QEMU supports network in user mode experimentary. You can browse the Internet and use ftp, ssh etc. without root privilege or Administrative privilege.
When you use a program which connect from a Host OS to a Guest OS with option -redir, it needs to have a root privilege or an Adrimistrative privilege.
From version 0.6.0, NE2000 PCI card is supported. If a guest OS supports Plug and Play, NE2000 will be detected automatically. And if the guest OS have DHCP client, network will be automatically configured. You don't have to set it manually.
Realtec 8029 driver can be used for Windows for Workgroup 3.11, Windows NT 4 and OS/2 warp 4. NE2000 driver doesn't work for Windows fot Workgroup 3.11 and Windows NT 4.
If NE2000 can't be detected on Linux, please try these.
$ modprobe ne2k-pci $ dhclient eth0 (or $ dhcpcd eth0)
kernel modules loaded are 8390.o and ne2k-pci.o.
sh-2.05b# lsmod Module Size Used by Not tainted input 3328 0 (autoclean) pcmcia_core 43488 0 translucency 61408 8 af_packet 14568 0 (autoclean) ne2k-pci 5504 1 8390 6576 0 [ne2k-pci] apm 10436 1 rtc 7356 0 (autoclean) unix 17064 16 (autoclean) cloop 8420 4irq equals 9 and io memory address is 0xc100.
sh-2.05b# cat /proc/interrupts
CPU0
0: 218022 XT-PIC timer
1: 287 XT-PIC keyboard
2: 0 XT-PIC cascade
8: 1 XT-PIC rtc
9: 21 XT-PIC eth0
12: 240 XT-PIC PS/2 Mouse
15: 1333 XT-PIC ide1
NMI: 0
LOC: 0
ERR: 0
MIS: 0
sh-2.05b# cat /proc/ioports
0000-001f : dma1
0020-003f : pic1
0040-005f : timer
0060-006f : keyboard
0070-007f : rtc
0080-008f : dma page reg
00a0-00bf : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
0320-0323 :
0350-0353 :
0376-0376 : ide1
03c0-03df : vesafb
03f8-03ff : serial(auto)
0cf8-0cff : PCI conf1
c000-c00f : Intel Corp. 82371SB PIIX3 IDE [Natoma/Triton II]
c000-c007 : ide0
c008-c00f : ide1
c100-c1ff : Realtek Semiconductor Co., Ltd. RTL-8029(AS)
c100-c11f : ne2k-pci
An IP address of a network interface card NE2000 is 10.0.2.15.sh-2.05b# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2004 (1.9 KiB) TX bytes:1746 (1.7 KiB)
Interrupt:9 Base address:0xc100
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:480 (480.0 b)
Routing table is like this.sh-2.05b# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0You can ping 10.0.2.2
sh-2.05b# ping 10.0.2.2 PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data. 64 bytes from 10.0.2.2: icmp_seq=1 ttl=255 time=3.05 ms 64 bytes from 10.0.2.2: icmp_seq=2 ttl=255 time=2.14 ms 64 bytes from 10.0.2.2: icmp_seq=3 ttl=255 time=2.76 ms 64 bytes from 10.0.2.2: icmp_seq=4 ttl=255 time=2.13 ms 64 bytes from 10.0.2.2: icmp_seq=5 ttl=255 time=2.15 ms 64 bytes from 10.0.2.2: icmp_seq=6 ttl=255 time=2.91 ms --- 10.0.2.2 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5065ms rtt min/avg/max/mdev = 2.139/2.529/3.059/0.394 ms
There is the case that you can browse the Internet by IP address but
can't browse by name (e.x. http://fabrice.bellard.free.fr/). For
example, It can be caused by the case that a router doesn't have a
function of DNS server.
It is necessary to set DNS server's addresses to a guest OS. When a guest OS is linux, set them in /etc/resolve.conf
/etc/resolve.conf:
nameserver DNS server's address 1
nameserver DNS server's address 2
When a guest OS is Windows, set them in property of NE2000 in Network and Dial-up Connections.
When you use ISA NE2000 card with -isa option, a network in a guest OS isn't configured automatically. It needs to set it by yourself. I used these OSes.
Host OS: Fedora Core 1 or Windows2000
Guest OS: Red Hat Linux 7.2
I installed Red Hat 7.2 only with network support. I think it doesn't need to change CD-ROM if you don't install X Windows.
Please start the program with -user-net.
$ ./qemu -L ../pc-bios -hda redhat72.img -user-net
If you want to use NE2000 ISA card, you need to set IRQ and I/O memory base manually. IRQ is 9 and I/O is 0x300.
It needs to be root in gest OS to set network configuration.
Please load two drivers for NE2000 at first.
/lib/modules/2.4.x/kernel/driver/net/8390.o
/lib/modules/2.4.x/kernel/driver/net/ne.o
[Red Hat 7.2]$ su Password: [Red Hat 7.2]# /sbin/insmod 8390 Using /lib/modules/2.4.9-13/kernel/drivers/net/8390.o [Red Hat 7.2]# /sbin/insmod ne irq=9 io=0x300 Using /lib/modules/2.4.9-13/kernel/drivers/net/ne.o
Then confirm it is loaded.
[Red Hat 7.2]# /sbin/lsmod
Module Size Used by
ne 7488 0 (unused)
8390 6752 0 [ne]
ext3 62480 1
jbd 41056 1 [ext3]
[Red Hat 7.2]# cat /proc/interrupts
CPU0
0: 31580 XT-PIC timer
1: 406 XT-PIC keyboard
2: 0 XT-PIC cascade
8: 1 XT-PIC rtc
9: 0 XT-PIC NE2000 <--- irq=9
14: 5676 XT-PIC ide0
15: 1 XT-PIC ide1
NMI: 0
ERR: 0
[Red Hat 7.2]# cat /proc/ioports
0000-001f : dma1
0020-003f : pic1
0040-005f : timer
0060-006f : keyboard
0070-007f : rtc
0080-008f : dma page reg
00a0-00bf : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
0300-031f : eth0 <--- io=0x300
0376-0376 : ide1
03c0-03df : vga+
03f6-03f6 : ide0
03f8-03ff : serial(auto)
NE2000(eth0) is disabled at first. You cannot see eth0 without "-a" option.
[Red Hat 7.2]# /sbin/ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:420 (420.0 b) TX bytes:420 (420.0 b)
[Red Hat 7.2]# /sbin/ifconfig -a
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:420 (420.0 b) TX bytes:420 (420.0 b)
Then set eth0 to 10.0.2.16.
[Red Hat 7.2]# /sbin/ifconfig eth0 10.0.2.16
[Red Hat 7.2]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet addr:10.0.2.16 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:420 (420.0 b) TX bytes:420 (420.0 b)
Please check the routing table.
[Red Hat 7.2]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
Then set a default gateway to 10.0.2.2.
[Red Hat 7.2]# /sbin/route add -net 0.0.0.0 gw 10.0.2.2 eth0 [Red Hat 7.2]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 10.0.2.2 0.0.0.0 UG 40 0 0 eth0
All packets except for 10.x.x.x and 127.x.x.x are sent to gateway 10.0.2.2 through eth0(NE2000).
NOTE: You can use modprobe and DHCP server instead of 3.1, 3.2 and 3.3.
[Red Hat 7.2]#/sbin/modprobe ne irq=9 io=0x300 [Red Hat 7.2]#/sbin/dhcpcd eth0 If gest OS is Fedora Core 1, [Guest OS is Fedora Core 1]#/sbin/dhclient eth0
It may take time to get IP address from DHCP server.
You will get IP address 10.0.2.x for eth0.
Please check virtual interfaces by ping.
[Red Hat 7.2]# ping 10.0.2.2 PING 10.0.2.2 (10.0.2.2) from 10.0.2.16 : 56(84) bytes of data. 64 bytes from 10.0.2.2: icmp_seq=0 ttl=255 time=26.471 msec 64 bytes from 10.0.2.2: icmp_seq=1 ttl=255 time=1.674 msec 64 bytes from 10.0.2.2: icmp_seq=2 ttl=255 time=1.579 msec --- 10.0.2.2 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/mdev = 1.579/9.908/26.471/11.711 ms [Red Hat 7.2]# ping 10.0.2.3 PING 10.0.2.3 (10.0.2.3) from 10.0.2.16 : 56(84) bytes of data. --- 10.0.2.3 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss
It seems that ping 10.0.2.3 doesn't work but it is OK.
My network card has an address 192.168.100.2 on Fedora Core 1.
[Fedora Core 1]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:2B:XX:YY:ZZ
inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1532 (1.4 Kb) TX bytes:976 (976.0 b)
Interrupt:5 Base address:0x3000
Please check sshd is working on Linux.
[Fedora Core 1]$ ps ax |grep ssh 3766 ? S 0:00 /usr/sbin/sshd 4048 ? S 0:00 /usr/bin/ssh-agent /etc/X11/xinit/Xclients 11800 pts/4 S 0:00 grep ssh
You can use ipconfig on Windows2000.
c:\> ipconfig Windows 2000 IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.100.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.100.1
Please start Telnet service from controll panel. It needs to disable NTLM authentication.
Please stop it after you use it. It can be a security hole.
You can connect to host OS by ssh on Linux.
[Red Hat 7.2]$ ssh 192.168.100.2 The authenticity of host '192.168.100.2 (192.168.100.2)' can't be established. RSA key fingerprint is 66:aa:8d:42:bd:8a:0d:bf:98:d9:6a:f6:aa:bb:cc:dd. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.100.2' (RSA) to the list of known hosts. kazu@192.168.100.2's password: [Fedora Core 1]$ ls [Fedora Core 1]$ exit logout Connection to 192.168.100.2 closed.
Then you can use Lynx etc.
[Red Hat 7.2]$ lynx http://fabrice.bellard.free.fr
You can use telnet on Windows2000.
[Red Hat 7.2]$ telnet 192.168.100.2 C:\>exit
Backspace is Ctrl-h.
Then you can use other programs.
Please add a new heading in /etc/modules.conf.
alias eth0 ne
options ne irq=9 io=0x300
Please make a new file as /etc/sysconfig/network-scripts/ifcfg-eth0.
# ISA NE2000 DEVICE=eth0 BOOTPROTO=dhcp HWADDR=52:54:00:12:34:56 ONBOOT=yes TYPE=ethernet USERCTL=no PEERDNS=no
It is OK when you can see this list at startup.
Bringing up interface eth0: [ OK ]
If you start the program with an option -tftp, you can read files on a Host OS from a guest OS by tftp client.
It is nessesary to set a full path name for each file name.
Please use slash '/' instead of back slash '\'.
For example, if you want to transfer file C:\msys\1.0\home\kazu\test.txt in folder C:\msys\1.0\home\kazu.
[Dos Prompt] qemu.exe -L ../pc-bios -hda redhat.img -tftp /msys/1.0/home/kazu
guest OS$ tftp 10.0.2.2
guest OS$ tftp>binary
guest OS$ tftp>get /msys/1.0/home/kazu/test.txt
In MS-DOS prompt, root directory / means C:\.
In MinGW/MSYS
environment, root directory / means C:/msys/1.0 and /tmp means
C:/DOCUME~1/kazu/LOCALS~1/Temp. I'm stuck with these.
Notes: Maximum file size is (32M - 512) byte.
You can not transfer files in other drive for example D: or E:.
You can not transfer files from a guest OS to a host OS.
It is nesessary to set an IP address of a guest OS when the program
starts. An IP address of a Windows98 guest rented from DHCP server is
10.0.2.15, Morphix is 10.0.2.15, RedHat Linux is 10.0.2.16. Please see
it by yourself.
host OS$ qemu.exe -L ../pc-bios -hda redhat.img -redir tcp:5555:10.0.2.16:23
10.0.2.16 is the IP address of the guest OS. 5555 is a port which is
used to accept a connection on the host OS and 23 is a port which is
used in the guest OS. 23 is used by telnet server.
If you want to use telnet and ssh together, you can use some -redir options.
host OS$ qemu.exe -L ../pc-bios -hda redhat.img -redir tcp:5555:10.0.2.16:23 -redir tcp:5556:10.0.2.16:22
22 is sshd. You can see port's numbers in /etc/services in Linux.
It seems that it takes time to set arp table.
After connecting to the guest OS, arp table is like this.
guest OS# arp -a
guest OS#? (10.0.2.3) at 52:54:00:12:35:03 [eth0] on eth0
guest OS#? (10.0.2.3) at 52:54:00:12:35:02 [eth0] on eth0
But don't set IP address of the guest OS manually in the guest OS.
You can see IP address gotten from DHCP server by winipcfg.exe in
Windows 98/Me guest, ipconfig /all in Windows 2000/XP guest and
ifconfig in Linux guest. IP address is probably 10.0.2.15 or 10.0.2.16.
It is necessary to set it at starting the program.
Routing table is like this when IP address is set by hand.
guest OS# Destination Genmask
guest OS# 10.0.0.0 255.0.0.0
But it is set by DHCP server,
guest OS# 10.0.2.0 255.255.255.0
It doesn't work in the case above.
If you want set them by hand, you can set them like this.
guest OS# modprobe ne2k-pci
guest OS# ifconfig eth0 10.0.2.16 netmask 255.255.255.0
guest OS# route add default gw 10.0.2.2 eth0
Then you can connect from the host OS to the guest OS.
It may take time to connect to the guest OS at first.
Please check that the IP addess, routing table and xinetd.
guest OS# ifconfig
guest OS# netstat -rn
guest OS# ps ax |grep xinetd
Type on the host OS:
host OS$ telnet localhost 5555
You will see Login prompt from telnet server after a while.
If you want to use ftp, use passive mode.
host OS$ qemu.exe -L ../pc-bios -hda redhat.img -redir tcp:5558:10.0.2.16:21
21 is a control port for ftp.
After configuring a network in the guest OS, type
host OS$ ftp
host OS$ ftp>open localhost 5558
host OS$ Name:
host OS$ Password:
host OS$ ftp>passive
host OS$ passive mode on.
host OS$ ftp>ls
There is a ftp client which can not set port. It takes time to connect to ftp server.
ssh port can be set by -p option.
host OS$ sshd localhost -p 5556
UDP ports can be redirected. -redir udp:5560:10.0.2.16:117 etc.
Please check that you can browse the Internet on host OS.
You can use softwares based on TCP/IP and UDP/IP. You cannot ping, traceroute etc. to the Internet.
Guest OS cannnot be accessed from the Internet without -redir option
but it can be infected through e-mail or browser. Please update it and
use anti-virus software.
QEMU supporting a network in user mode is a simple client program. A
virtual network in QEMU which has a DHCP server doesn't have any
relationship with a host's network
configuration (except for DNS server's addresses).
At first, to check an network interface card and the internal network, ping to a virtual router 10.0.2.2 int a guest OS.
[guest OS]$ ping 10.0.2.2
If it doesn't return elapsed time, please set IP address 10.0.2.16
manually and try ping. If it works, NE2000 and it's driver is OK. A
problem is to get IP address from DHCP server.
Plese set DNS server's addresses from the Internet Service Provider manulally.
If it desn't work, it might be a problem of the driver. please try to use -isa option to start the QEMU.
[host OS] C:\qemu.exe -L ./pc-bios -hda linux.img -isa
There is a case that it works by a driver of Readtek 8029.
If your guest OS which is Linux can get an IP address 10.0.2.x by dhcpcd
or dhclient from virtual DHCP server , the problem is that packets cannnot
be sent or received by QEMU.
If you can use tcpdump as root on a host OS, you can check it.
[host OS]# tcpdump -i eth0
or
[host OS]# tcpdump -i eth1 (if you have two cards)
or when you use a host-gest connection,
[host OS]# tcpdump -i lo
Then use a program on a guest OS.
[guest OS]$ lynx http://----example-----/
When a connection is normal, you will see some output of tcpdump.
When your host OS is Windows, a simple way to check the netwrok is to use ping.
If a network address of network interface card of host OS is 192.168.100.2, ping works.
[guest OS]C:\ ping 192.168.100.2
ICMP ping is converted UDP packet and sent to port 82 (XFER UTILITY) of
the host OS. Linux doesn't respond to it but Windows does only when it
is the host OS. The program ping can't be used to the Internet because
a remote host usually doesn't respond to it.
A virtual network in QEMU uses source codes known as SLiRP. It is
originally developed in BSD. All packets sent to 10.0.2.2 are separated
IP packet header, TCP packet header and data. Then QEMU sends them as
if it sends as a normal client program. This enables a user mode
networking. All received packets are reconfigured and sent to a guest
OS.
A debug log can be taken by removing // in slirp/slirp.c.
// debug_init("/tmp/slirp.log", DEBUG_DEFAULT);
It is made in c:\tmp\slirp.log.When a TCP/IP program starts in the guest OS, the following functions are called.
ne2000_ioport_write
qemu_send_packet
slirp_send_packet
slirp_input
ip_input
tcp_input
tcp_fconnect
Then a socket is made. The socket is set to async mode (FIONBIO) so
that it is checked by select() function to determine whether it can
receive or send data. If there is data which can be received or sent,
recv() or send() are used.
It is checked periodically in main_loop() in vl.c by calling slirp_select_fill(),select() and slirp_select_poll().
Data are sent by these functions.
slirp_select_poll in slirp.c
tcp_input in slirp_select_poll() in slirp.c
sbappend in tcp_input.c:574
send in sbappend() in sbuf.c
Data are received by these functions.
slirp_select_poll in slirp.c
soread in slirp_select_poll() in slirp.c
recv in soread() in socket.c
When there are data to be received, these functions are called.
tcp_output in slirp_select_poll in slirp.c
ip_output
if_output
if_encap
slirp_output
slirp_fd_read
ne2000_receive
Then they are sent to NE2000. It seems that data is outputed to QEMU by SLiRP, though they are input data to the program.
Sockets can be closed by this.
tcp_close in tcp_subr.c
struct socket in socket.h has data of a socket descriptor and socket state (so_state) etc. It holds state of connection.
For UDP/IP, it is easier. It probably works if TCP/IP works. It changes functions depending on TCP or UDP.
In addition, timer is used to send or receive data.
When -redir option is used, functions solisten and udp_listen are used to act as a server.