements.
@kvinwang
fix(vmm): trigger port forward reconfiguration on update-ports
0a23153 
When `update_vm` is called with `update_ports=true`, also call
`reconfigure_port_forward` so running bridge-mode VMs get their
forwarding rules updated without requiring a restart.
@kvinwang
chore: passt -> user
00d98e0
@kvinwang
chore: add REUSE license headers to port-forward crate
b2b1fa3
@kvinwang
chore: fix clippy warnings and rustfmt in port-forward and vmm
48036df
@kvinwang
chore(vmm): rebuild UI with bridge networking changes
4901ada
@kvinwang
feat(vmm): add forward_service_enabled config for bridge-mode port fo…
9b8e9cb 
…rwarding
@kvinwang kvinwang merged commit 95993ae into master Feb 2, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kvinwang