Although VMWare can't support hardware accelerated 3d rendering for macos, I happened to see Garageband running in my old laptop, it indicates 'macOS Catalina (Version 10.15.4)' supports middle layer OpenGL software simulation, while up-to-date macOS deviates from this style.
vmware
Install VMWare Player in Fedora
After
1 | dnf install kernel-headers kernel-devel |
we still failed building kernel modules for VMWare Player in fedora,
1 | vm_basic_defs.h:54:12: fatal error: stddef.h: No such file or directory |
A solution is
1 2 3 4 | # e.g. current kernel version is 5.16.12-200.fc35.x86_64 cd /usr/src/kernel/5.16.12-200.fc35.x86_64/include ln -s linux/stddef.h stddef.h ln -s linux/stdarg.h stdarg.h |
bad security of vmware guest isolation from host
1. without administrative privilege, only using guest os user password, we can copy any file from guest to host by
#startup win7.vmx first. vmrun.exe -gu guest_os_user_name -gp guest_os_user_password copyFileFromGuestToHost "E:\vmimg\win7\win7.vmx" c:\windows\system32\notepad.exe e:\notepad.exe
2. example about communication between guest and host using vmware backdoor routines:
https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/services/plugins/dndcp
refer to:
n0nick
vmware mac big sur has no boot.efi in recovery selection
Make a bootable disk.
- create a vmdk with enough capacity, like 40G, add it to the guest vm.
- start up the vm, format the vmdk to HFS+(MAC OS扩展 日志式), name as MyVolume.
- download macos from app store, when installing dialog appears, leave it.
- open a terminal, type command below:
1 | sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume |
Reboot the guest vm from this bootable disk.
1 | BIOS -> EFI VMware Virtual SATA Hard Drive (2.0) |
In recovery mode, we can switch off virtual memory.
1 2 3 4 5 | csrutil disable #after reboot cd /System/Volumes/VM/ sudo mkdir swapfile0 swapfile1 swapfile2 swapfile3 swapfile4 swapfile5 sysctl vm.swapusage |
refer to:
chrisleat
https://communities.vmware.com/t5/VMware-Fusion-Discussions/Can-t-boot-into-recovery-partition-on-macOS-11-Big-Sur/m-p/2298420#M139994
https://support.apple.com/en-us/HT201372
https://www.dazhuanlan.com/cossacks/topics/1189622
Optimizing the kernel for VMware
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | [*] 64-bit kernel (leave blank for x86)
General Setup --->
[*] Optimize very unlikely/likely branches
Power management and ACPI options --->
[*] ACPI (Advanced Configuration and Power Interface) Support --->
Processor type and features --->
Processor Family (usually Core2/Newer Xeon)
Bus Options --->
< > PCCard (PCMCIA/Cardbus) support
Networking support --->
[ ] Amateur Radio support
[ ] Wireless (only if you plan on using nat EXCLUSIVELY)
Device Drivers --->
Generic Driver Options
[*] Maintain a devtmpfs filesystem to mount at /dev
Misc Devices --->
[*] VMware Balloon Driver (manages memory between VM and host)
[*] VMware VMCI Driver (Virtual Machine Communication Interface - low-latency access to host memory bus)
SCSI device support --->
[*] SCSI low-level drivers --->
<*> VMware PVSCSI driver support (high throughput storage adapter)
[*] Fusion MPT device support --->
<*> Fusion MPT ScsiHost drivers for SPI
[*] Network device support --->
[*] Ethernet driver support --->
(disable every driver but this)
[*] AMD Devices
<*> AMD PCNet32 PCI support
[ ] Wireless LAN (ONLY if you disabled Wireless networking support above)
< > VMware VMXNET3 ethernet driver (PCNet32 is more than enough for most use cases - enable this only if you have spare cpu cycles to burn)
Graphics support --->
<*> Direct Rendering Manager
< > Intel 8xx/9xx/G3x/G4x/HD Graphics
<*> DRM driver for VMware Virtual GPU
[*] Enable framebuffer console support under vmwgfx by default
<*> Support for frame buffer devices
Console display driver support --->
<*> Framebuffer Console support
Sound card support --->
<*> Advanced Linux Sound Architecture --->
[*] PCI sound devices
<*> (Creative) Ensoniq AudioPCI 1371/1373
< > Intel HD Audio
File systems --->
(enable only those you anticipate using)
<*> Second extended fs support
<*> The Extended 4 (ext4) filesystem
<*> XFS filesystem support
<*> Btrfs filesystem Unstable disk format
Pseudo filesystems --->
[*] Tmpfs virtual memory file system support (former shm fs)
[*] Tmpfs POSIX Access Control Lists |
efi boot (uncertain, maybe need to ask pc maker for signing the kernel.)
1 2 3 4 5 6 | Processor type and features ---> [*] EFI runtime service support [*] EFI stub support Firmware Drivers ---> EFI (Extensible Firmware Interface) Support ---> <*> EFI Variable Support via sysfs |
device mapper
1 2 3 | Device Drivers Multiple devices driver support (RAID and LVM) <M> Device mapper support |
refer to:
https://forums.gentoo.org/viewtopic-p-7332884.html
https://stackoverflow.com/questions/40344484/cant-load-self-compiled-linux-kernel
利用vmware调试kernel
在vmware虚拟机A上
1 2 | apt install libssl-dev apt install libncurses-dev |
从文后链接中下载kernel源码,比如版本4.15.18,解压编译
1 2 3 4 | make menuconfig make make modules_install make install |
A关机,克隆A为B,A的虚拟机设置中增加串口
1 2 3 | 使用命名管道:\\.\pipe\com_1 该端是服务器。 另一端是虚拟机。 |
B的虚拟机设置中增加串口
1 2 3 | 使用命名管道:\\.\pipe\com_1 该端是客户端。 另一端是虚拟机。 |
A以新编译的内核引导,可能事先要加大内存;B以旧内核引导。在B中运行
1 | cat < /dev/ttyS1 |
在A中运行
1 | echo Helloworld > /dev/ttyS1 |
如果B中回显消息,说明串口连通。
编辑A中的/boot/grub/grub.cfg,找到新编译内核启动项,在handoff后加入kgdbwait kgdboc=ttyS1,115200 nokaslr,如
1 | linux /boot/vmlinuz-4.15.18 root=UUID=7ccc722d-2cbd-4597-a367-e0635333ddbf ro quiet splash $vt_handoff kgdbwait kgdboc=ttyS1,115200 nokaslr |
B退出cat程序,A重启以新编译的内核引导到kdb等待状态。在B中kernel源码根目录运行
1 2 3 4 5 | gdb vmlinux set serial baud 115200 target remote /dev/ttyS1 lx-symbols c |
A中进入系统后可用下面语句触发调试
1 2 3 | #echo 1 > /proc/sys/kernel/sysrq #echo kms,kbd > /sys/module/kgdboc/parameters/kgdboc echo g > /proc/sysrq-trigger |
vmware串口调试提速的方法为,关掉此虚拟机,编辑启动文件.vmx,加入
1 | serial1.pipe.charTimePercent = "25" |
其中serial1要因时而变,要查找同文件中是否有同样名称。
运行后很稳定的话,还可将25再改小再试。
注1:因为新内核的KASLR机制,如果在内核启动命令行中不加入nokaslr,调试时看到不到堆栈也下不了断点。Cannot insert breakpoint。
注2:因为源地址无法访问了,有个未尝试的点摘抄下来
1 2 3 | 在没有编译内核的情况下,还可以直接通过修改虚拟机的启动文件.vmx,添加: debugStub.listen.guest32 = "TRUE" 然后在调试机器中通过:target remote ip:8832(8864)来调试,ip为真实机器的IP |
refer to:
https://mirrors.edge.kernel.org/pub/linux/kernel/
https://stackoverflow.com/questions/49360506/in-kgdb-i-cannot-set-the-breakpoint
https://askubuntu.com/questions/964540/gdb-qemu-cant-put-break-point-on-kernel-function-kernel-4-10-0-35
https://www.cnblogs.com/xiaofool/p/5377737.html
https://docs.vmware.com/en/VMware-Workstation-Pro/12.0/com.vmware.ws.using.doc/GUID-B285C62D-1E7E-49E8-81D6-77910B2024A6.html
StrongSwan PSK RSA
四台虚拟机ABCD,三段Host Only虚拟网络vmnet2、vmnet3、vmnet4,DHCP都禁掉。
1 2 3 4 5 6 7 8 9 10 | A vmnet2: 10.1.0.10/24 gw 10.1.0.2 B vmnet2: 10.1.0.2/24 vmnet3: 192.168.0.2/24 C vmnet3: 192.168.0.3/24 vmnet4: 10.2.0.2/24 D vmnet4: 10.2.0.10/24 gw 10.2.0.2 |
BC两台上下载编译安装strongswan 5.4.0,其版本信息可在config.h中辨认。
1 2 3 4 5 6 | wget http://download.strongswan.org/strongswan-5.4.0.tar.bz2 apt-get install libgmp-dev apt-get install libssl-dev tar -jxvf strongswan-5.4.0.tar.bz2 ./configure --sysconfdir=/etc --enable-openssl --enable-gmp --prefix=`pwd`/installed make && make install |
BC两虚拟机都指向同一个共享文件夹share。
在B中生成证书
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | mkdir cert && cd cert ipsec pki --gen --outform pem > ca.pem ipsec pki --self --in ca.pem --dn "C=CN, O=NetworkLab, CN=NetworkLab CA" --ca --outform pem > ca.cert.pem ipsec pki --gen --outform pem > sun.server.pem ipsec pki --pub --in sun.server.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=CN, O=NetworkLab, CN=sun.com" --san="sun.com" --flag serverAuth --flag ikeIntermediate --outform pem > sun.server.cert.pem ipsec pki --gen --outform pem > moon.server.pem ipsec pki --pub --in moon.server.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=CN, O=NetworkLab, CN=moon.com" --san="moon.com" --flag serverAuth --flag ikeIntermediate --outform pem > moon.server.cert.pem ipsec pki --gen --outform pem > sun.client.pem ipsec pki --pub --in sun.client.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=CN, O=NetworkLab, CN=client" --outform pem > sun.client.cert.pem ipsec pki --gen --outform pem > moon.client.pem ipsec pki --pub --in moon.client.pem | ipsec pki --issue --cacert ca.cert.pem --cakey ca.pem --dn "C=CN, O=NetworkLab, CN=client" --outform pem > moon.client.cert.pem mv cert /mnt/hgfs/share/ |
B中安装证书
1 2 3 4 5 | cp -r /mnt/hgfs/share/cert/ca.cert.pem /etc/ipsec.d/cacerts/ cp -r /mnt/hgfs/share/cert/moon.server.cert.pem /etc/ipsec.d/certs/ cp -r /mnt/hgfs/share/cert/moon.server.pem /etc/ipsec.d/private/ cp -r /mnt/hgfs/share/cert/sun.client.cert.pem /etc/ipsec.d/certs/ cp -r /mnt/hgfs/share/cert/sun.client.pem /etc/ipsec.d/private/ |
C中安装证书
1 2 3 4 5 | cp -r /mnt/hgfs/share/cert/ca.cert.pem /etc/ipsec.d/cacerts/ cp -r /mnt/hgfs/share/cert/sun.server.cert.pem /etc/ipsec.d/certs/ cp -r /mnt/hgfs/share/cert/sun.server.pem /etc/ipsec.d/private/ cp -r /mnt/hgfs/share/cert/moon.client.cert.pem /etc/ipsec.d/certs/ cp -r /mnt/hgfs/share/cert/moon.client.pem /etc/ipsec.d/private/ |
B中配置
/etc/ipsec.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | config setup # strictcrlpolicy=yes # uniqueids = no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 mobike=no conn net-net-rsa left=192.168.0.2 leftcert=moon.server.cert.pem leftsubnet=10.1.0.0/24 leftid=@moon.com leftfirewall=yes right=192.168.0.3 rightsubnet=10.2.0.0/24 rightid=@sun.com auto=add conn net-net-psk keyexchange=ikev1 authby=secret left=192.168.0.2 leftsubnet=10.1.0.0/16 leftid=@xxx.server.com leftfirewall=yes right=192.168.0.3 rightsubnet=10.2.0.0/16 rightid=@yyy.server.com ike=aes-sha1-modp1024 esp=aes-sha1-modp1024 auto=route type=tunnel |
/etc/ipsec.secrets
1 2 | @xxx.server.com @yyy.server.com : PSK hello : RSA moon.server.pem |
/etc/strongswan.conf
1 2 3 4 5 6 7 | charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf |
C中配置
/etc/ipsec.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | config setup # strictcrlpolicy=yes # uniqueids = no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 mobike=no conn net-net-rsa left=192.168.0.3 leftcert=sun.server.cert.pem leftsubnet=10.2.0.0/24 leftid=@sun.com leftfirewall=yes right=192.168.0.2 rightsubnet=10.1.0.0/24 rightid=@moon.com auto=add conn net-net-psk keyexchange=ikev1 authby=secret left=192.168.0.3 leftsubnet=10.2.0.0/16 leftid=@yyy.server.com leftfirewall=yes right=192.168.0.2 rightsubnet=10.1.0.0/16 rightid=@xxx.server.com ike=aes-sha1-modp1024 esp=aes-sha1-modp1024 auto=route type=tunnel |
/etc/ipsec.secrets
1 2 | @xxx.server.com @yyy.server.com : PSK hello : RSA sun.server.pem |
/etc/strongswan.conf
1 2 3 4 5 6 7 | charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf |
到此,BC两台机器中都运行
1 2 3 4 5 6 | echo 1 > /proc/sys/net/ipv4/ip_forward ipsec restart --nofork #如果要以rsa方式 ipsec up net-net-rsa #如果要以psk方式 ipsec up net-net-psk |
最后在A中ping机器D。
refer to:
https://www.strongswan.org/
https://blog.csdn.net/puppylpg/article/details/64918562
http://www.hqyman.cn/post/543.html
https://www.cnblogs.com/hugetong/p/10150992.html
安装程序无法自动安装 Virtual Machine Communication Interface Sockets (VSock)
http://www.catalog.update.microsoft.com/search.aspx?q=kb4474419
下载kb4474419 win7 x64版珍藏!
另外,win7 usb3总线驱动:
http://www.vmware.com/go/dl_intel_usb3_driver
refer to:
https://tieba.baidu.com/p/6031541992
https://kb.vmware.com/s/article/78708
https://support.microsoft.com/en-us/topic/sha-2-code-signing-support-update-for-windows-server-2008-r2-windows-7-and-windows-server-2008-september-23-2019-84a8aad5-d8d9-2d5c-6d78-34f9aa5f8339
compile ofp over dpdk in vmware
1. get software
1 2 | git libtool automake build-essential pkg-config libssl-dev doxygen libconfig-dev libnuma-dev libpcap-dev net-tools ln -s /usr/bin/python3 /usr/bin/python |
2. compile dpdk
1 | git clone http://dpdk.org/git/dpdk-stable --branch 19.11 --depth 1 dpdk-19.11 |
run dpdk-19.11/usertools/dpdk-setup.sh
>>> select and run "x86_64-native-linuxapp-gcc"
>>> Exit Script
3. compile odp-dpdk
1 | git clone https://github.com/OpenDataPlane/odp-dpdk.git |
odp-dpdk/m4/odp_dpdk.m4
1 2 3 4 5 6 7 8 9 10 11 12 13 | # _ODP_DPDK_LEGACY(PATH, ACTION-IF-FOUND, ACTION-IF-NOT-FOUND) # ------------------------------------------------------------------------ # Locate DPDK installation AC_DEFUN([_ODP_DPDK_LEGACY], [dnl DPDK_CFLAGS="-isystem $1/include" DPDK_LIB_PATH="$1/lib" DPDK_LDFLAGS="-L$DPDK_LIB_PATH" AS_IF([test -r "$DPDK_LIB_PATH"/libdpdk.so], [dnl DPDK_RPATH="-Wl,-rpath,$DPDK_LIB_PATH" DPDK_RPATH_LT="-R$DPDK_LIB_PATH" DPDK_SHARED=yes], [test ! -r "$DPDK_LIB_PATH"/libdpdk.a], [dnl AC_MSG_FAILURE([Could not find DPDK])]) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | #!/bin/sh DPDK_PATH=/home/eu/work/dpdk/dpdk-19.11/x86_64-native-linuxapp-gcc cd odp-dpdk ./bootstrap #--enable-debug --enable-debug-print #--without-openssl ./configure --with-dpdk-path=${DPDK_PATH} \ --prefix=`pwd`/installed \ --enable-debug=full \ --enable-helper-debug \ --enable-debug-print \ --enable-helper-debug-print \ --disable-shared make install |
4. compile ofp
1 | git clone https://github.com/OpenFastPath/ofp.git |
1 2 3 4 5 6 7 8 9 10 11 12 13 | #!/bin/sh ODP_DPDK_PATH=`pwd`/odp-dpdk/installed cd ofp ./bootstrap ./configure --with-odp=${ODP_DPDK_PATH} \ --with-odp-lib=odp-dpdk \ --disable-shared \ --enable-debug=yes \ --enable-sp=no \ --prefix=`pwd`/installed make install |
5. setup dpdk
1 2 3 4 | cd dpdk-19.11/x86_64-native-linuxapp-gcc/kmod modprobe uio insmod igb_uio.ko ifconfig ens33 down |
run dpdk-19.11/usertools/dpdk-setup.sh
>>> select and run "Setup hugepage mappings for non-NUMA systems", enter 128
>>> select and run "Bind Ethernet/Baseband/Crypto device to IGB UIO module", will display like
0000:02:01.0 '82545EM Gigabit Ethernet Controller (Copper) 100f' if=ens33 drv=e1000 unused=igb_uio,vfio-pci
>>>>>> enter 02:01.0
>>> Exit Script
6. test
let the vmware guest machine use NAT.
use ipconfig check ip settings in host machine. for example, my ip for "VMware Network Adapter VMnet8" is 192.168.204.1.
ofp/example/webserver/ofp.cli
1 2 3 | debug 0 loglevel set debug ifconfig fp0 192.168.204.33/24 |
ofp/example/webserver/www/aa.txt
1 | Hello, the world! |
ofp/example/webserver/run.sh
1 2 | export www_dir=`pwd`/www ./webserver -i 0 -f ofp.cli |
using web browser access
1 | http://192.168.204.33:2048/aa.txt |
vmware linux共享文件夹未启动
1 2 3 | sudo dnf install open-vm-tools-desktop umount /mnt/hgfs sudo /usr/bin/vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other -o uid=1000 -o gid=1000 -o umask=022 |
如果还不行,比如更新内核后,就要重新安装open-vm-tools。
refer to:
https://blog.csdn.net/xcyja/article/details/117328301