linux/kernel/user mode VM
Overview
This section is inteneded to help users interested in developping linux kernel modules to setup an UML VM to debug it during devlopmement phase.
Please note that this page will focus in configuring a VM running on a debian distribution based host.
Installation
First of all you need to install the package user-mode-linux
apt-get install user-mode-linux
Then you need the package uml-utilities
apt-get install uml-utilities
Configuration
File System Image
The easiest way to do that is to download an already build image
wget ftp://ftp.freepascal.org/<some path>/fsroot.img.bz2
Then you need to decompress it
bunzip2 fsroot.img.bz2
Please note that this is really a minimal installation, including the fp-compiler and aptitude packages. The lattest will allow you installing any package you want providing you setup your network correctly.
The provided root file system image has already VM part networking configured, so you need just to configure the host part as described in next section.
Networking
In order to setup networking you need to configure a tap interface
cat - > /etc/network/interfaces # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # In this configuration example we will setup two physical networking # cards eth0 and eth1. The first card, eth0, will be automatically # configured at host starting up, while the second one will be configured # on manual demand using "ifup eth1". # We will also configure a virtual networking card tap0 which will be # configured at system startup too. auto lo eth0 tap0
# The loopback interface iface lo inet loopback iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.1 iface eth1 inet static address 192.168.2.1 netmask 255.255.255.0 network 192.168.2.0 iface tap0 inet static address 192.168.3.1 netmask 255.255.255.0 network 192.168.3.0 tunctl_user uml-net uml_proxy_arp 192.168.3.2 uml_proxy_ether eth0
In addition to this networking configuration, you need to instruct your kernel to forward IP packets
cat - > /etc/sysctl.conf # # /etc/sysctl.conf - Configuration file for setting system variables # See sysctl.conf (5) for information. # #kernel.domainname = example.com #net/ipv4/icmp_echo_ignore_broadcasts=1 # Uncomment the following to stop low-level messages on console #kernel.printk = 4 4 1 7 ##############################################################3 # Functions previously found in netbase # # Uncomment the next two lines to enable Spoof protection (reverse-path filter) # Turn on Source Address Verification in all interfaces to # prevent some spoofing attacks #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 # Uncomment the next line to enable TCP/IP SYN cookies #net.ipv4.tcp_syncookies=1 # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 #net.ipv6.ip_forward=1 ################################################################### # Additional settings - these settings can improve the network # security of the host and prevent against some network attacks # including spoofing attacks and man in the middle attacks through # redirection. Some network environments, however, require that these # settings are disabled so review and enable them as needed. # # Ignore ICMP broadcasts #net/ipv4/icmp_echo_ignore_broadcasts = 1 # # Ignore bogus ICMP errors #net/ipv4/icmp_ignore_bogus_error_responses = 1 # # Do not accept ICMP redirects (prevent MITM attacks) #net/ipv4/conf/all/accept_redirects = 0 # _or_ # Accept ICMP redirects only for gateways listed in our default # gateway list (enabled by default) # net/ipv4/conf/all/secure_redirects = 1 # # Do not send ICMP redirects (we are not a router) #net/ipv4/conf/all/send_redirects = 0 # # Do not accept IP source route packets (we are not a router) #net/ipv4/conf/all/accept_source_route = 0 # # Enable TCP Syn Cookies #net/ipv4/tcp_syncookies = 1 # # Log Martian Packets #net/ipv4/conf/all/log_martians = 1 # # Always defragment packets #net/ipv4/ip_always_defrag = 1
--Mazen 23:52, 16 October 2007 (CEST)