Software networking with isolation for Tart

dhcp firewall networking packet-filter security tart vmnet

Go to file

dependabot[bot] a35e5ae92a Bump anyhow from 1.0.94 to 1.0.95 (#67 ) Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.94 to 1.0.95. - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.94...1.0.95) --- updated-dependencies: - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2024-12-23 12:39:11 +04:00
.github	dependabot.yml: enable version updates for Cargo (#42 )	2024-10-03 23:45:45 +04:00
lib	Bump smoltcp from 0.11.0 to 0.12.0 (#62 )	2024-12-05 00:15:21 +04:00
src	Prevent multiple --allow flags (#35 )	2024-03-11 23:02:59 +04:00
.cirrus.yml	Build for `x86_64` (#28 )	2024-01-24 15:23:04 +04:00
.gitignore	Goreleaser Fix (#30 )	2024-01-24 19:09:59 +04:00
.goreleaser.yml	Goreleaser Fix (#30 )	2024-01-24 19:09:59 +04:00
Cargo.lock	Bump anyhow from 1.0.94 to 1.0.95 (#67 )	2024-12-23 12:39:11 +04:00
Cargo.toml	Disable isolation when `--allow=0.0.0.0/0` is specified (#39 )	2024-07-02 15:36:07 +04:00
LICENSE	License under AGPL-3.0 (#4 )	2022-06-21 15:59:35 +03:00
README.md	README.md: proper nested bullet point syntax	2024-06-13 14:57:44 +04:00
rust-toolchain.toml	$ cargo update (#40 )	2024-07-23 14:33:31 +04:00

README.md

Softnet

Softnet is a software networking for Tart which provides better network isolation and alleviates DHCP shortage on production systems. Please check out this blog post for backstory.

Working model

Softnet solves two problems:

VM network isolation
- VZNATNetworkDeviceAttachment (the default networking in Tart) enables vmnet's bridge isolation by default and prevents cross-VM traffic, however it's still possible for any VM to spoof the host's ARP-table and capture other VMs traffic by using tools that enable conducting the ARP spoofing attacks (e.g. arpspoof, arpoison and so on)
DHCP exhaustion
- macOS built-in DHCP-server allocates a /24 subnet with 86400 seconds lease time by default, which only allows for ~253 VMs a day (or 1 VM every ~6 minutes) to be spawned without causing a denial-of-service, which is pretty limiting for CI services like Cirrus CI

And assumes that:

Tart gives it's VMs unique MAC-addresses
macOS built-in DHCP-server won't re-use the IP-addresses from it's pool until their lease expire

...otherwise it's possible for two VMs to receive an identical IP-address from the macOS built-in DHCP-server (even in the presence of Softnet's packet filtering) and thus bypass the protections offered by Softnet.

Installing

For proper functioning, Softnet binary requires two things:

a SUID-bit to be set on the binary or a passwordless sudo to be configured, which effectively gives the binary root privileges
- these privileges are needed to create vmnet.framework interface and perform DHCP-related system tweaks
- the privileges will be dropped automatically to that of the calling user (or those represented by the --user and --group command-line arguments) once all of the initialization is completed
the binary to be available in PATH
- so that the Tart will be able to find it

Running

Softnet is started and managed automatically by Tart if --net-softnet flag is provided when calling tart run.