pkg/hostagent: Detect the VM’s IP address on the same subnet as the host OS.

norio-nomura · norio-nomura · commit f22e9fa228da · 2025-10-10T17:40:39.000+09:00
Guest IP address will be detected in requirement process.

`hostagent.go`:
- Add fields to `HostAgent`
  - `guestIfnameOnSameSubnetAsHost string`
  - `guestIPAddress string`
- Add `HostAgent.WriteSSHConfigFile()` helper to write SSHConfigFile
- Add `HostAgent.sshAddressPort()` helper to provide ipAddress and port for SSH

`requirements.go`:
- Add `stdoutParser func(string) error` field to `requirement`
- Add `HostAgent.detectGuestIfnameOnSameSubnetAtHost()` to parse `ip -j neighbor` command output
- Add `HostAgent.detectGuestIPAddress()` to parse `ip -j addr` command output
- Add two requirements to `HostAgent.essentialRequirements()`
  - "detect guest interface on same subnet as the host"
  - "detect guest IP address"

Signed-off-by: Norio Nomura &lt;norio.nomura@gmail.com&gt;
diff --git a/pkg/hostagent/hostagent.go b/pkg/hostagent/hostagent.go
@@ -82,6 +82,12 @@ type HostAgent struct {
 
 	statusMu      sync.RWMutex
 	currentStatus events.Status
+
+	// Guest interface name on the same subnet as the host,
+	guestIfnameOnSameSubnetAsHost string
+	// Guest IP address on the same subnet as the host.
+	guestIPAddress   string
+	guestIPAddressMu sync.RWMutex
 }
 
 type options struct {
@@ -257,6 +263,27 @@ func New(ctx context.Context, instName string, stdout io.Writer, signalCh chan o
 	return a, nil
 }
 
+func (a *HostAgent) WriteSSHConfigFile(ctx context.Context) error {
+	sshExe, err := sshutil.NewSSHExe()
+	if err != nil {
+		return err
+	}
+	sshOpts, err := sshutil.SSHOpts(
+		ctx,
+		sshExe,
+		a.instDir,
+		*a.instConfig.User.Name,
+		*a.instConfig.SSH.LoadDotSSHPubKeys,
+		*a.instConfig.SSH.ForwardAgent,
+		*a.instConfig.SSH.ForwardX11,
+		*a.instConfig.SSH.ForwardX11Trusted)
+	if err != nil {
+		return err
+	}
+	sshAddress, sshPort := a.sshAddressPort()
+	return writeSSHConfigFile(sshExe.Exe, a.instName, a.instDir, sshAddress, sshPort, sshOpts)
+}
+
 func writeSSHConfigFile(sshPath, instName, instDir, instSSHAddress string, sshLocalPort int, sshOpts []string) error {
 	if instDir == "" {
 		return fmt.Errorf("directory is unknown for the instance %q", instName)
@@ -483,6 +510,19 @@ func (a *HostAgent) Info(_ context.Context) (*hostagentapi.Info, error) {
 	return info, nil
 }
 
+func (a *HostAgent) sshAddressPort() (string, int) {
+	a.guestIPAddressMu.RLock()
+	defer a.guestIPAddressMu.RUnlock()
+	sshAddress := a.instSSHAddress
+	sshPort := a.sshLocalPort
+	if a.guestIPAddress != "" {
+		sshAddress = a.guestIPAddress
+		sshPort = 22
+		logrus.Debugf("Using the guest IP address %q directly", sshAddress)
+	}
+	return sshAddress, sshPort
+}
+
 func (a *HostAgent) startHostAgentRoutines(ctx context.Context) error {
 	if *a.instConfig.Plain {
 		msg := "Running in plain mode. Mounts, dynamic port forwarding, containerd, etc. will be ignored. Guest agent will not be running."
@@ -496,7 +536,8 @@ func (a *HostAgent) startHostAgentRoutines(ctx context.Context) error {
 	}
 	a.cleanUp(func() error {
 		logrus.Debugf("shutting down the SSH master")
-		if exitMasterErr := ssh.ExitMaster(a.instSSHAddress, a.sshLocalPort, a.sshConfig); exitMasterErr != nil {
+		sshAddress, sshPort := a.sshAddressPort()
+		if exitMasterErr := ssh.ExitMaster(sshAddress, sshPort, a.sshConfig); exitMasterErr != nil {
 			logrus.WithError(exitMasterErr).Warn("failed to exit SSH master")
 		}
 		return nil
@@ -512,7 +553,8 @@ sudo mkdir -p -m 700 /run/host-services
 sudo ln -sf "${SSH_AUTH_SOCK}" /run/host-services/ssh-auth.sock
 sudo chown -R "${USER}" /run/host-services`
 		faDesc := "linking ssh auth socket to static location /run/host-services/ssh-auth.sock"
-		stdout, stderr, err := ssh.ExecuteScript(a.instSSHAddress, a.sshLocalPort, a.sshConfig, faScript, faDesc)
+		sshAddress, sshPort := a.sshAddressPort()
+		stdout, stderr, err := ssh.ExecuteScript(sshAddress, sshPort, a.sshConfig, faScript, faDesc)
 		logrus.Debugf("stdout=%q, stderr=%q, err=%v", stdout, stderr, err)
 		if err != nil {
 			errs = append(errs, fmt.Errorf("stdout=%q, stderr=%q: %w", stdout, stderr, err))
diff --git a/pkg/hostagent/requirements.go b/pkg/hostagent/requirements.go
@@ -4,8 +4,12 @@
 package hostagent
 
 import (
+	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"net"
+	"runtime"
 	"strings"
 	"time"
 
@@ -110,20 +114,25 @@ func (a *HostAgent) waitForRequirement(r requirement) error {
 			AdditionalArgs: sshutil.DisableControlMasterOptsFromSSHArgs(sshConfig.AdditionalArgs),
 		}
 	}
-	stdout, stderr, err := ssh.ExecuteScript(a.instSSHAddress, a.sshLocalPort, sshConfig, script, r.description)
+	sshAddress, sshPort := a.sshAddressPort()
+	stdout, stderr, err := ssh.ExecuteScript(sshAddress, sshPort, sshConfig, script, r.description)
 	logrus.Debugf("stdout=%q, stderr=%q, err=%v", stdout, stderr, err)
 	if err != nil {
 		return fmt.Errorf("stdout=%q, stderr=%q: %w", stdout, stderr, err)
 	}
+	if r.stdoutParser != nil {
+		return r.stdoutParser(stdout)
+	}
 	return nil
 }
 
 type requirement struct {
-	description string
-	script      string
-	debugHint   string
-	fatal       bool
-	noMaster    bool
+	description  string
+	script       string
+	debugHint    string
+	fatal        bool
+	noMaster     bool
+	stdoutParser func(string) error
 }
 
 func (a *HostAgent) essentialRequirements() []requirement {
@@ -139,7 +148,35 @@ Make sure that the YAML field "ssh.localPort" is not used by other processes on
 If any private key under ~/.ssh is protected with a passphrase, you need to have ssh-agent to be running.
 `,
 			noMaster: true,
-		})
+		},
+	)
+	if runtime.GOOS == "darwin" {
+		// Limit the Guest IP address detection only to macOS for now.
+		req = append(req,
+			requirement{
+				description: "detect guest interface on same subnet as the host",
+				script: `#!/bin/bash
+ip -j neighbor
+`,
+				debugHint: `Detecting the guest has interface in same subnet on the host.
+This is only supported on macOS for now.
+If the guest does not have interface in same subnet on the host, SSH connection against the guest OS will be made via the localhost port forwarding.`,
+				noMaster:     true,
+				stdoutParser: a.detectGuestIfnameOnSameSubnetAtHost,
+			},
+			requirement{
+				description: "detect guest IP address",
+				script: `#!/bin/bash
+ip -4 -j addr
+`,
+				debugHint: `Detecting the guest IP address on the interface in same subnet on the host.
+This is only supported on macOS for now.
+If the interface does not have IPv4 address, SSH connection against the guest OS will be made via the localhost port forwarding.`,
+				noMaster:     true,
+				stdoutParser: a.detectGuestIPAddress,
+			},
+		)
+	}
 	startControlMasterReq := requirement{
 		description: "Explicitly start ssh ControlMaster",
 		script: `#!/bin/bash
@@ -268,3 +305,67 @@ Check "/var/log/cloud-init-output.log" in the guest to see where the process is
 		})
 	return req
 }
+
+// detectGuestIfnameOnSameSubnetAtHost detects the guest interface name on the same subnet on the host
+// by comparing the MAC addresses of the host network interfaces and the output of "ip -j neighbor" command in the guest.
+func (a *HostAgent) detectGuestIfnameOnSameSubnetAtHost(stdout string) error {
+	var neighbors []struct {
+		DST    string `json:"dst"`
+		DEV    string `json:"dev"`
+		LLADDR string `json:"lladdr"`
+	}
+	if err := json.Unmarshal([]byte(stdout), &neighbors); err != nil {
+		return fmt.Errorf("failed to parse ip neighbor output %q: %w", stdout, err)
+	}
+	interfaces, err := net.Interfaces()
+	if err != nil {
+		return fmt.Errorf("failed to get network interfaces: %w", err)
+	}
+	for _, neighbor := range neighbors {
+		for _, ifi := range interfaces {
+			if ifi.HardwareAddr.String() == neighbor.LLADDR {
+				a.guestIPAddressMu.Lock()
+				a.guestIfnameOnSameSubnetAsHost = neighbor.DEV
+				a.guestIPAddressMu.Unlock()
+				logrus.Infof("Detected the guest has interface %q in same subnet on the host", a.guestIfnameOnSameSubnetAsHost)
+				return nil
+			}
+		}
+	}
+	logrus.Info("The guest does not have interface in same subnet on the host")
+	return nil
+}
+
+// detectGuestIPAddress detects the guest IP address on the interface in same subnet on the host
+// by parsing the output of "ip -j addr" command in the guest.
+func (a *HostAgent) detectGuestIPAddress(stdout string) error {
+	if a.guestIfnameOnSameSubnetAsHost == "" {
+		return nil
+	}
+	var addrs []struct {
+		IFNAME string `json:"ifname"`
+		ADDRS  []struct {
+			Family string `json:"family"`
+			Local  string `json:"local"`
+		} `json:"addr_info"`
+	}
+	if err := json.Unmarshal([]byte(stdout), &addrs); err != nil {
+		return fmt.Errorf("failed to parse ip addr output %q: %w", stdout, err)
+	}
+	for _, addr := range addrs {
+		if addr.IFNAME == a.guestIfnameOnSameSubnetAsHost {
+			for _, addr := range addr.ADDRS {
+				if addr.Family == "inet" {
+					a.guestIPAddressMu.Lock()
+					a.guestIPAddress = addr.Local
+					a.guestIPAddressMu.Unlock()
+					a.WriteSSHConfigFile(context.Background())
+					logrus.Infof("The guest IP address on the interface %q is %q", a.guestIfnameOnSameSubnetAsHost, addr.Local)
+					return nil
+				}
+			}
+		}
+	}
+	logrus.Infof("The interface %q does not have IPv4 address", a.guestIfnameOnSameSubnetAsHost)
+	return nil
+}
