CLAassistant
commented
4 months ago
All committers have signed the CLA.
Closed devsunb closed 3 months ago
CLAassistant
commented
4 months ago
All committers have signed the CLA.
edigaryev
commented
4 months ago Softnet's primary goal is VM network isolation.
Why use it if you don't need that property? 🤔
devsunb
commented
4 months ago I haven't found a way to avoid the PRIVATE flag when a VM network interface is added as a member to a bridge network interface while using the default shared NAT network, so I tried using softnet. I don't have a lot of knowledge about this, so I think I may have used the wrong method. Is there any way to use the default shared NAT network and allow VM to VM communication?
edigaryev
commented
4 months ago I haven't found a way to avoid the PRIVATE flag when a VM network interface is added as a member to a bridge network interface while using the default shared NAT network
Interesting. When we were developing Softnet that wasn't the case on macOS 12 (Monterey), but that seems to be changed since macOS Ventura (13)/Sonoma (14).
Have you tried using --net-bridged instead? It doesn't have such limitation.
devsunb
commented
4 months ago Yes. Using --net-bridged works fine, but I need an independent NAT network within my macOS host.
edigaryev
commented
3 months ago It feels to me that the naming of --net-softnet-disable-isolation is an oxymoron and that it'll make lots of people scratch their head trying to figure out what Softnet even offers in terms of security after all.
What I propose instead is to disable the interface isolation automatically when --net-softnet-allow=0.0.0.0/0 is passed to Tart.
This way no additional command-line arguments needs to be introduced. What do you think?
edigaryev
commented
3 months ago Superseded by https://github.com/cirruslabs/tart/pull/853.
See https://github.com/cirruslabs/softnet/pull/38, https://github.com/cirruslabs/softnet/issues/37