feat: add VmnetNetworkDeviceAttachment support (macOS 26.0)

`VmnetNetworkDeviceAttachment` does not require the `com.apple.vm.networking` entitlement nor root privileges.
`HostMode` and `SharedMode` are supported.
In order for multiple VMs to communicate with each other in SharedMode, they must be started in the same process and the same `VmnetNetwork` must be passed to `NewVmnetNetworkDeviceAttachment()` to create an attachment.

Add:
- `VmnetReturn`:
  - `ErrVmnetSuccess`
  - ...
- `VmnetMode`:
  - `HostMode`
  - `SharedMode`
  - `BridgedMode`(definition only since not supported. marked as deprecated)
- `VmnetNetworkConfiguration`: `NewVmnetNetworkConfiguration()`, 　
  The use of the instance method group is still unknown. Setting subnet seems to trigger disabling DHCP, etc.
- `VmnetNetwork`: `NewVmnetNetwork()`, some APIs which using `xpc_object_t` are not implemented.
- `VmnetNetworkDeviceAttachment`: `NewVmnetNetworkDeviceAttachment()`

see: https://developer.apple.com/documentation/virtualization/vzvmnetnetworkdeviceattachment?language=objc

Author: norio-nomura

go.mod

@@ -8,4 +8,4 @@ require (
 	golang.org/x/mod v0.22.0
 )
 
-require golang.org/x/sys v0.36.0 // indirect
+require golang.org/x/sys v0.36.0

network.go

@@ -2,9 +2,10 @@ package vz
 
 /*
 #cgo darwin CFLAGS: -mmacosx-version-min=11 -x objective-c -fno-objc-arc
-#cgo darwin LDFLAGS: -lobjc -framework Foundation -framework Virtualization
+#cgo darwin LDFLAGS: -lobjc -framework Foundation -framework Virtualization -framework vmnet
 # include "virtualization_11.h"
 # include "virtualization_13.h"
+# include "virtualization_26.h"
 */
 import "C"
 import (
@@ -260,6 +261,55 @@ func (f *FileHandleNetworkDeviceAttachment) MaximumTransmissionUnit() int {
 	return f.mtu
 }
 
+// VmnetNetworkDeviceAttachment represents a vmnet network device attachment.
+//
+// This attachment is used to connect a virtual machine to a vmnet network.
+// The attachment is created with a VmnetNetwork and can be used with a VirtioNetworkDeviceConfiguration.
+// see: https://developer.apple.com/documentation/virtualization/vzvmnetnetworkdeviceattachment?language=objc
+//
+// This is only supported on macOS 26 and newer, error will
+// be returned on older versions.
+type VmnetNetworkDeviceAttachment struct {
+	*pointer
+
+	*baseNetworkDeviceAttachment
+}
+
+func (*VmnetNetworkDeviceAttachment) String() string {
+	return "VmnetNetworkDeviceAttachment"
+}
+
+func (v *VmnetNetworkDeviceAttachment) Network() VmnetNetwork {
+	network := C.VZVmnetNetworkDeviceAttachment_network(objc.Ptr(v))
+	return &baseVmnetNetwork{
+		pointer: objc.NewPointer(network),
+	}
+}
+
+var _ NetworkDeviceAttachment = (*VmnetNetworkDeviceAttachment)(nil)
+
+// NewVmnetNetworkDeviceAttachment creates a new VmnetNetworkDeviceAttachment with network.
+//
+// This is only supported on macOS 26 and newer, error will
+// be returned on older versions.
+func NewVmnetNetworkDeviceAttachment(network VmnetNetwork) (*VmnetNetworkDeviceAttachment, error) {
+	if err := macOSAvailable(26); err != nil {
+		return nil, err
+	}
+
+	attachment := &VmnetNetworkDeviceAttachment{
+		pointer: objc.NewPointer(
+			C.newVZVmnetNetworkDeviceAttachment(
+				objc.Ptr(network),
+			),
+		),
+	}
+	objc.SetFinalizer(attachment, func(self *VmnetNetworkDeviceAttachment) {
+		objc.Release(self)
+	})
+	return attachment, nil
+}
+
 // NetworkDeviceAttachment for a network device attachment.
 // see: https://developer.apple.com/documentation/virtualization/vznetworkdeviceattachment?language=objc
 type NetworkDeviceAttachment interface {
@@ -373,6 +423,10 @@ func (m *MACAddress) String() string {
 	return cstring.String()
 }
 
+func (m *MACAddress) EthernetAddress() C.ether_addr_t {
+	return C.getVZMACAddressEthernetAddress(objc.Ptr(m))
+}
+
 func (m *MACAddress) HardwareAddr() net.HardwareAddr {
 	hw, _ := net.ParseMAC(m.String())
 	return hw

virtualization_11.h

@@ -105,6 +105,7 @@ void *newVZVirtioSocketDeviceConfiguration();
 void *newVZMACAddress(const char *macAddress);
 void *newRandomLocallyAdministeredVZMACAddress();
 const char *getVZMACAddressString(void *macAddress);
+ether_addr_t getVZMACAddressEthernetAddress(void *macAddress);
 void *newVZVirtioSocketListener(uintptr_t cgoHandle);
 void *VZVirtualMachine_socketDevices(void *machine);
 void VZVirtioSocketDevice_setSocketListenerForPort(void *socketDevice, void *vmQueue, void *listener, uint32_t port);

virtualization_11.m

@@ -881,6 +881,18 @@ VZVirtioSocketConnectionFlat convertVZVirtioSocketConnection2Flat(void *connecti
     RAISE_UNSUPPORTED_MACOS_EXCEPTION();
 }
 
+/*!
+ @abstract The address represented as an ether_addr_t.
+ */
+ether_addr_t getVZMACAddressEthernetAddress(void *macAddress)
+{
+    if (@available(macOS 11, *)) {
+        return [(VZMACAddress *)macAddress ethernetAddress];
+    }
+
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
 /*!
  @abstract Create a valid, random, unicast, locally administered address.
  @discussion The generated address is not guaranteed to be unique.

virtualization_26.h

@@ -0,0 +1,40 @@
+//
+//  virtualization_26.h
+//
+//  Created by codehex.
+//
+
+#pragma once
+
+// FIXME(codehex): this is dirty hack to avoid clang-format error like below
+// "Configuration file(s) do(es) not support C++: /github.com/Code-Hex/vz/.clang-format"
+#define NSURLComponents NSURLComponents
+
+#import "virtualization_helper.h"
+#import <Virtualization/Virtualization.h>
+#import <vmnet/vmnet.h>
+
+/* exported from cgo */
+
+/* macOS 26 API */
+// VZVmnetNetworkConfiguration
+void *newVZVmnetNetworkConfiguration(uint32_t mode, uint32_t *status);
+uint32_t VZVmnetNetworkConfiguration_setExternalInterface(void *config, const char *ifname);
+void VZVmnetNetworkConfiguration_disableNat44(void *config);
+void VZVmnetNetworkConfiguration_disableNat66(void *config);
+void VZVmnetNetworkConfiguration_disableDhcp(void *config);
+void VZVmnetNetworkConfiguration_disableDnsProxy(void *config);
+void VZVmnetNetworkConfiguration_disableRouterAdvertisement(void *config);
+uint32_t VZVmnetNetworkConfiguration_setIPv4Subnet(void *config, struct in_addr const *subnet_addr, struct in_addr const *subnet_mask);
+uint32_t VZVmnetNetworkConfiguration_setIPv6Prefix(void *config, struct in6_addr const *prefix, uint8_t prefix_len);
+uint32_t VZVmnetNetworkConfiguration_addPortForwardingRule(void *config, uint8_t protocol, sa_family_t address_family, uint16_t internal_port, uint16_t external_port, void const *internal_address);
+uint32_t VZVmnetNetworkConfiguration_addDhcpReservation(void *config, ether_addr_t const *client, struct in_addr const *reservation);
+uint32_t VZVmnetNetworkConfiguration_setMtu(void *config, uint32_t mtu);
+// vmnet_network
+void *newVZVmnetNetwork(void *config, uint32_t *status);
+// VZVmnetNetworkDeviceAttachment
+void *newVZVmnetNetworkDeviceAttachment(void *network);
+void *VZVmnetNetworkDeviceAttachment_network(void *attachment);
+// vmnet_network get subnet
+void VZVmnetNetwork_getIPv6Prefix(void *network, struct in6_addr *prefix, uint8_t *prefix_len);
+void VZVmnetNetwork_getIPv4Subnet(void *network, struct in_addr *subnet, struct in_addr *mask);

virtualization_26.m

@@ -0,0 +1,187 @@
+//
+//  virtualization_11.m
+//
+//  Created by codehex.
+//
+
+#import "virtualization_26.h"
+
+// VZVmnetNetworkConfiguration
+void *newVZVmnetNetworkConfiguration(uint32_t mode, uint32_t *status)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_create(mode, status);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+uint32_t VZVmnetNetworkConfiguration_setExternalInterface(void *config, const char *ifname)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_set_external_interface((vmnet_network_configuration_ref)config, ifname);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+void VZVmnetNetworkConfiguration_disableNat44(void *config)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_configuration_disable_nat44((vmnet_network_configuration_ref)config);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+void VZVmnetNetworkConfiguration_disableNat66(void *config)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_configuration_disable_nat66((vmnet_network_configuration_ref)config);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+void VZVmnetNetworkConfiguration_disableDhcp(void *config)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_configuration_disable_dhcp((vmnet_network_configuration_ref)config);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+void VZVmnetNetworkConfiguration_disableDnsProxy(void *config)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_configuration_disable_dns_proxy((vmnet_network_configuration_ref)config);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+void VZVmnetNetworkConfiguration_disableRouterAdvertisement(void *config)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_configuration_disable_router_advertisement((vmnet_network_configuration_ref)config);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+uint32_t VZVmnetNetworkConfiguration_setIPv4Subnet(void *config, struct in_addr const *subnet_addr, struct in_addr const *subnet_mask)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_set_ipv4_subnet((vmnet_network_configuration_ref)config, subnet_addr, subnet_mask);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+uint32_t VZVmnetNetworkConfiguration_setIPv6Prefix(void *config, struct in6_addr const *prefix, uint8_t prefix_len)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_set_ipv6_prefix((vmnet_network_configuration_ref)config, prefix, prefix_len);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+uint32_t VZVmnetNetworkConfiguration_addPortForwardingRule(void *config, uint8_t protocol, sa_family_t address_family, uint16_t internal_port, uint16_t external_port, void const *internal_address)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_add_port_forwarding_rule((vmnet_network_configuration_ref)config, protocol, address_family, internal_port, external_port, internal_address);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+uint32_t VZVmnetNetworkConfiguration_addDhcpReservation(void *config, ether_addr_t const *client, struct in_addr const *reservation)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_add_dhcp_reservation((vmnet_network_configuration_ref)config, client, reservation);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+uint32_t VZVmnetNetworkConfiguration_setMtu(void *config, uint32_t mtu)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_configuration_set_mtu((vmnet_network_configuration_ref)config, mtu);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+// vmnet_network
+void *newVZVmnetNetwork(void *config, uint32_t *status)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return vmnet_network_create((vmnet_network_configuration_ref)config, status);
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+// VZVmnetNetworkDeviceAttachment
+void *newVZVmnetNetworkDeviceAttachment(void *network)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return [[VZVmnetNetworkDeviceAttachment alloc] initWithNetwork:network];
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+void *VZVmnetNetworkDeviceAttachment_network(void *attachment)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        return [(VZVmnetNetworkDeviceAttachment *)attachment network];
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+
+// vmnet_network get subnet
+void VZVmnetNetwork_getIPv6Prefix(void *network, struct in6_addr *prefix, uint8_t *prefix_len)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_get_ipv6_prefix((vmnet_network_ref)network, prefix, prefix_len);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}
+void VZVmnetNetwork_getIPv4Subnet(void *network, struct in_addr *subnet, struct in_addr *mask)
+{
+#ifdef INCLUDE_TARGET_OSX_26
+    if (@available(macOS 26, *)) {
+        vmnet_network_get_ipv4_subnet((vmnet_network_ref)network, subnet, mask);
+        return;
+    }
+#endif
+    RAISE_UNSUPPORTED_MACOS_EXCEPTION();
+}

virtualization_helper.h

@@ -46,6 +46,13 @@ NSDictionary *dumpProcessinfo();
 #pragma message("macOS 15 API has been disabled")
 #endif
 
+// for macOS 26 API
+#if __MAC_OS_X_VERSION_MAX_ALLOWED >= 260000
+#define INCLUDE_TARGET_OSX_26 1
+#else
+#pragma message("macOS 26 API has been disabled")
+#endif
+
 static inline int mac_os_x_version_max_allowed()
 {
 #ifdef __MAC_OS_X_VERSION_MAX_ALLOWED