pkg/hostagent: Detect the VM’s IP address on the same subnet as the host OS.

norio-nomura · norio-nomura · commit 9fd0a86655c5 · 2025-10-29T15:40:02.000+09:00
Guest IP address will be detected in requirement process.

`hostagent.go`:
- Add fields to `HostAgent`
  - `guestIfnameOnSameSubnetAsHost string`
  - `guestIPv4 net.IP`
  - `guestIPv6 net.IP`
- Add methods `GuestIP()`, `GuestIPv4()`, and `GuestIPv6()` to `HostAgent`
- Add `HostAgent.WriteSSHConfigFile()` helper to write SSHConfigFile
- Add `HostAgent.sshAddressPort()` helper to provide ipAddress and port for SSH

`requirements.go`:
- Add `stdoutParser func(string) error` field to `requirement`
- Add `HostAgent.detectGuestIfnameOnSameSubnetAtHost()` to parse `ip -j neighbor` command output
- Add `HostAgent.detectGuestIPAddress()` to parse `ip -j addr` command output
- Add two requirements to `HostAgent.essentialRequirements()`
  - "detect guest interface on same subnet as the host"
  - "detect guest IPv4 address"
  - "detect guest IPv6 address"

Signed-off-by: Norio Nomura &lt;norio.nomura@gmail.com&gt;

# Conflicts:
#	pkg/hostagent/hostagent.go

pkg/hostagent: Remove `HostAgent.detectGuestIfnameOnSameSubnetAtHost()`

Signed-off-by: Norio Nomura &lt;norio.nomura@gmail.com&gt;
diff --git a/pkg/hostagent/hostagent.go b/pkg/hostagent/hostagent.go
@@ -82,6 +82,11 @@ type HostAgent struct {
 
 	statusMu      sync.RWMutex
 	currentStatus events.Status
+
+	// Guest IP address on the same subnet as the host.
+	guestIPv4 net.IP
+	guestIPv6 net.IP
+	guestIPMu sync.RWMutex
 }
 
 type options struct {
@@ -257,6 +262,27 @@ func New(ctx context.Context, instName string, stdout io.Writer, signalCh chan o
 	return a, nil
 }
 
+func (a *HostAgent) WriteSSHConfigFile(ctx context.Context) error {
+	sshExe, err := sshutil.NewSSHExe()
+	if err != nil {
+		return err
+	}
+	sshOpts, err := sshutil.SSHOpts(
+		ctx,
+		sshExe,
+		a.instDir,
+		*a.instConfig.User.Name,
+		*a.instConfig.SSH.LoadDotSSHPubKeys,
+		*a.instConfig.SSH.ForwardAgent,
+		*a.instConfig.SSH.ForwardX11,
+		*a.instConfig.SSH.ForwardX11Trusted)
+	if err != nil {
+		return err
+	}
+	sshAddress, sshPort := a.sshAddressPort()
+	return writeSSHConfigFile(sshExe.Exe, a.instName, a.instDir, sshAddress, sshPort, sshOpts)
+}
+
 func writeSSHConfigFile(sshPath, instName, instDir, instSSHAddress string, sshLocalPort int, sshOpts []string) error {
 	if instDir == "" {
 		return fmt.Errorf("directory is unknown for the instance %q", instName)
@@ -476,6 +502,19 @@ func (a *HostAgent) startRoutinesAndWait(ctx context.Context, errCh <-chan error
 	return a.driver.Stop(ctx)
 }
 
+// GuestIP returns the guest's IPv4 address if available; otherwise the IPv6 address.
+// It returns nil if the guest is not reachable by a direct IP.
+func (a *HostAgent) GuestIP() net.IP {
+	a.guestIPMu.RLock()
+	defer a.guestIPMu.RUnlock()
+	if a.guestIPv4 != nil {
+		return a.guestIPv4
+	} else if a.guestIPv6 != nil {
+		return a.guestIPv6
+	}
+	return nil
+}
+
 func (a *HostAgent) Info(_ context.Context) (*hostagentapi.Info, error) {
 	info := &hostagentapi.Info{
 		SSHLocalPort: a.sshLocalPort,
@@ -486,6 +525,12 @@ func (a *HostAgent) Info(_ context.Context) (*hostagentapi.Info, error) {
 func (a *HostAgent) sshAddressPort() (sshAddress string, sshPort int) {
 	sshAddress = a.instSSHAddress
 	sshPort = a.sshLocalPort
+	guestIP := a.GuestIP()
+	if guestIP != nil {
+		sshAddress = guestIP.String()
+		sshPort = 22
+		logrus.Debugf("Using the guest IP address %q directly", sshAddress)
+	}
 	return sshAddress, sshPort
 }
 
@@ -502,7 +547,8 @@ func (a *HostAgent) startHostAgentRoutines(ctx context.Context) error {
 	}
 	a.cleanUp(func() error {
 		logrus.Debugf("shutting down the SSH master")
-		if exitMasterErr := ssh.ExitMaster(a.instSSHAddress, a.sshLocalPort, a.sshConfig); exitMasterErr != nil {
+		sshAddress, sshPort := a.sshAddressPort()
+		if exitMasterErr := ssh.ExitMaster(sshAddress, sshPort, a.sshConfig); exitMasterErr != nil {
 			logrus.WithError(exitMasterErr).Warn("failed to exit SSH master")
 		}
 		return nil
@@ -518,7 +564,8 @@ sudo mkdir -p -m 700 /run/host-services
 sudo ln -sf "${SSH_AUTH_SOCK}" /run/host-services/ssh-auth.sock
 sudo chown -R "${USER}" /run/host-services`
 		faDesc := "linking ssh auth socket to static location /run/host-services/ssh-auth.sock"
-		stdout, stderr, err := ssh.ExecuteScript(a.instSSHAddress, a.sshLocalPort, a.sshConfig, faScript, faDesc)
+		sshAddress, sshPort := a.sshAddressPort()
+		stdout, stderr, err := ssh.ExecuteScript(sshAddress, sshPort, a.sshConfig, faScript, faDesc)
 		logrus.Debugf("stdout=%q, stderr=%q, err=%v", stdout, stderr, err)
 		if err != nil {
 			errs = append(errs, fmt.Errorf("stdout=%q, stderr=%q: %w", stdout, stderr, err))
diff --git a/pkg/hostagent/requirements.go b/pkg/hostagent/requirements.go
@@ -4,8 +4,12 @@
 package hostagent
 
 import (
+	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"net"
+	"runtime"
 	"strings"
 	"time"
 
@@ -110,20 +114,25 @@ func (a *HostAgent) waitForRequirement(r requirement) error {
 			AdditionalArgs: sshutil.DisableControlMasterOptsFromSSHArgs(sshConfig.AdditionalArgs),
 		}
 	}
-	stdout, stderr, err := ssh.ExecuteScript(a.instSSHAddress, a.sshLocalPort, sshConfig, script, r.description)
+	sshAddress, sshPort := a.sshAddressPort()
+	stdout, stderr, err := ssh.ExecuteScript(sshAddress, sshPort, sshConfig, script, r.description)
 	logrus.Debugf("stdout=%q, stderr=%q, err=%v", stdout, stderr, err)
 	if err != nil {
 		return fmt.Errorf("stdout=%q, stderr=%q: %w", stdout, stderr, err)
 	}
+	if r.stdoutParser != nil {
+		return r.stdoutParser(stdout)
+	}
 	return nil
 }
 
 type requirement struct {
-	description string
-	script      string
-	debugHint   string
-	fatal       bool
-	noMaster    bool
+	description  string
+	script       string
+	debugHint    string
+	fatal        bool
+	noMaster     bool
+	stdoutParser func(string) error
 }
 
 func (a *HostAgent) essentialRequirements() []requirement {
@@ -139,7 +148,24 @@ Make sure that the YAML field "ssh.localPort" is not used by other processes on
 If any private key under ~/.ssh is protected with a passphrase, you need to have ssh-agent to be running.
 `,
 			noMaster: true,
-		})
+		},
+	)
+	if runtime.GOOS == "darwin" {
+		// Limit the Guest IP address detection only to macOS for now.
+		req = append(req,
+			requirement{
+				description: "detect guest IP address",
+				script: `#!/bin/bash
+ip -j addr
+`,
+				debugHint: `Detecting the guest IP address on the interface in same subnet on the host.
+This is only supported on macOS for now.
+If the interface does not have IPv4 address, SSH connection against the guest OS will be made via the localhost port forwarding.`,
+				noMaster:     true,
+				stdoutParser: a.detectGuestIPAddress,
+			},
+		)
+	}
 	startControlMasterReq := requirement{
 		description: "Explicitly start ssh ControlMaster",
 		script: `#!/bin/bash
@@ -268,3 +294,81 @@ Check "/var/log/cloud-init-output.log" in the guest to see where the process is
 		})
 	return req
 }
+
+// detectGuestIPAddress detects the guest IP address on the interface in same subnet on the host
+// by parsing the output of "ip -j addr" command in the guest.
+func (a *HostAgent) detectGuestIPAddress(stdout string) error {
+	var guestIfs []struct {
+		IFNAME string `json:"ifname"`
+		ADDRS  []struct {
+			Family string `json:"family"`
+			Local  net.IP `json:"local"`
+			Scope  string `json:"scope"`
+		} `json:"addr_info"`
+	}
+	if err := json.Unmarshal([]byte(stdout), &guestIfs); err != nil {
+		return fmt.Errorf("failed to parse ip addr output %q: %w", stdout, err)
+	}
+	var (
+		guestIPv4 net.IP
+		guestIPv6 net.IP
+	)
+	hostIfs, err := net.Interfaces()
+	if err != nil {
+		return fmt.Errorf("failed to get network interfaces: %w", err)
+	}
+	for _, hostIf := range hostIfs {
+		if hostIf.Flags&net.FlagUp == 0 {
+			continue
+		}
+		hostAddrs, err := hostIf.Addrs()
+		if err != nil {
+			return fmt.Errorf("failed to get addresses for interface %q: %w", hostIf.Name, err)
+		}
+		for _, hostAddr := range hostAddrs {
+			hostIPNet, ok := hostAddr.(*net.IPNet)
+			if !ok {
+				continue
+			}
+			for _, guestIf := range guestIfs {
+				if hostIPv4 := hostIPNet.IP.To4(); hostIPv4 != nil {
+					for _, guestAddr := range guestIf.ADDRS {
+						if guestAddr.Scope != "global" {
+							continue
+						} else if guestAddr.Family != "inet" {
+							continue
+						} else if hostIPNet.Contains(guestAddr.Local) {
+							guestIPv4 = guestAddr.Local
+						}
+					}
+				} else if hostIPv6 := hostIPNet.IP.To16(); hostIPv6 != nil {
+					for _, guestAddr := range guestIf.ADDRS {
+						if guestAddr.Scope != "global" {
+							continue
+						} else if guestAddr.Family != "inet6" {
+							continue
+						} else if hostIPNet.Contains(guestAddr.Local) {
+							guestIPv6 = guestAddr.Local
+						}
+					}
+				}
+			}
+		}
+	}
+	if guestIPv4 == nil && guestIPv6 == nil {
+		logrus.Infof("The guest IPv4/IPv6 address is not found")
+		return nil
+	}
+	if guestIPv4 != nil {
+		logrus.Infof("The guest IPv4 address is %q", guestIPv4)
+	}
+	if guestIPv6 != nil {
+		logrus.Infof("The guest IPv6 address is %q", guestIPv6)
+	}
+	a.guestIPMu.Lock()
+	a.guestIPv4 = guestIPv4
+	a.guestIPv6 = guestIPv6
+	a.guestIPMu.Unlock()
+	ctx := context.Background()
+	return a.WriteSSHConfigFile(ctx)
+}
