1# Network 2 3## Host TAP configuration 4 5The most convenient way to provide a network device to a guest is to setup a persistent TAP 6interface on the host. This section will explain how to do this for basic IPv4 connectivity. 7 8```sh 9sudo ip tuntap add mode tap user $USER vnet_hdr crosvm_tap 10sudo ip addr add 192.168.10.1/24 dev crosvm_tap 11sudo ip link set crosvm_tap up 12``` 13 14These commands create a TAP interface named `crosvm_tap` that is accessible to the current user, 15configure the host to use the IP address `192.168.10.1`, and bring the interface up. 16 17The next step is to make sure that traffic from/to this interface is properly routed: 18 19```sh 20sudo sysctl net.ipv4.ip_forward=1 21# Network interface used to connect to the internet. 22HOST_DEV=$(ip route get 8.8.8.8 | awk -- '{printf $5}') 23sudo iptables -t nat -A POSTROUTING -o "${HOST_DEV}" -j MASQUERADE 24sudo iptables -A FORWARD -i "${HOST_DEV}" -o crosvm_tap -m state --state RELATED,ESTABLISHED -j ACCEPT 25sudo iptables -A FORWARD -i crosvm_tap -o "${HOST_DEV}" -j ACCEPT 26``` 27 28## Start crosvm with network 29 30The interface is now configured and can be used by crosvm: 31 32```sh 33crosvm run \ 34 ... 35 --net tap-name=crosvm_tap \ 36 ... 37``` 38 39## Configure network in host 40 41Provided the guest kernel had support for `VIRTIO_NET`, the network device should be visible and 42configurable from the guest. 43 44```sh 45# Replace with the actual network interface name of the guest 46# (use "ip addr" to list the interfaces) 47GUEST_DEV=enp0s5 48sudo ip addr add 192.168.10.2/24 dev "${GUEST_DEV}" 49sudo ip link set "${GUEST_DEV}" up 50sudo ip route add default via 192.168.10.1 51# "8.8.8.8" is chosen arbitrarily as a default, please replace with your local (or preferred global) 52# DNS provider, which should be visible in `/etc/resolv.conf` on the host. 53echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf 54``` 55 56These commands assign IP address `192.168.10.2` to the guest, activate the interface, and route all 57network traffic to the host. The last line also ensures DNS will work. 58 59Please refer to your distribution's documentation for instructions on how to make these settings 60persistent for the host and guest if desired. 61 62## Device hotplug (experimental) 63 64On a [hotplug-enabled VM](index.md#device-hotplug-experimental), a TAP device can be hotplugged 65using the `virtio-net` command: 66 67```sh 68crosvm virtio-net add crosvm_tap ${VM_SOCKET} 69``` 70 71Upon success, `crosvm virtio_net` will report the PCI bus number the device is plugged into: 72 73```sh 74[[time redacted] INFO crosvm] Tap device crosvm_tap plugged to PCI bus 3 75``` 76 77The hotplugged device can then be configured inside the guest OS similar to a statically configured 78device. (Replace `${GUEST_DEV}` with the hotplugged device, e.g.: `enp3s0`.) 79 80Due to [sandboxing](../architecture/overview.md#sandboxing-policy), crosvm do not have CAP_NET_ADMIN 81even if crosvm is started using sudo. Therefore, hotplug only accepts a persistent TAP device owned 82by the user running crosvm, unless 83[sandboxing is disabled.](../running_crosvm/advanced_usage.md#multiprocess-mode) 84 85The device can be removed from the guest using the PCI bus number: 86 87```sh 88crosvm virtio-net remove 3 ${VM_SOCKET} 89``` 90