feat: add `VZVmnetNetworkDeviceAttachment` support (macOS 26.0) #205

norio-nomura · 2025-11-22T12:06:06Z

feat: add `VZVmnetNetworkDeviceAttachment` support (macOS 26.0)

VmnetNetworkDeviceAttachment does not require the com.apple.vm.networking entitlement nor root privileges.
HostMode and SharedMode are supported.
In order for multiple VMs to communicate with each other in SharedMode, they must be started in the same process and the same VmnetNetwork must be passed to NewVmnetNetworkDeviceAttachment() to create an attachment.

Add:

VmnetReturn:
- ErrVmnetSuccess
- ...
VmnetMode:
- HostMode
- SharedMode
- ~~BridgedMode(definition only since not supported. marked as deprecated)~~
VmnetNetworkConfiguration: NewVmnetNetworkConfiguration(), 　
~~The use of the instance method group is still unknown. Setting subnet seems to trigger disabling DHCP, etc.~~
~~VmnetNetwork: NewVmnetNetwork(), some APIs which using xpc_object_t are not implemented.~~
VmnetNetworkDeviceAttachment: NewVmnetNetworkDeviceAttachment()

see: https://developer.apple.com/documentation/virtualization/vzvmnetnetworkdeviceattachment?language=objc

Which issue(s) this PR fixes:

Mentioned in #198 (comment)

Based on `VMNET_SHARED_MODE`, and `VMNET_HOST_MODE` ```yaml networks: - vzShared: true - vzHost: true ``` But, to sharing network between multiple VMs, `VZVmnetNetworkDeviceAttachment` requires VMs are launched by same process. It depends on Code-Hex/vz#205 Signed-off-by: Norio Nomura <[email protected]>

AkihiroSuda · 2025-11-22T15:19:17Z

vmnet.go

+const (
+	HostMode   VmnetMode = C.VMNET_HOST_MODE
+	SharedMode VmnetMode = C.VMNET_SHARED_MODE
+	// Deprecated: BridgedMode is not supported by NewVmnetNetworkConfiguration


Do you know why not supported?

I don't know. It's documented on:
https://developer.apple.com/documentation/vmnet/vmnet_network_configuration_create(_:_:)?language=objc

Parameters
mode
Shared mode or host-only mode.

Why BridgedMode is Deprecated? Can you link to the docs about this?

Since it is not supported we should not include it, marking it as Deprecated look wrong.

nirs · 2025-11-24T11:21:33Z

This can be used by multiple processes like this:

Start a network process create the vmnet_network_ref, starting a xpc listener
Start vm process, obtaining the vmnet_network_ref from the xpc server
- server create a xpc_object_t using https://developer.apple.com/documentation/vmnet/vmnet_network_copy_serialization(_:_:)?language=objc
- client get the xpc_oject_t via https://developer.apple.com/documentation/xpc/xpc_connection_send_message_with_reply(_:_:_:_:)
- client create new vment_netwrok_ref via https://developer.apple.com/documentation/vmnet/vmnet_network_create_with_serialization(_:_:)?language=objc
Start more vms using same vmnet_network_ref...
Wait until vms exit
Terminate network process

norio-nomura · 2025-11-28T09:16:22Z

This can be used by multiple processes like this:

In this procedure, I confirmed that VMs launched from multiple processes can share networks with each other. 👍🏻
It seems that it can be reproduced in the unit test, so I will try to make a unit test.

norio-nomura · 2025-12-02T03:57:43Z

It seems that it can be reproduced in the unit test, so I will try to make a unit test.

Added unit test and pkg/xpc.

norio-nomura · 2025-12-02T04:01:54Z

Added unit test and pkg/xpc.

I'll try this added xpc package with lima to make it work. Until then, it's a draft.

Based on `VMNET_SHARED_MODE`, and `VMNET_HOST_MODE` ```yaml networks: - vzShared: true - vzHost: true ``` But, to sharing network between multiple VMs, `VZVmnetNetworkDeviceAttachment` requires VMs are launched by same process. It depends on Code-Hex/vz#205 Signed-off-by: Norio Nomura <[email protected]>

nirs

I did not review most of this change, just the stange part of about marking bridged mode as depracated.

nirs · 2025-12-02T10:23:39Z

pkg/xpc/xpc.m

+
+// xpc_object_t
+
+void *xpcRetain(void *o)


No way to use xpc_object_t?

It seemed that it could be used if it was not exposed outside the package, but I wanted to expose it outside the package, so I used a method using void *.

nirs · 2025-12-16T14:31:25Z

vmnet.go

+const (
+	HostMode   VmnetMode = C.VMNET_HOST_MODE
+	SharedMode VmnetMode = C.VMNET_SHARED_MODE
+	// Deprecated: BridgedMode is not supported by NewVmnetNetworkConfiguration


Why BridgedMode is Deprecated? Can you link to the docs about this?

Since it is not supported we should not include it, marking it as Deprecated look wrong.

nirs · 2025-12-16T16:34:04Z

vmnet.go

-	BridgedMode VmnetMode = C.VMNET_BRIDGED_MODE
+	// BridgedMode is not supported by NewVmnetNetworkConfiguration
+	//   - https://developer.apple.com/documentation/vmnet/vmnet_network_configuration_create(_:_:)?language=objc#parameters
+	// BridgedMode VmnetMode = C.VMNET_BRIDGED_MODE


Since this package doe not use BridgedMode and it cannot be used with it we can drop the commented constants. The comment explaining why we don't include this more is good.

Based on `VMNET_SHARED_MODE`, and `VMNET_HOST_MODE` ```yaml networks: - vzShared: true - vzHost: true ``` But, to sharing network between multiple VMs, `VZVmnetNetworkDeviceAttachment` requires VMs are launched by same process. It depends on Code-Hex/vz#205 Signed-off-by: Norio Nomura <[email protected]>

norio-nomura · 2025-12-17T05:20:51Z

lima-vm/lima#4394, which relied on this PR, will now do the desired action when starting this PR.
It is almost implemented in line with the operation that @nirs taught me on #205 (comment).

VZVmnetNetworkDeviceAttachment:

I think all the necessary APIs have been implemented to use them

pkg/xpc:

At first, I didn't think this would be necessary.
Implemented by focusing on the functions necessary to share vmnet_network_ref between processes.
It was implemented to be independent as a package, but included it in pkg/xpc to avoid external dependence.
I tried to design APIs that can be added by the user himself for missing functions, and avoided the implementation of general-purpose functions such as Marshal/Unmarshal.

I don't think there will be any more additional functions for this PR.

By the way, should I include the correction of macOS 13 runner's retirement from GitHub Actions in this PR?

AkihiroSuda · 2025-12-17T05:27:01Z

By the way, should I include the correction of macOS 13 runner's retirement from GitHub Actions in this PR?

Can be a separate PR

AkihiroSuda · 2025-12-17T05:28:12Z

virtualization_26.m

+// see: https://developer.apple.com/documentation/vmnet/vmnet_network_configuration_create(_:_:)?language=objc
+void *VZVmnetNetworkConfigurationCreate(uint32_t mode, uint32_t *status)
+{
+#ifdef INCLUDE_TARGET_OSX_26


Can we test this on GHA with macos-26 ?

We can only try the build.
The macos-26, which only has arm64, does not support Nested Virtualization yet, so the unit test does not work.

norio-nomura · 2025-12-17T06:02:12Z

By the way, should I include the correction of macOS 13 runner's retirement from GitHub Actions in this PR?

Can be a separate PR

opened #208

`VZVmnetNetworkDeviceAttachment` does not require the `com.apple.vm.networking` entitlement nor root privileges. `HostMode` and `SharedMode` are supported. In order for multiple VMs to communicate with each other in SharedMode, they must be started in the same process and the same `VmnetNetwork` must be passed to `NewVmnetNetworkDeviceAttachment()` to create an attachment. Add: - `VmnetReturn`: - `ErrVmnetSuccess` - ... - `VmnetMode`: - `HostMode` - `SharedMode` - `BridgedMode`(definition only since not supported. marked as deprecated) - `VmnetNetworkConfiguration`: `NewVmnetNetworkConfiguration()`, 　 The use of the instance method group is still unknown. Setting subnet seems to trigger disabling DHCP, etc. - `VmnetNetwork`: `NewVmnetNetwork()`, some APIs which using `xpc_object_t` are not implemented. - `VmnetNetworkDeviceAttachment`: `NewVmnetNetworkDeviceAttachment()` see: https://developer.apple.com/documentation/virtualization/vzvmnetnetworkdeviceattachment?language=objc change `MACAddress.EthernetAddress()` to `MACAddress.ethernetAddress()` to avoid export C type from Go Signed-off-by: Norio Nomura <[email protected]>

Add: - `TestVmnetSharedModeAllowsCommunicationBetweenMultipleVMs()` - `Container.DetectIPv4()` Move `Container.exec()` from `shared_directory_arm64_test.go` to `virtualization_test.go` Signed-off-by: Norio Nomura <[email protected]>

Signed-off-by: Norio Nomura <[email protected]>

Signed-off-by: Norio Nomura <[email protected]> Stop using CFTypeRef Signed-off-by: Norio Nomura <[email protected]>

change `VmnetNetworkConfiguration.SetIPv4Subnet()` Signed-off-by: Norio Nomura <[email protected]>

Signed-off-by: Norio Nomura <[email protected]>

- Add `TestVmnetNetworkShareModeSharingOverXpc` to `vmnet_test.go` `TestVmnetNetworkShareModeSharingOverXpc` tests sharing `VmnetNetwork` in `SharedMode` over XPC communication. This test registers test executable as an Mach service and launches it using `launchctl`. The launched Mach service provides `VmnetNetwork` serialization to clients upon request, after booting a VM using the provided `VmnetNetwork` to ensure the network is functional on the server side. The client boots VM using the provided `VmnetNetwork` serialization. This test uses `pkg/xpc` package to implement XPC communication. - Add `pkg/xpc` package that providing `<xpc/xpc.h>` APIs to support implementing Mach service server and client Signed-off-by: Norio Nomura <[email protected]>

- Remove `BridgedMode` definition - Add more documentation to `VmnetMode` Signed-off-by: Norio Nomura <[email protected]>

norio-nomura changed the title ~~feat: add VmnetNetworkDeviceAttachment support (macOS 26.0)~~ feat: add VZVmnetNetworkDeviceAttachment support (macOS 26.0) Nov 22, 2025

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch 2 times, most recently from 6617c8f to 6a1f741 Compare November 22, 2025 12:34

norio-nomura mentioned this pull request Nov 22, 2025

feat: add VZVmnetNetworkDeviceAttachment support on macOS 26+ lima-vm/lima#4394

Draft

AkihiroSuda reviewed Nov 22, 2025

View reviewed changes

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch from 5a7a116 to 72cc1d4 Compare November 26, 2025 02:58

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch from 72cc1d4 to 9506cbd Compare December 2, 2025 03:56

norio-nomura marked this pull request as draft December 2, 2025 04:01

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch 5 times, most recently from 7bf24c1 to 007c2a5 Compare December 3, 2025 07:26

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch 2 times, most recently from aba95bd to ba619f5 Compare December 4, 2025 03:51

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch 2 times, most recently from d3fad75 to 7a58378 Compare December 15, 2025 03:39

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch from 7a58378 to 33858c0 Compare December 16, 2025 14:25

nirs reviewed Dec 16, 2025

View reviewed changes

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch from f048f6e to 3b512d7 Compare December 17, 2025 00:10

norio-nomura marked this pull request as ready for review December 17, 2025 05:20

AkihiroSuda reviewed Dec 17, 2025

View reviewed changes

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch from 3b512d7 to 0ef8850 Compare December 17, 2025 06:07

AkihiroSuda requested a review from Code-Hex December 17, 2025 10:01

norio-nomura added 8 commits December 17, 2025 19:01

feat(vmnet_test.go): add unit tests

f661602

Add: - `TestVmnetSharedModeAllowsCommunicationBetweenMultipleVMs()` - `Container.DetectIPv4()` Move `Container.exec()` from `shared_directory_arm64_test.go` to `virtualization_test.go` Signed-off-by: Norio Nomura <[email protected]>

example/macOS: go mod tidy

f8c1464

Signed-off-by: Norio Nomura <[email protected]>

Add VmnetNetwork serialization

285d909

Signed-off-by: Norio Nomura <[email protected]> Stop using CFTypeRef Signed-off-by: Norio Nomura <[email protected]>

Use "192.168.x.1" to IPv4 subnet address instead of "192.168.x.0"

3afac0a

change `VmnetNetworkConfiguration.SetIPv4Subnet()` Signed-off-by: Norio Nomura <[email protected]>

Fix doc comments

d1afc3c

Signed-off-by: Norio Nomura <[email protected]>

Apply reviews

19f23c6

- Remove `BridgedMode` definition - Add more documentation to `VmnetMode` Signed-off-by: Norio Nomura <[email protected]>

norio-nomura force-pushed the feat-add-vmnet-network-device-attachment branch from 0ef8850 to 19f23c6 Compare December 17, 2025 10:02

Uh oh!

feat: add VZVmnetNetworkDeviceAttachment support (macOS 26.0) #205

Are you sure you want to change the base?

feat: add VZVmnetNetworkDeviceAttachment support (macOS 26.0) #205

Conversation

norio-nomura commented Nov 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!