Support for configurable network address for user-v2

[balajiv113]

Fixes #1551 #1333

Keep the PR as draft for the following to be resolved

• Handle existing zone in dynamically addition of DNS records containers/gvisor-tap-vsock#236
• gvproxy internal dns resolver needs to handle all query types containers/gvisor-tap-vsock#233

What's done
The user-v2 now honours gateway and netmask properties.

networks:
  user-v2:
    mode: user-v2
    gateway: 192.168.109.1
    netmask: 255.255.255.0

With the support of configurable subnet, we also required to provided support for dynamic DNS for user-v2

Changes to DNS resolving for usernet

Before
VM <-> gvisor-tap-vsock <-> hostagent dns resolver

Now
VM <-> gvisor-tap-vsock

No UDP or TCP forwarding will happen. So DNS lookup's will be faster now

How to enable new way of DNS resolver ?
Disabling the hostResolver will enable this new DNS for vz driver and for user-v2 network.

hostResolver:
  enabled: false

Need opinion on this, as we will still use hostResolver.hosts even after enabled is false.

Behaviour change

• With user-v2 we will not set LIMA_CIDATA_SLIRP_IP_ADDRESS. As IP address are assigned dynamically
• DNS record for instance is changed from lima-default to lima-default.internal

TODO

• Fix tests with hardcoded IP

[AkihiroSuda]

Could you add a comment line to explain this?

[balajiv113]

Done. But am still looking for a way to maintain the config more cleaner.

Using hostResolver.hosts without hostResolver.enabled doesn't look clean.

[balajiv113]

@AkihiroSuda - Is the current model looking good for you ??

The other approach i had in mind was to use our custom hostResolver only for qemu slirp network and in all other cases we will use gvisor-tap-vsock. If this enabled is false, we will simply use vm dns resolver

Note: In the second approach we will loose support for IPv6 resolution

[AkihiroSuda]

@jandubois PTAL

[AkihiroSuda]

The other approach i had in mind was to use our custom hostResolver only for qemu slirp network and in all other cases we will use gvisor-tap-vsock.

Will this work for VPN users?
If so, we can just ignore hostResolver for user-v2 mode.

[balajiv113]

Will this work for VPN users?

Yes yes, user-v2 will also work for VPN users as far as i checked

If so, we can just ignore hostResolver for user-v2 mode.

So basically whether hostResolver is present or not we will not consider it right ?

[AkihiroSuda]

So basically whether hostResolver is present or not we will not consider it right ?

Right, assuming that nobody needs hostResolver.enabled = true for user-v2 mode

[balajiv113]

To fully understand,
hostResolver.hosts will still be used right ?? To set the custom host names.

With this option the goal is that we will remove support for enable / disable and handle internally for user-v2

[AkihiroSuda]

To fully understand, hostResolver.hosts will still be used right ?? To set the custom host names.

Yes 👍

With this option the goal is that we will remove support for enable / disable and handle internally for user-v2

👍

[balajiv113]

Done the changes

[AkihiroSuda]

Is this still a draft?

[balajiv113]

Is this still a draft?

Its good for review now. I was just waiting for the other issue to get closed. But we can proceed further.

[raja]

Is this still a draft?

Its good for review now. I was just waiting for the other issue to get closed. But we can proceed further.

It appears that the referenced gvisor pr's have been merged. Is this good to review?

[balajiv113]

@raja Yes its up for review.

I will address any new review comments and merge conflicts over next week.

[AkihiroSuda]

Needs rebase

[balajiv113]

Needs rebase

Done :)

[AkihiroSuda]

CI is failing

[AkihiroSuda]

TEST| [INFO] Testing proxy settings are imported
TEST| [INFO] FTP_PROXY: expected=FTP_PROXY=http://192.168.5.2:2121 got=FTP_PROXY=http://192.168.104.2:2121
TEST| [ERROR] proxy environment variable not set to correct value

https://github.com/lima-vm/lima/pull/1626/checks?check_run_id=15421021585

[balajiv113]

I have fixed this but for some reason its failing in systemd strict check. Will try to fix early next week

[AkihiroSuda]

Thanks

[AkihiroSuda]

Not sure if this is necessary here