Programmatic IP Discovery for VZVirtualMachine in an App Store Sandbox

I want to make sure I understand your requirements here. You don’t expect to be running any helper code within the guest, right? So you want to discover the IP address (well, addresses) that the guest OS assigned to the shared interface without any cooperation from the guest?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

i [want] to determine ip address of guest os without any cooperation from guest.

Thanks for confirming that.

This is a fundamentally tricky problem to solve, at least in the general case. The guest chooses how it’s going to assign IP addresses to an interface, and the host has no direct control over that choice.

However, there may be an indirect way to do this:

• Virtualization framework lets you create a network that’s backed by a vmnet network (VZVmnetNetworkDeviceAttachment).
• vmnet framework lets your configure a network with a specific DHCP mapping (vmnet_network_configuration_add_dhcp_reservation).

There are some significant caveats:

• The guest must default to using DHCP.
• You can’t support bridged mode (VMNET_BRIDGED_MODE), because in bridged mode the guest isn’t talking to the vmnet DHCP server.
• This is all new in macOS 26.

But otherwise I think it’ll work. So please try it out and let me know how you get along.

ps It’s better to reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for the reply. Is there any example with code on how to do this?

never mind i managed to get the sample code from apple container github repository. now i can reserve a pool of ip address and assign ip address to guest from that. thanks for the heads up. it seem to be that VZVmnetNetworkDeviceAttachment is only avaialble for mac os 26 how can accomplist this with 14 and 15. any idea?

And aslo after doing this i would like to do the port forwarding. Any idea how can i accomplish this.

my code looks likes this

import Virtualization
import vmnet
import Darwin

@available(macOS 26.0, *)
public class SharedVMNetManager {
    
    public static let shared = SharedVMNetManager()
    
    private var activeNetwork: vmnet_network_ref?
    private var activeConfig: vmnet_network_configuration_ref?
    
    // Track which MACs we have already told the kernel about
    private var registeredMacs: Set<String> = []
    private let lock = NSLock()
    
    private init() {}
    
    public func getAttachment(macAddress: String, reservedIP: String) -> VZVmnetNetworkDeviceAttachment? {
        lock.lock()
        defer { lock.unlock() }
        
        var status: vmnet_return_t = .VMNET_SUCCESS
        
        // 1. Check if we've already initialized the hardware switch
        if let config = activeConfig, let network = activeNetwork {
            // ONLY add the reservation if we haven't done it for this MAC yet
            if !registeredMacs.contains(macAddress) {
                addReservation(to: config, mac: macAddress, ip: reservedIP)
                registeredMacs.insert(macAddress)
            }
            return VZVmnetNetworkDeviceAttachment(network: network)
        }
        
        // 2. First-time initialization
        let mode: vmnet.operating_modes_t = .VMNET_SHARED_MODE
        guard let config = vmnet_network_configuration_create(mode, &status),
              status == .VMNET_SUCCESS else { return nil }
        
        // Define Subnet
        var subnet = in_addr(), mask = in_addr()
        inet_pton(AF_INET, "192.168.142.1", &subnet)
        inet_pton(AF_INET, "255.255.255.0", &mask)
        vmnet_network_configuration_set_ipv4_subnet(config, &subnet, &mask)
        
        // Define the Pool (Make sure your reserved IP is INSIDE this range)
        /*var start = in_addr(), end = in_addr()
        inet_pton(AF_INET, "192.168.142.10", &start)
        inet_pton(AF_INET, "192.168.142.50", &end)
        vmnet_network_configuration_set_ipv4_pool(config, &start, &end)*/

        // 3. Register the first MAC before the network starts
        addReservation(to: config, mac: macAddress, ip: reservedIP)
        registeredMacs.insert(macAddress)
        
        // 4. Commit and Create Network
        guard let network = vmnet_network_create(config, &status),
              status == .VMNET_SUCCESS else { return nil }
        
        self.activeConfig = config
        self.activeNetwork = network
        
        return VZVmnetNetworkDeviceAttachment(network: network)
    }
    
    private func addReservation(to config: vmnet_network_configuration_ref, mac: String, ip: String) {
        var macAddr = ether_addr()
        guard let macPtr = ether_aton(mac) else { return }
        macAddr = macPtr.pointee
        
        var ipAddr = in_addr()
        inet_pton(AF_INET, ip, &ipAddr)
        
        // This tells the kernel's DHCP server: "If you see this MAC, give it this IP"
       let status = vmnet_network_configuration_add_dhcp_reservation(config, &macAddr, &ipAddr)
        
        if status != .VMNET_SUCCESS {
            print("dhcp faliure \(status.rawValue)")
        }
    }
}

For the first virtual machine the ip address is getting reserved but from second vm onwards ip is not getting reserved it gets from dhcp server. this makes me not able to assign ip address to second virtual machine onwards thus we cant determine the ipadddress of second vm onwards. is there a way we can ask vmnet to refresh the config. is it possible? Or the only way is to create the network config with all the ip address on start of the app and take it from there. what if the user creates a new vm. how to handle this kind of situation. thanks in advance