47ec4e60ad
When the mcp-br0 bridge exists, the agent runs unikernels on it instead of QEMU user-mode networking: each VM gets a TAP device on the bridge and a static 10.99.0.0/24 IP (baked into the Nanos image via ops RunConfig). With the host firewall dropping off-bridge VM traffic and no NAT, a VM can reach only the gateway -- making mc-proxy mediation mandatory by topology rather than convention. - runtime/qemu.go: bridge mode (createTAP/destroyTAP, IP allocator, deterministic MAC, static-IP ops config, VMAddr for proxy backends). - agent auto-enables bridge mode when /sys/class/net/mcp-br0 exists. Verified on straylight: uktest unikernel boots on mcp-br0 at 10.99.0.2, serves via the gateway, TAP enslaved to the bridge; bridge has no uplink and off-bridge forwarding is dropped. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
5.5 KiB
5.5 KiB