1HXCOMM Use DEFHEADING() to define headings in both help text and texi 2HXCOMM Text between STEXI and ETEXI are copied to texi version and 3HXCOMM discarded from C version 4HXCOMM DEF(option, HAS_ARG/0, opt_enum, opt_help, arch_mask) is used to 5HXCOMM construct option structures, enums and help message for specified 6HXCOMM architectures. 7HXCOMM HXCOMM can be used for comments, discarded from both texi and C 8 9DEFHEADING(Standard options:) 10STEXI 11@table @option 12ETEXI 13 14DEF("help", 0, QEMU_OPTION_h, 15 "-h or -help display this help and exit\n", QEMU_ARCH_ALL) 16STEXI 17@item -h 18@findex -h 19Display help and exit 20ETEXI 21 22DEF("version", 0, QEMU_OPTION_version, 23 "-version display version information and exit\n", QEMU_ARCH_ALL) 24STEXI 25@item -version 26@findex -version 27Display version information and exit 28ETEXI 29 30DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ 31 "-machine [type=]name[,prop[=value][,...]]\n" 32 " selects emulated machine ('-machine help' for list)\n" 33 " property accel=accel1[:accel2[:...]] selects accelerator\n" 34 " supported accelerators are kvm, xen, hax, hvf, whpx or tcg (default: tcg)\n" 35 " kernel_irqchip=on|off|split controls accelerated irqchip support (default=off)\n" 36 " vmport=on|off|auto controls emulation of vmport (default: auto)\n" 37 " kvm_shadow_mem=size of KVM shadow MMU in bytes\n" 38 " dump-guest-core=on|off include guest memory in a core dump (default=on)\n" 39 " mem-merge=on|off controls memory merge support (default: on)\n" 40 " igd-passthru=on|off controls IGD GFX passthrough support (default=off)\n" 41 " aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n" 42 " dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n" 43 " suppress-vmdesc=on|off disables self-describing migration (default=off)\n" 44 " nvdimm=on|off controls NVDIMM support (default=off)\n" 45 " enforce-config-section=on|off enforce configuration section migration (default=off)\n" 46 " memory-encryption=@var{} memory encryption object to use (default=none)\n", 47 QEMU_ARCH_ALL) 48STEXI 49@item -machine [type=]@var{name}[,prop=@var{value}[,...]] 50@findex -machine 51Select the emulated machine by @var{name}. Use @code{-machine help} to list 52available machines. 53 54For architectures which aim to support live migration compatibility 55across releases, each release will introduce a new versioned machine 56type. For example, the 2.8.0 release introduced machine types 57``pc-i440fx-2.8'' and ``pc-q35-2.8'' for the x86_64/i686 architectures. 58 59To allow live migration of guests from QEMU version 2.8.0, to QEMU 60version 2.9.0, the 2.9.0 version must support the ``pc-i440fx-2.8'' 61and ``pc-q35-2.8'' machines too. To allow users live migrating VMs 62to skip multiple intermediate releases when upgrading, new releases 63of QEMU will support machine types from many previous versions. 64 65Supported machine properties are: 66@table @option 67@item accel=@var{accels1}[:@var{accels2}[:...]] 68This is used to enable an accelerator. Depending on the target architecture, 69kvm, xen, hax, hvf, whpx or tcg can be available. By default, tcg is used. If there is 70more than one accelerator specified, the next one is used if the previous one 71fails to initialize. 72@item kernel_irqchip=on|off 73Controls in-kernel irqchip support for the chosen accelerator when available. 74@item gfx_passthru=on|off 75Enables IGD GFX passthrough support for the chosen machine when available. 76@item vmport=on|off|auto 77Enables emulation of VMWare IO port, for vmmouse etc. auto says to select the 78value based on accel. For accel=xen the default is off otherwise the default 79is on. 80@item kvm_shadow_mem=size 81Defines the size of the KVM shadow MMU. 82@item dump-guest-core=on|off 83Include guest memory in a core dump. The default is on. 84@item mem-merge=on|off 85Enables or disables memory merge support. This feature, when supported by 86the host, de-duplicates identical memory pages among VMs instances 87(enabled by default). 88@item aes-key-wrap=on|off 89Enables or disables AES key wrapping support on s390-ccw hosts. This feature 90controls whether AES wrapping keys will be created to allow 91execution of AES cryptographic functions. The default is on. 92@item dea-key-wrap=on|off 93Enables or disables DEA key wrapping support on s390-ccw hosts. This feature 94controls whether DEA wrapping keys will be created to allow 95execution of DEA cryptographic functions. The default is on. 96@item nvdimm=on|off 97Enables or disables NVDIMM support. The default is off. 98@item enforce-config-section=on|off 99If @option{enforce-config-section} is set to @var{on}, force migration 100code to send configuration section even if the machine-type sets the 101@option{migration.send-configuration} property to @var{off}. 102NOTE: this parameter is deprecated. Please use @option{-global} 103@option{migration.send-configuration}=@var{on|off} instead. 104@item memory-encryption=@var{} 105Memory encryption object to use. The default is none. 106@end table 107ETEXI 108 109HXCOMM Deprecated by -machine 110DEF("M", HAS_ARG, QEMU_OPTION_M, "", QEMU_ARCH_ALL) 111 112DEF("cpu", HAS_ARG, QEMU_OPTION_cpu, 113 "-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL) 114STEXI 115@item -cpu @var{model} 116@findex -cpu 117Select CPU model (@code{-cpu help} for list and additional feature selection) 118ETEXI 119 120DEF("accel", HAS_ARG, QEMU_OPTION_accel, 121 "-accel [accel=]accelerator[,thread=single|multi]\n" 122 " select accelerator (kvm, xen, hax, hvf, whpx or tcg; use 'help' for a list)\n" 123 " thread=single|multi (enable multi-threaded TCG)\n", QEMU_ARCH_ALL) 124STEXI 125@item -accel @var{name}[,prop=@var{value}[,...]] 126@findex -accel 127This is used to enable an accelerator. Depending on the target architecture, 128kvm, xen, hax, hvf, whpx or tcg can be available. By default, tcg is used. If there is 129more than one accelerator specified, the next one is used if the previous one 130fails to initialize. 131@table @option 132@item thread=single|multi 133Controls number of TCG threads. When the TCG is multi-threaded there will be one 134thread per vCPU therefor taking advantage of additional host cores. The default 135is to enable multi-threading where both the back-end and front-ends support it and 136no incompatible TCG features have been enabled (e.g. icount/replay). 137@end table 138ETEXI 139 140DEF("smp", HAS_ARG, QEMU_OPTION_smp, 141 "-smp [cpus=]n[,maxcpus=cpus][,cores=cores][,threads=threads][,sockets=sockets]\n" 142 " set the number of CPUs to 'n' [default=1]\n" 143 " maxcpus= maximum number of total cpus, including\n" 144 " offline CPUs for hotplug, etc\n" 145 " cores= number of CPU cores on one socket\n" 146 " threads= number of threads on one CPU core\n" 147 " sockets= number of discrete sockets in the system\n", 148 QEMU_ARCH_ALL) 149STEXI 150@item -smp [cpus=]@var{n}[,cores=@var{cores}][,threads=@var{threads}][,sockets=@var{sockets}][,maxcpus=@var{maxcpus}] 151@findex -smp 152Simulate an SMP system with @var{n} CPUs. On the PC target, up to 255 153CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs 154to 4. 155For the PC target, the number of @var{cores} per socket, the number 156of @var{threads} per cores and the total number of @var{sockets} can be 157specified. Missing values will be computed. If any on the three values is 158given, the total number of CPUs @var{n} can be omitted. @var{maxcpus} 159specifies the maximum number of hotpluggable CPUs. 160ETEXI 161 162DEF("numa", HAS_ARG, QEMU_OPTION_numa, 163 "-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node]\n" 164 "-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node]\n" 165 "-numa dist,src=source,dst=destination,val=distance\n" 166 "-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]\n", 167 QEMU_ARCH_ALL) 168STEXI 169@item -numa node[,mem=@var{size}][,cpus=@var{firstcpu}[-@var{lastcpu}]][,nodeid=@var{node}] 170@itemx -numa node[,memdev=@var{id}][,cpus=@var{firstcpu}[-@var{lastcpu}]][,nodeid=@var{node}] 171@itemx -numa dist,src=@var{source},dst=@var{destination},val=@var{distance} 172@itemx -numa cpu,node-id=@var{node}[,socket-id=@var{x}][,core-id=@var{y}][,thread-id=@var{z}] 173@findex -numa 174Define a NUMA node and assign RAM and VCPUs to it. 175Set the NUMA distance from a source node to a destination node. 176 177Legacy VCPU assignment uses @samp{cpus} option where 178@var{firstcpu} and @var{lastcpu} are CPU indexes. Each 179@samp{cpus} option represent a contiguous range of CPU indexes 180(or a single VCPU if @var{lastcpu} is omitted). A non-contiguous 181set of VCPUs can be represented by providing multiple @samp{cpus} 182options. If @samp{cpus} is omitted on all nodes, VCPUs are automatically 183split between them. 184 185For example, the following option assigns VCPUs 0, 1, 2 and 5 to 186a NUMA node: 187@example 188-numa node,cpus=0-2,cpus=5 189@end example 190 191@samp{cpu} option is a new alternative to @samp{cpus} option 192which uses @samp{socket-id|core-id|thread-id} properties to assign 193CPU objects to a @var{node} using topology layout properties of CPU. 194The set of properties is machine specific, and depends on used 195machine type/@samp{smp} options. It could be queried with 196@samp{hotpluggable-cpus} monitor command. 197@samp{node-id} property specifies @var{node} to which CPU object 198will be assigned, it's required for @var{node} to be declared 199with @samp{node} option before it's used with @samp{cpu} option. 200 201For example: 202@example 203-M pc \ 204-smp 1,sockets=2,maxcpus=2 \ 205-numa node,nodeid=0 -numa node,nodeid=1 \ 206-numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=1,socket-id=1 207@end example 208 209@samp{mem} assigns a given RAM amount to a node. @samp{memdev} 210assigns RAM from a given memory backend device to a node. If 211@samp{mem} and @samp{memdev} are omitted in all nodes, RAM is 212split equally between them. 213 214@samp{mem} and @samp{memdev} are mutually exclusive. Furthermore, 215if one node uses @samp{memdev}, all of them have to use it. 216 217@var{source} and @var{destination} are NUMA node IDs. 218@var{distance} is the NUMA distance from @var{source} to @var{destination}. 219The distance from a node to itself is always 10. If any pair of nodes is 220given a distance, then all pairs must be given distances. Although, when 221distances are only given in one direction for each pair of nodes, then 222the distances in the opposite directions are assumed to be the same. If, 223however, an asymmetrical pair of distances is given for even one node 224pair, then all node pairs must be provided distance values for both 225directions, even when they are symmetrical. When a node is unreachable 226from another node, set the pair's distance to 255. 227 228Note that the -@option{numa} option doesn't allocate any of the 229specified resources, it just assigns existing resources to NUMA 230nodes. This means that one still has to use the @option{-m}, 231@option{-smp} options to allocate RAM and VCPUs respectively. 232 233ETEXI 234 235DEF("add-fd", HAS_ARG, QEMU_OPTION_add_fd, 236 "-add-fd fd=fd,set=set[,opaque=opaque]\n" 237 " Add 'fd' to fd 'set'\n", QEMU_ARCH_ALL) 238STEXI 239@item -add-fd fd=@var{fd},set=@var{set}[,opaque=@var{opaque}] 240@findex -add-fd 241 242Add a file descriptor to an fd set. Valid options are: 243 244@table @option 245@item fd=@var{fd} 246This option defines the file descriptor of which a duplicate is added to fd set. 247The file descriptor cannot be stdin, stdout, or stderr. 248@item set=@var{set} 249This option defines the ID of the fd set to add the file descriptor to. 250@item opaque=@var{opaque} 251This option defines a free-form string that can be used to describe @var{fd}. 252@end table 253 254You can open an image using pre-opened file descriptors from an fd set: 255@example 256qemu-system-i386 257-add-fd fd=3,set=2,opaque="rdwr:/path/to/file" 258-add-fd fd=4,set=2,opaque="rdonly:/path/to/file" 259-drive file=/dev/fdset/2,index=0,media=disk 260@end example 261ETEXI 262 263DEF("set", HAS_ARG, QEMU_OPTION_set, 264 "-set group.id.arg=value\n" 265 " set <arg> parameter for item <id> of type <group>\n" 266 " i.e. -set drive.$id.file=/path/to/image\n", QEMU_ARCH_ALL) 267STEXI 268@item -set @var{group}.@var{id}.@var{arg}=@var{value} 269@findex -set 270Set parameter @var{arg} for item @var{id} of type @var{group} 271ETEXI 272 273DEF("global", HAS_ARG, QEMU_OPTION_global, 274 "-global driver.property=value\n" 275 "-global driver=driver,property=property,value=value\n" 276 " set a global default for a driver property\n", 277 QEMU_ARCH_ALL) 278STEXI 279@item -global @var{driver}.@var{prop}=@var{value} 280@itemx -global driver=@var{driver},property=@var{property},value=@var{value} 281@findex -global 282Set default value of @var{driver}'s property @var{prop} to @var{value}, e.g.: 283 284@example 285qemu-system-i386 -global ide-hd.physical_block_size=4096 disk-image.img 286@end example 287 288In particular, you can use this to set driver properties for devices which are 289created automatically by the machine model. To create a device which is not 290created automatically and set properties on it, use -@option{device}. 291 292-global @var{driver}.@var{prop}=@var{value} is shorthand for -global 293driver=@var{driver},property=@var{prop},value=@var{value}. The 294longhand syntax works even when @var{driver} contains a dot. 295ETEXI 296 297DEF("boot", HAS_ARG, QEMU_OPTION_boot, 298 "-boot [order=drives][,once=drives][,menu=on|off]\n" 299 " [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]\n" 300 " 'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)\n" 301 " 'sp_name': the file's name that would be passed to bios as logo picture, if menu=on\n" 302 " 'sp_time': the period that splash picture last if menu=on, unit is ms\n" 303 " 'rb_timeout': the timeout before guest reboot when boot failed, unit is ms\n", 304 QEMU_ARCH_ALL) 305STEXI 306@item -boot [order=@var{drives}][,once=@var{drives}][,menu=on|off][,splash=@var{sp_name}][,splash-time=@var{sp_time}][,reboot-timeout=@var{rb_timeout}][,strict=on|off] 307@findex -boot 308Specify boot order @var{drives} as a string of drive letters. Valid 309drive letters depend on the target architecture. The x86 PC uses: a, b 310(floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p (Etherboot 311from network adapter 1-4), hard disk boot is the default. To apply a 312particular boot order only on the first startup, specify it via 313@option{once}. Note that the @option{order} or @option{once} parameter 314should not be used together with the @option{bootindex} property of 315devices, since the firmware implementations normally do not support both 316at the same time. 317 318Interactive boot menus/prompts can be enabled via @option{menu=on} as far 319as firmware/BIOS supports them. The default is non-interactive boot. 320 321A splash picture could be passed to bios, enabling user to show it as logo, 322when option splash=@var{sp_name} is given and menu=on, If firmware/BIOS 323supports them. Currently Seabios for X86 system support it. 324limitation: The splash file could be a jpeg file or a BMP file in 24 BPP 325format(true color). The resolution should be supported by the SVGA mode, so 326the recommended is 320x240, 640x480, 800x640. 327 328A timeout could be passed to bios, guest will pause for @var{rb_timeout} ms 329when boot failed, then reboot. If @var{rb_timeout} is '-1', guest will not 330reboot, qemu passes '-1' to bios by default. Currently Seabios for X86 331system support it. 332 333Do strict boot via @option{strict=on} as far as firmware/BIOS 334supports it. This only effects when boot priority is changed by 335bootindex options. The default is non-strict boot. 336 337@example 338# try to boot from network first, then from hard disk 339qemu-system-i386 -boot order=nc 340# boot from CD-ROM first, switch back to default order after reboot 341qemu-system-i386 -boot once=d 342# boot with a splash picture for 5 seconds. 343qemu-system-i386 -boot menu=on,splash=/root/boot.bmp,splash-time=5000 344@end example 345 346Note: The legacy format '-boot @var{drives}' is still supported but its 347use is discouraged as it may be removed from future versions. 348ETEXI 349 350DEF("m", HAS_ARG, QEMU_OPTION_m, 351 "-m [size=]megs[,slots=n,maxmem=size]\n" 352 " configure guest RAM\n" 353 " size: initial amount of guest memory\n" 354 " slots: number of hotplug slots (default: none)\n" 355 " maxmem: maximum amount of guest memory (default: none)\n" 356 "NOTE: Some architectures might enforce a specific granularity\n", 357 QEMU_ARCH_ALL) 358STEXI 359@item -m [size=]@var{megs}[,slots=n,maxmem=size] 360@findex -m 361Sets guest startup RAM size to @var{megs} megabytes. Default is 128 MiB. 362Optionally, a suffix of ``M'' or ``G'' can be used to signify a value in 363megabytes or gigabytes respectively. Optional pair @var{slots}, @var{maxmem} 364could be used to set amount of hotpluggable memory slots and maximum amount of 365memory. Note that @var{maxmem} must be aligned to the page size. 366 367For example, the following command-line sets the guest startup RAM size to 3681GB, creates 3 slots to hotplug additional memory and sets the maximum 369memory the guest can reach to 4GB: 370 371@example 372qemu-system-x86_64 -m 1G,slots=3,maxmem=4G 373@end example 374 375If @var{slots} and @var{maxmem} are not specified, memory hotplug won't 376be enabled and the guest startup RAM will never increase. 377ETEXI 378 379DEF("mem-path", HAS_ARG, QEMU_OPTION_mempath, 380 "-mem-path FILE provide backing storage for guest RAM\n", QEMU_ARCH_ALL) 381STEXI 382@item -mem-path @var{path} 383@findex -mem-path 384Allocate guest RAM from a temporarily created file in @var{path}. 385ETEXI 386 387DEF("mem-prealloc", 0, QEMU_OPTION_mem_prealloc, 388 "-mem-prealloc preallocate guest memory (use with -mem-path)\n", 389 QEMU_ARCH_ALL) 390STEXI 391@item -mem-prealloc 392@findex -mem-prealloc 393Preallocate memory when using -mem-path. 394ETEXI 395 396DEF("k", HAS_ARG, QEMU_OPTION_k, 397 "-k language use keyboard layout (for example 'fr' for French)\n", 398 QEMU_ARCH_ALL) 399STEXI 400@item -k @var{language} 401@findex -k 402Use keyboard layout @var{language} (for example @code{fr} for 403French). This option is only needed where it is not easy to get raw PC 404keycodes (e.g. on Macs, with some X11 servers or with a VNC or curses 405display). You don't normally need to use it on PC/Linux or PC/Windows 406hosts. 407 408The available layouts are: 409@example 410ar de-ch es fo fr-ca hu ja mk no pt-br sv 411da en-gb et fr fr-ch is lt nl pl ru th 412de en-us fi fr-be hr it lv nl-be pt sl tr 413@end example 414 415The default is @code{en-us}. 416ETEXI 417 418 419HXCOMM Deprecated by -audiodev 420DEF("audio-help", 0, QEMU_OPTION_audio_help, 421 "-audio-help show -audiodev equivalent of the currently specified audio settings\n", 422 QEMU_ARCH_ALL) 423STEXI 424@item -audio-help 425@findex -audio-help 426Will show the -audiodev equivalent of the currently specified 427(deprecated) environment variables. 428ETEXI 429 430DEF("audiodev", HAS_ARG, QEMU_OPTION_audiodev, 431 "-audiodev [driver=]driver,id=id[,prop[=value][,...]]\n" 432 " specifies the audio backend to use\n" 433 " id= identifier of the backend\n" 434 " timer-period= timer period in microseconds\n" 435 " in|out.fixed-settings= use fixed settings for host audio\n" 436 " in|out.frequency= frequency to use with fixed settings\n" 437 " in|out.channels= number of channels to use with fixed settings\n" 438 " in|out.format= sample format to use with fixed settings\n" 439 " valid values: s8, s16, s32, u8, u16, u32\n" 440 " in|out.voices= number of voices to use\n" 441 " in|out.buffer-len= length of buffer in microseconds\n" 442 "-audiodev none,id=id,[,prop[=value][,...]]\n" 443 " dummy driver that discards all output\n" 444#ifdef CONFIG_AUDIO_ALSA 445 "-audiodev alsa,id=id[,prop[=value][,...]]\n" 446 " in|out.dev= name of the audio device to use\n" 447 " in|out.period-len= length of period in microseconds\n" 448 " in|out.try-poll= attempt to use poll mode\n" 449 " threshold= threshold (in microseconds) when playback starts\n" 450#endif 451#ifdef CONFIG_AUDIO_COREAUDIO 452 "-audiodev coreaudio,id=id[,prop[=value][,...]]\n" 453 " in|out.buffer-count= number of buffers\n" 454#endif 455#ifdef CONFIG_AUDIO_DSOUND 456 "-audiodev dsound,id=id[,prop[=value][,...]]\n" 457 " latency= add extra latency to playback in microseconds\n" 458#endif 459#ifdef CONFIG_AUDIO_OSS 460 "-audiodev oss,id=id[,prop[=value][,...]]\n" 461 " in|out.dev= path of the audio device to use\n" 462 " in|out.buffer-count= number of buffers\n" 463 " in|out.try-poll= attempt to use poll mode\n" 464 " try-mmap= try using memory mapped access\n" 465 " exclusive= open device in exclusive mode\n" 466 " dsp-policy= set timing policy (0..10), -1 to use fragment mode\n" 467#endif 468#ifdef CONFIG_AUDIO_PA 469 "-audiodev pa,id=id[,prop[=value][,...]]\n" 470 " server= PulseAudio server address\n" 471 " in|out.name= source/sink device name\n" 472#endif 473#ifdef CONFIG_AUDIO_SDL 474 "-audiodev sdl,id=id[,prop[=value][,...]]\n" 475#endif 476#ifdef CONFIG_SPICE 477 "-audiodev spice,id=id[,prop[=value][,...]]\n" 478#endif 479 "-audiodev wav,id=id[,prop[=value][,...]]\n" 480 " path= path of wav file to record\n", 481 QEMU_ARCH_ALL) 482STEXI 483@item -audiodev [driver=]@var{driver},id=@var{id}[,@var{prop}[=@var{value}][,...]] 484@findex -audiodev 485Adds a new audio backend @var{driver} identified by @var{id}. There are 486global and driver specific properties. Some values can be set 487differently for input and output, they're marked with @code{in|out.}. 488You can set the input's property with @code{in.@var{prop}} and the 489output's property with @code{out.@var{prop}}. For example: 490@example 491-audiodev alsa,id=example,in.frequency=44110,out.frequency=8000 492-audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified 493@end example 494 495Valid global options are: 496 497@table @option 498@item id=@var{identifier} 499Identifies the audio backend. 500 501@item timer-period=@var{period} 502Sets the timer @var{period} used by the audio subsystem in microseconds. 503Default is 10000 (10 ms). 504 505@item in|out.fixed-settings=on|off 506Use fixed settings for host audio. When off, it will change based on 507how the guest opens the sound card. In this case you must not specify 508@var{frequency}, @var{channels} or @var{format}. Default is on. 509 510@item in|out.frequency=@var{frequency} 511Specify the @var{frequency} to use when using @var{fixed-settings}. 512Default is 44100Hz. 513 514@item in|out.channels=@var{channels} 515Specify the number of @var{channels} to use when using 516@var{fixed-settings}. Default is 2 (stereo). 517 518@item in|out.format=@var{format} 519Specify the sample @var{format} to use when using @var{fixed-settings}. 520Valid values are: @code{s8}, @code{s16}, @code{s32}, @code{u8}, 521@code{u16}, @code{u32}. Default is @code{s16}. 522 523@item in|out.voices=@var{voices} 524Specify the number of @var{voices} to use. Default is 1. 525 526@item in|out.buffer=@var{usecs} 527Sets the size of the buffer in microseconds. 528 529@end table 530 531@item -audiodev none,id=@var{id}[,@var{prop}[=@var{value}][,...]] 532Creates a dummy backend that discards all outputs. This backend has no 533backend specific properties. 534 535@item -audiodev alsa,id=@var{id}[,@var{prop}[=@var{value}][,...]] 536Creates backend using the ALSA. This backend is only available on 537Linux. 538 539ALSA specific options are: 540 541@table @option 542 543@item in|out.dev=@var{device} 544Specify the ALSA @var{device} to use for input and/or output. Default 545is @code{default}. 546 547@item in|out.period-len=@var{usecs} 548Sets the period length in microseconds. 549 550@item in|out.try-poll=on|off 551Attempt to use poll mode with the device. Default is on. 552 553@item threshold=@var{threshold} 554Threshold (in microseconds) when playback starts. Default is 0. 555 556@end table 557 558@item -audiodev coreaudio,id=@var{id}[,@var{prop}[=@var{value}][,...]] 559Creates a backend using Apple's Core Audio. This backend is only 560available on Mac OS and only supports playback. 561 562Core Audio specific options are: 563 564@table @option 565 566@item in|out.buffer-count=@var{count} 567Sets the @var{count} of the buffers. 568 569@end table 570 571@item -audiodev dsound,id=@var{id}[,@var{prop}[=@var{value}][,...]] 572Creates a backend using Microsoft's DirectSound. This backend is only 573available on Windows and only supports playback. 574 575DirectSound specific options are: 576 577@table @option 578 579@item latency=@var{usecs} 580Add extra @var{usecs} microseconds latency to playback. Default is 58110000 (10 ms). 582 583@end table 584 585@item -audiodev oss,id=@var{id}[,@var{prop}[=@var{value}][,...]] 586Creates a backend using OSS. This backend is available on most 587Unix-like systems. 588 589OSS specific options are: 590 591@table @option 592 593@item in|out.dev=@var{device} 594Specify the file name of the OSS @var{device} to use. Default is 595@code{/dev/dsp}. 596 597@item in|out.buffer-count=@var{count} 598Sets the @var{count} of the buffers. 599 600@item in|out.try-poll=on|of 601Attempt to use poll mode with the device. Default is on. 602 603@item try-mmap=on|off 604Try using memory mapped device access. Default is off. 605 606@item exclusive=on|off 607Open the device in exclusive mode (vmix won't work in this case). 608Default is off. 609 610@item dsp-policy=@var{policy} 611Sets the timing policy (between 0 and 10, where smaller number means 612smaller latency but higher CPU usage). Use -1 to use buffer sizes 613specified by @code{buffer} and @code{buffer-count}. This option is 614ignored if you do not have OSS 4. Default is 5. 615 616@end table 617 618@item -audiodev pa,id=@var{id}[,@var{prop}[=@var{value}][,...]] 619Creates a backend using PulseAudio. This backend is available on most 620systems. 621 622PulseAudio specific options are: 623 624@table @option 625 626@item server=@var{server} 627Sets the PulseAudio @var{server} to connect to. 628 629@item in|out.name=@var{sink} 630Use the specified source/sink for recording/playback. 631 632@end table 633 634@item -audiodev sdl,id=@var{id}[,@var{prop}[=@var{value}][,...]] 635Creates a backend using SDL. This backend is available on most systems, 636but you should use your platform's native backend if possible. This 637backend has no backend specific properties. 638 639@item -audiodev spice,id=@var{id}[,@var{prop}[=@var{value}][,...]] 640Creates a backend that sends audio through SPICE. This backend requires 641@code{-spice} and automatically selected in that case, so usually you 642can ignore this option. This backend has no backend specific 643properties. 644 645@item -audiodev wav,id=@var{id}[,@var{prop}[=@var{value}][,...]] 646Creates a backend that writes audio to a WAV file. 647 648Backend specific options are: 649 650@table @option 651 652@item path=@var{path} 653Write recorded audio into the specified file. Default is 654@code{qemu.wav}. 655 656@end table 657ETEXI 658 659DEF("soundhw", HAS_ARG, QEMU_OPTION_soundhw, 660 "-soundhw c1,... enable audio support\n" 661 " and only specified sound cards (comma separated list)\n" 662 " use '-soundhw help' to get the list of supported cards\n" 663 " use '-soundhw all' to enable all of them\n", QEMU_ARCH_ALL) 664STEXI 665@item -soundhw @var{card1}[,@var{card2},...] or -soundhw all 666@findex -soundhw 667Enable audio and selected sound hardware. Use 'help' to print all 668available sound hardware. 669 670@example 671qemu-system-i386 -soundhw sb16,adlib disk.img 672qemu-system-i386 -soundhw es1370 disk.img 673qemu-system-i386 -soundhw ac97 disk.img 674qemu-system-i386 -soundhw hda disk.img 675qemu-system-i386 -soundhw all disk.img 676qemu-system-i386 -soundhw help 677@end example 678 679Note that Linux's i810_audio OSS kernel (for AC97) module might 680require manually specifying clocking. 681 682@example 683modprobe i810_audio clocking=48000 684@end example 685ETEXI 686 687DEF("device", HAS_ARG, QEMU_OPTION_device, 688 "-device driver[,prop[=value][,...]]\n" 689 " add device (based on driver)\n" 690 " prop=value,... sets driver properties\n" 691 " use '-device help' to print all possible drivers\n" 692 " use '-device driver,help' to print all possible properties\n", 693 QEMU_ARCH_ALL) 694STEXI 695@item -device @var{driver}[,@var{prop}[=@var{value}][,...]] 696@findex -device 697Add device @var{driver}. @var{prop}=@var{value} sets driver 698properties. Valid properties depend on the driver. To get help on 699possible drivers and properties, use @code{-device help} and 700@code{-device @var{driver},help}. 701 702Some drivers are: 703@item -device ipmi-bmc-sim,id=@var{id}[,slave_addr=@var{val}][,sdrfile=@var{file}][,furareasize=@var{val}][,furdatafile=@var{file}] 704 705Add an IPMI BMC. This is a simulation of a hardware management 706interface processor that normally sits on a system. It provides 707a watchdog and the ability to reset and power control the system. 708You need to connect this to an IPMI interface to make it useful 709 710The IPMI slave address to use for the BMC. The default is 0x20. 711This address is the BMC's address on the I2C network of management 712controllers. If you don't know what this means, it is safe to ignore 713it. 714 715@table @option 716@item bmc=@var{id} 717The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above. 718@item slave_addr=@var{val} 719Define slave address to use for the BMC. The default is 0x20. 720@item sdrfile=@var{file} 721file containing raw Sensor Data Records (SDR) data. The default is none. 722@item fruareasize=@var{val} 723size of a Field Replaceable Unit (FRU) area. The default is 1024. 724@item frudatafile=@var{file} 725file containing raw Field Replaceable Unit (FRU) inventory data. The default is none. 726@end table 727 728@item -device ipmi-bmc-extern,id=@var{id},chardev=@var{id}[,slave_addr=@var{val}] 729 730Add a connection to an external IPMI BMC simulator. Instead of 731locally emulating the BMC like the above item, instead connect 732to an external entity that provides the IPMI services. 733 734A connection is made to an external BMC simulator. If you do this, it 735is strongly recommended that you use the "reconnect=" chardev option 736to reconnect to the simulator if the connection is lost. Note that if 737this is not used carefully, it can be a security issue, as the 738interface has the ability to send resets, NMIs, and power off the VM. 739It's best if QEMU makes a connection to an external simulator running 740on a secure port on localhost, so neither the simulator nor QEMU is 741exposed to any outside network. 742 743See the "lanserv/README.vm" file in the OpenIPMI library for more 744details on the external interface. 745 746@item -device isa-ipmi-kcs,bmc=@var{id}[,ioport=@var{val}][,irq=@var{val}] 747 748Add a KCS IPMI interafce on the ISA bus. This also adds a 749corresponding ACPI and SMBIOS entries, if appropriate. 750 751@table @option 752@item bmc=@var{id} 753The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above. 754@item ioport=@var{val} 755Define the I/O address of the interface. The default is 0xca0 for KCS. 756@item irq=@var{val} 757Define the interrupt to use. The default is 5. To disable interrupts, 758set this to 0. 759@end table 760 761@item -device isa-ipmi-bt,bmc=@var{id}[,ioport=@var{val}][,irq=@var{val}] 762 763Like the KCS interface, but defines a BT interface. The default port is 7640xe4 and the default interrupt is 5. 765 766ETEXI 767 768DEF("name", HAS_ARG, QEMU_OPTION_name, 769 "-name string1[,process=string2][,debug-threads=on|off]\n" 770 " set the name of the guest\n" 771 " string1 sets the window title and string2 the process name\n" 772 " When debug-threads is enabled, individual threads are given a separate name\n" 773 " NOTE: The thread names are for debugging and not a stable API.\n", 774 QEMU_ARCH_ALL) 775STEXI 776@item -name @var{name} 777@findex -name 778Sets the @var{name} of the guest. 779This name will be displayed in the SDL window caption. 780The @var{name} will also be used for the VNC server. 781Also optionally set the top visible process name in Linux. 782Naming of individual threads can also be enabled on Linux to aid debugging. 783ETEXI 784 785DEF("uuid", HAS_ARG, QEMU_OPTION_uuid, 786 "-uuid %08x-%04x-%04x-%04x-%012x\n" 787 " specify machine UUID\n", QEMU_ARCH_ALL) 788STEXI 789@item -uuid @var{uuid} 790@findex -uuid 791Set system UUID. 792ETEXI 793 794STEXI 795@end table 796ETEXI 797DEFHEADING() 798 799DEFHEADING(Block device options:) 800STEXI 801@table @option 802ETEXI 803 804DEF("fda", HAS_ARG, QEMU_OPTION_fda, 805 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL) 806DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL) 807STEXI 808@item -fda @var{file} 809@itemx -fdb @var{file} 810@findex -fda 811@findex -fdb 812Use @var{file} as floppy disk 0/1 image (@pxref{disk_images}). 813ETEXI 814 815DEF("hda", HAS_ARG, QEMU_OPTION_hda, 816 "-hda/-hdb file use 'file' as IDE hard disk 0/1 image\n", QEMU_ARCH_ALL) 817DEF("hdb", HAS_ARG, QEMU_OPTION_hdb, "", QEMU_ARCH_ALL) 818DEF("hdc", HAS_ARG, QEMU_OPTION_hdc, 819 "-hdc/-hdd file use 'file' as IDE hard disk 2/3 image\n", QEMU_ARCH_ALL) 820DEF("hdd", HAS_ARG, QEMU_OPTION_hdd, "", QEMU_ARCH_ALL) 821STEXI 822@item -hda @var{file} 823@itemx -hdb @var{file} 824@itemx -hdc @var{file} 825@itemx -hdd @var{file} 826@findex -hda 827@findex -hdb 828@findex -hdc 829@findex -hdd 830Use @var{file} as hard disk 0, 1, 2 or 3 image (@pxref{disk_images}). 831ETEXI 832 833DEF("cdrom", HAS_ARG, QEMU_OPTION_cdrom, 834 "-cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master)\n", 835 QEMU_ARCH_ALL) 836STEXI 837@item -cdrom @var{file} 838@findex -cdrom 839Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and 840@option{-cdrom} at the same time). You can use the host CD-ROM by 841using @file{/dev/cdrom} as filename (@pxref{host_drives}). 842ETEXI 843 844DEF("blockdev", HAS_ARG, QEMU_OPTION_blockdev, 845 "-blockdev [driver=]driver[,node-name=N][,discard=ignore|unmap]\n" 846 " [,cache.direct=on|off][,cache.no-flush=on|off]\n" 847 " [,read-only=on|off][,detect-zeroes=on|off|unmap]\n" 848 " [,driver specific parameters...]\n" 849 " configure a block backend\n", QEMU_ARCH_ALL) 850STEXI 851@item -blockdev @var{option}[,@var{option}[,@var{option}[,...]]] 852@findex -blockdev 853 854Define a new block driver node. Some of the options apply to all block drivers, 855other options are only accepted for a specific block driver. See below for a 856list of generic options and options for the most common block drivers. 857 858Options that expect a reference to another node (e.g. @code{file}) can be 859given in two ways. Either you specify the node name of an already existing node 860(file=@var{node-name}), or you define a new node inline, adding options 861for the referenced node after a dot (file.filename=@var{path},file.aio=native). 862 863A block driver node created with @option{-blockdev} can be used for a guest 864device by specifying its node name for the @code{drive} property in a 865@option{-device} argument that defines a block device. 866 867@table @option 868@item Valid options for any block driver node: 869 870@table @code 871@item driver 872Specifies the block driver to use for the given node. 873@item node-name 874This defines the name of the block driver node by which it will be referenced 875later. The name must be unique, i.e. it must not match the name of a different 876block driver node, or (if you use @option{-drive} as well) the ID of a drive. 877 878If no node name is specified, it is automatically generated. The generated node 879name is not intended to be predictable and changes between QEMU invocations. 880For the top level, an explicit node name must be specified. 881@item read-only 882Open the node read-only. Guest write attempts will fail. 883@item cache.direct 884The host page cache can be avoided with @option{cache.direct=on}. This will 885attempt to do disk IO directly to the guest's memory. QEMU may still perform an 886internal copy of the data. 887@item cache.no-flush 888In case you don't care about data integrity over host failures, you can use 889@option{cache.no-flush=on}. This option tells QEMU that it never needs to write 890any data to the disk but can instead keep things in cache. If anything goes 891wrong, like your host losing power, the disk storage getting disconnected 892accidentally, etc. your image will most probably be rendered unusable. 893@item discard=@var{discard} 894@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and controls 895whether @code{discard} (also known as @code{trim} or @code{unmap}) requests are 896ignored or passed to the filesystem. Some machine types may not support 897discard requests. 898@item detect-zeroes=@var{detect-zeroes} 899@var{detect-zeroes} is "off", "on" or "unmap" and enables the automatic 900conversion of plain zero writes by the OS to driver specific optimized 901zero write commands. You may even choose "unmap" if @var{discard} is set 902to "unmap" to allow a zero write to be converted to an @code{unmap} operation. 903@end table 904 905@item Driver-specific options for @code{file} 906 907This is the protocol-level block driver for accessing regular files. 908 909@table @code 910@item filename 911The path to the image file in the local filesystem 912@item aio 913Specifies the AIO backend (threads/native, default: threads) 914@item locking 915Specifies whether the image file is protected with Linux OFD / POSIX locks. The 916default is to use the Linux Open File Descriptor API if available, otherwise no 917lock is applied. (auto/on/off, default: auto) 918@end table 919Example: 920@example 921-blockdev driver=file,node-name=disk,filename=disk.img 922@end example 923 924@item Driver-specific options for @code{raw} 925 926This is the image format block driver for raw images. It is usually 927stacked on top of a protocol level block driver such as @code{file}. 928 929@table @code 930@item file 931Reference to or definition of the data source block driver node 932(e.g. a @code{file} driver node) 933@end table 934Example 1: 935@example 936-blockdev driver=file,node-name=disk_file,filename=disk.img 937-blockdev driver=raw,node-name=disk,file=disk_file 938@end example 939Example 2: 940@example 941-blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img 942@end example 943 944@item Driver-specific options for @code{qcow2} 945 946This is the image format block driver for qcow2 images. It is usually 947stacked on top of a protocol level block driver such as @code{file}. 948 949@table @code 950@item file 951Reference to or definition of the data source block driver node 952(e.g. a @code{file} driver node) 953 954@item backing 955Reference to or definition of the backing file block device (default is taken 956from the image file). It is allowed to pass @code{null} here in order to disable 957the default backing file. 958 959@item lazy-refcounts 960Whether to enable the lazy refcounts feature (on/off; default is taken from the 961image file) 962 963@item cache-size 964The maximum total size of the L2 table and refcount block caches in bytes 965(default: the sum of l2-cache-size and refcount-cache-size) 966 967@item l2-cache-size 968The maximum size of the L2 table cache in bytes 969(default: if cache-size is not specified - 32M on Linux platforms, and 8M on 970non-Linux platforms; otherwise, as large as possible within the cache-size, 971while permitting the requested or the minimal refcount cache size) 972 973@item refcount-cache-size 974The maximum size of the refcount block cache in bytes 975(default: 4 times the cluster size; or if cache-size is specified, the part of 976it which is not used for the L2 cache) 977 978@item cache-clean-interval 979Clean unused entries in the L2 and refcount caches. The interval is in seconds. 980The default value is 600 on supporting platforms, and 0 on other platforms. 981Setting it to 0 disables this feature. 982 983@item pass-discard-request 984Whether discard requests to the qcow2 device should be forwarded to the data 985source (on/off; default: on if discard=unmap is specified, off otherwise) 986 987@item pass-discard-snapshot 988Whether discard requests for the data source should be issued when a snapshot 989operation (e.g. deleting a snapshot) frees clusters in the qcow2 file (on/off; 990default: on) 991 992@item pass-discard-other 993Whether discard requests for the data source should be issued on other 994occasions where a cluster gets freed (on/off; default: off) 995 996@item overlap-check 997Which overlap checks to perform for writes to the image 998(none/constant/cached/all; default: cached). For details or finer 999granularity control refer to the QAPI documentation of @code{blockdev-add}. 1000@end table 1001 1002Example 1: 1003@example 1004-blockdev driver=file,node-name=my_file,filename=/tmp/disk.qcow2 1005-blockdev driver=qcow2,node-name=hda,file=my_file,overlap-check=none,cache-size=16777216 1006@end example 1007Example 2: 1008@example 1009-blockdev driver=qcow2,node-name=disk,file.driver=http,file.filename=http://example.com/image.qcow2 1010@end example 1011 1012@item Driver-specific options for other drivers 1013Please refer to the QAPI documentation of the @code{blockdev-add} QMP command. 1014 1015@end table 1016 1017ETEXI 1018 1019DEF("drive", HAS_ARG, QEMU_OPTION_drive, 1020 "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n" 1021 " [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]\n" 1022 " [,snapshot=on|off][,rerror=ignore|stop|report]\n" 1023 " [,werror=ignore|stop|report|enospc][,id=name][,aio=threads|native]\n" 1024 " [,readonly=on|off][,copy-on-read=on|off]\n" 1025 " [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]\n" 1026 " [[,bps=b]|[[,bps_rd=r][,bps_wr=w]]]\n" 1027 " [[,iops=i]|[[,iops_rd=r][,iops_wr=w]]]\n" 1028 " [[,bps_max=bm]|[[,bps_rd_max=rm][,bps_wr_max=wm]]]\n" 1029 " [[,iops_max=im]|[[,iops_rd_max=irm][,iops_wr_max=iwm]]]\n" 1030 " [[,iops_size=is]]\n" 1031 " [[,group=g]]\n" 1032 " use 'file' as a drive image\n", QEMU_ARCH_ALL) 1033STEXI 1034@item -drive @var{option}[,@var{option}[,@var{option}[,...]]] 1035@findex -drive 1036 1037Define a new drive. This includes creating a block driver node (the backend) as 1038well as a guest device, and is mostly a shortcut for defining the corresponding 1039@option{-blockdev} and @option{-device} options. 1040 1041@option{-drive} accepts all options that are accepted by @option{-blockdev}. In 1042addition, it knows the following options: 1043 1044@table @option 1045@item file=@var{file} 1046This option defines which disk image (@pxref{disk_images}) to use with 1047this drive. If the filename contains comma, you must double it 1048(for instance, "file=my,,file" to use file "my,file"). 1049 1050Special files such as iSCSI devices can be specified using protocol 1051specific URLs. See the section for "Device URL Syntax" for more information. 1052@item if=@var{interface} 1053This option defines on which type on interface the drive is connected. 1054Available types are: ide, scsi, sd, mtd, floppy, pflash, virtio, none. 1055@item bus=@var{bus},unit=@var{unit} 1056These options define where is connected the drive by defining the bus number and 1057the unit id. 1058@item index=@var{index} 1059This option defines where is connected the drive by using an index in the list 1060of available connectors of a given interface type. 1061@item media=@var{media} 1062This option defines the type of the media: disk or cdrom. 1063@item snapshot=@var{snapshot} 1064@var{snapshot} is "on" or "off" and controls snapshot mode for the given drive 1065(see @option{-snapshot}). 1066@item cache=@var{cache} 1067@var{cache} is "none", "writeback", "unsafe", "directsync" or "writethrough" 1068and controls how the host cache is used to access block data. This is a 1069shortcut that sets the @option{cache.direct} and @option{cache.no-flush} 1070options (as in @option{-blockdev}), and additionally @option{cache.writeback}, 1071which provides a default for the @option{write-cache} option of block guest 1072devices (as in @option{-device}). The modes correspond to the following 1073settings: 1074 1075@c Our texi2pod.pl script doesn't support @multitable, so fall back to using 1076@c plain ASCII art (well, UTF-8 art really). This looks okay both in the manpage 1077@c and the HTML output. 1078@example 1079@ │ cache.writeback cache.direct cache.no-flush 1080─────────────┼───────────────────────────────────────────────── 1081writeback │ on off off 1082none │ on on off 1083writethrough │ off off off 1084directsync │ off on off 1085unsafe │ on off on 1086@end example 1087 1088The default mode is @option{cache=writeback}. 1089 1090@item aio=@var{aio} 1091@var{aio} is "threads", or "native" and selects between pthread based disk I/O and native Linux AIO. 1092@item format=@var{format} 1093Specify which disk @var{format} will be used rather than detecting 1094the format. Can be used to specify format=raw to avoid interpreting 1095an untrusted format header. 1096@item werror=@var{action},rerror=@var{action} 1097Specify which @var{action} to take on write and read errors. Valid actions are: 1098"ignore" (ignore the error and try to continue), "stop" (pause QEMU), 1099"report" (report the error to the guest), "enospc" (pause QEMU only if the 1100host disk is full; report the error to the guest otherwise). 1101The default setting is @option{werror=enospc} and @option{rerror=report}. 1102@item copy-on-read=@var{copy-on-read} 1103@var{copy-on-read} is "on" or "off" and enables whether to copy read backing 1104file sectors into the image file. 1105@item bps=@var{b},bps_rd=@var{r},bps_wr=@var{w} 1106Specify bandwidth throttling limits in bytes per second, either for all request 1107types or for reads or writes only. Small values can lead to timeouts or hangs 1108inside the guest. A safe minimum for disks is 2 MB/s. 1109@item bps_max=@var{bm},bps_rd_max=@var{rm},bps_wr_max=@var{wm} 1110Specify bursts in bytes per second, either for all request types or for reads 1111or writes only. Bursts allow the guest I/O to spike above the limit 1112temporarily. 1113@item iops=@var{i},iops_rd=@var{r},iops_wr=@var{w} 1114Specify request rate limits in requests per second, either for all request 1115types or for reads or writes only. 1116@item iops_max=@var{bm},iops_rd_max=@var{rm},iops_wr_max=@var{wm} 1117Specify bursts in requests per second, either for all request types or for reads 1118or writes only. Bursts allow the guest I/O to spike above the limit 1119temporarily. 1120@item iops_size=@var{is} 1121Let every @var{is} bytes of a request count as a new request for iops 1122throttling purposes. Use this option to prevent guests from circumventing iops 1123limits by sending fewer but larger requests. 1124@item group=@var{g} 1125Join a throttling quota group with given name @var{g}. All drives that are 1126members of the same group are accounted for together. Use this option to 1127prevent guests from circumventing throttling limits by using many small disks 1128instead of a single larger disk. 1129@end table 1130 1131By default, the @option{cache.writeback=on} mode is used. It will report data 1132writes as completed as soon as the data is present in the host page cache. 1133This is safe as long as your guest OS makes sure to correctly flush disk caches 1134where needed. If your guest OS does not handle volatile disk write caches 1135correctly and your host crashes or loses power, then the guest may experience 1136data corruption. 1137 1138For such guests, you should consider using @option{cache.writeback=off}. This 1139means that the host page cache will be used to read and write data, but write 1140notification will be sent to the guest only after QEMU has made sure to flush 1141each write to the disk. Be aware that this has a major impact on performance. 1142 1143When using the @option{-snapshot} option, unsafe caching is always used. 1144 1145Copy-on-read avoids accessing the same backing file sectors repeatedly and is 1146useful when the backing file is over a slow network. By default copy-on-read 1147is off. 1148 1149Instead of @option{-cdrom} you can use: 1150@example 1151qemu-system-i386 -drive file=file,index=2,media=cdrom 1152@end example 1153 1154Instead of @option{-hda}, @option{-hdb}, @option{-hdc}, @option{-hdd}, you can 1155use: 1156@example 1157qemu-system-i386 -drive file=file,index=0,media=disk 1158qemu-system-i386 -drive file=file,index=1,media=disk 1159qemu-system-i386 -drive file=file,index=2,media=disk 1160qemu-system-i386 -drive file=file,index=3,media=disk 1161@end example 1162 1163You can open an image using pre-opened file descriptors from an fd set: 1164@example 1165qemu-system-i386 1166-add-fd fd=3,set=2,opaque="rdwr:/path/to/file" 1167-add-fd fd=4,set=2,opaque="rdonly:/path/to/file" 1168-drive file=/dev/fdset/2,index=0,media=disk 1169@end example 1170 1171You can connect a CDROM to the slave of ide0: 1172@example 1173qemu-system-i386 -drive file=file,if=ide,index=1,media=cdrom 1174@end example 1175 1176If you don't specify the "file=" argument, you define an empty drive: 1177@example 1178qemu-system-i386 -drive if=ide,index=1,media=cdrom 1179@end example 1180 1181Instead of @option{-fda}, @option{-fdb}, you can use: 1182@example 1183qemu-system-i386 -drive file=file,index=0,if=floppy 1184qemu-system-i386 -drive file=file,index=1,if=floppy 1185@end example 1186 1187By default, @var{interface} is "ide" and @var{index} is automatically 1188incremented: 1189@example 1190qemu-system-i386 -drive file=a -drive file=b" 1191@end example 1192is interpreted like: 1193@example 1194qemu-system-i386 -hda a -hdb b 1195@end example 1196ETEXI 1197 1198DEF("mtdblock", HAS_ARG, QEMU_OPTION_mtdblock, 1199 "-mtdblock file use 'file' as on-board Flash memory image\n", 1200 QEMU_ARCH_ALL) 1201STEXI 1202@item -mtdblock @var{file} 1203@findex -mtdblock 1204Use @var{file} as on-board Flash memory image. 1205ETEXI 1206 1207DEF("sd", HAS_ARG, QEMU_OPTION_sd, 1208 "-sd file use 'file' as SecureDigital card image\n", QEMU_ARCH_ALL) 1209STEXI 1210@item -sd @var{file} 1211@findex -sd 1212Use @var{file} as SecureDigital card image. 1213ETEXI 1214 1215DEF("pflash", HAS_ARG, QEMU_OPTION_pflash, 1216 "-pflash file use 'file' as a parallel flash image\n", QEMU_ARCH_ALL) 1217STEXI 1218@item -pflash @var{file} 1219@findex -pflash 1220Use @var{file} as a parallel flash image. 1221ETEXI 1222 1223DEF("snapshot", 0, QEMU_OPTION_snapshot, 1224 "-snapshot write to temporary files instead of disk image files\n", 1225 QEMU_ARCH_ALL) 1226STEXI 1227@item -snapshot 1228@findex -snapshot 1229Write to temporary files instead of disk image files. In this case, 1230the raw disk image you use is not written back. You can however force 1231the write back by pressing @key{C-a s} (@pxref{disk_images}). 1232ETEXI 1233 1234DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, 1235 "-fsdev fsdriver,id=id[,path=path,][security_model={mapped-xattr|mapped-file|passthrough|none}]\n" 1236 " [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd][,fmode=fmode][,dmode=dmode]\n" 1237 " [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n" 1238 " [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n" 1239 " [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n" 1240 " [[,throttling.iops-total-max=im]|[[,throttling.iops-read-max=irm][,throttling.iops-write-max=iwm]]]\n" 1241 " [[,throttling.iops-size=is]]\n", 1242 QEMU_ARCH_ALL) 1243 1244STEXI 1245 1246@item -fsdev @var{fsdriver},id=@var{id},path=@var{path},[security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}][,fmode=@var{fmode}][,dmode=@var{dmode}] 1247@findex -fsdev 1248Define a new file system device. Valid options are: 1249@table @option 1250@item @var{fsdriver} 1251This option specifies the fs driver backend to use. 1252Currently "local" and "proxy" file system drivers are supported. 1253@item id=@var{id} 1254Specifies identifier for this device 1255@item path=@var{path} 1256Specifies the export path for the file system device. Files under 1257this path will be available to the 9p client on the guest. 1258@item security_model=@var{security_model} 1259Specifies the security model to be used for this export path. 1260Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". 1261In "passthrough" security model, files are stored using the same 1262credentials as they are created on the guest. This requires QEMU 1263to run as root. In "mapped-xattr" security model, some of the file 1264attributes like uid, gid, mode bits and link target are stored as 1265file attributes. For "mapped-file" these attributes are stored in the 1266hidden .virtfs_metadata directory. Directories exported by this security model cannot 1267interact with other unix tools. "none" security model is same as 1268passthrough except the sever won't report failures if it fails to 1269set file attributes like ownership. Security model is mandatory 1270only for local fsdriver. Other fsdrivers (like proxy) don't take 1271security model as a parameter. 1272@item writeout=@var{writeout} 1273This is an optional argument. The only supported value is "immediate". 1274This means that host page cache will be used to read and write data but 1275write notification will be sent to the guest only when the data has been 1276reported as written by the storage subsystem. 1277@item readonly 1278Enables exporting 9p share as a readonly mount for guests. By default 1279read-write access is given. 1280@item socket=@var{socket} 1281Enables proxy filesystem driver to use passed socket file for communicating 1282with virtfs-proxy-helper 1283@item sock_fd=@var{sock_fd} 1284Enables proxy filesystem driver to use passed socket descriptor for 1285communicating with virtfs-proxy-helper. Usually a helper like libvirt 1286will create socketpair and pass one of the fds as sock_fd 1287@item fmode=@var{fmode} 1288Specifies the default mode for newly created files on the host. Works only 1289with security models "mapped-xattr" and "mapped-file". 1290@item dmode=@var{dmode} 1291Specifies the default mode for newly created directories on the host. Works 1292only with security models "mapped-xattr" and "mapped-file". 1293@end table 1294 1295-fsdev option is used along with -device driver "virtio-9p-pci". 1296@item -device virtio-9p-pci,fsdev=@var{id},mount_tag=@var{mount_tag} 1297Options for virtio-9p-pci driver are: 1298@table @option 1299@item fsdev=@var{id} 1300Specifies the id value specified along with -fsdev option 1301@item mount_tag=@var{mount_tag} 1302Specifies the tag name to be used by the guest to mount this export point 1303@end table 1304 1305ETEXI 1306 1307DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, 1308 "-virtfs local,path=path,mount_tag=tag,security_model=[mapped-xattr|mapped-file|passthrough|none]\n" 1309 " [,id=id][,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd][,fmode=fmode][,dmode=dmode]\n", 1310 QEMU_ARCH_ALL) 1311 1312STEXI 1313 1314@item -virtfs @var{fsdriver}[,path=@var{path}],mount_tag=@var{mount_tag}[,security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}][,fmode=@var{fmode}][,dmode=@var{dmode}] 1315@findex -virtfs 1316 1317The general form of a Virtual File system pass-through options are: 1318@table @option 1319@item @var{fsdriver} 1320This option specifies the fs driver backend to use. 1321Currently "local" and "proxy" file system drivers are supported. 1322@item id=@var{id} 1323Specifies identifier for this device 1324@item path=@var{path} 1325Specifies the export path for the file system device. Files under 1326this path will be available to the 9p client on the guest. 1327@item security_model=@var{security_model} 1328Specifies the security model to be used for this export path. 1329Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". 1330In "passthrough" security model, files are stored using the same 1331credentials as they are created on the guest. This requires QEMU 1332to run as root. In "mapped-xattr" security model, some of the file 1333attributes like uid, gid, mode bits and link target are stored as 1334file attributes. For "mapped-file" these attributes are stored in the 1335hidden .virtfs_metadata directory. Directories exported by this security model cannot 1336interact with other unix tools. "none" security model is same as 1337passthrough except the sever won't report failures if it fails to 1338set file attributes like ownership. Security model is mandatory only 1339for local fsdriver. Other fsdrivers (like proxy) don't take security 1340model as a parameter. 1341@item writeout=@var{writeout} 1342This is an optional argument. The only supported value is "immediate". 1343This means that host page cache will be used to read and write data but 1344write notification will be sent to the guest only when the data has been 1345reported as written by the storage subsystem. 1346@item readonly 1347Enables exporting 9p share as a readonly mount for guests. By default 1348read-write access is given. 1349@item socket=@var{socket} 1350Enables proxy filesystem driver to use passed socket file for 1351communicating with virtfs-proxy-helper. Usually a helper like libvirt 1352will create socketpair and pass one of the fds as sock_fd 1353@item sock_fd 1354Enables proxy filesystem driver to use passed 'sock_fd' as the socket 1355descriptor for interfacing with virtfs-proxy-helper 1356@item fmode=@var{fmode} 1357Specifies the default mode for newly created files on the host. Works only 1358with security models "mapped-xattr" and "mapped-file". 1359@item dmode=@var{dmode} 1360Specifies the default mode for newly created directories on the host. Works 1361only with security models "mapped-xattr" and "mapped-file". 1362@end table 1363ETEXI 1364 1365DEF("virtfs_synth", 0, QEMU_OPTION_virtfs_synth, 1366 "-virtfs_synth Create synthetic file system image\n", 1367 QEMU_ARCH_ALL) 1368STEXI 1369@item -virtfs_synth 1370@findex -virtfs_synth 1371Create synthetic file system image 1372ETEXI 1373 1374DEF("iscsi", HAS_ARG, QEMU_OPTION_iscsi, 1375 "-iscsi [user=user][,password=password]\n" 1376 " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE\n" 1377 " [,initiator-name=initiator-iqn][,id=target-iqn]\n" 1378 " [,timeout=timeout]\n" 1379 " iSCSI session parameters\n", QEMU_ARCH_ALL) 1380 1381STEXI 1382@item -iscsi 1383@findex -iscsi 1384Configure iSCSI session parameters. 1385ETEXI 1386 1387STEXI 1388@end table 1389ETEXI 1390DEFHEADING() 1391 1392DEFHEADING(USB options:) 1393STEXI 1394@table @option 1395ETEXI 1396 1397DEF("usb", 0, QEMU_OPTION_usb, 1398 "-usb enable the USB driver (if it is not used by default yet)\n", 1399 QEMU_ARCH_ALL) 1400STEXI 1401@item -usb 1402@findex -usb 1403Enable the USB driver (if it is not used by default yet). 1404ETEXI 1405 1406DEF("usbdevice", HAS_ARG, QEMU_OPTION_usbdevice, 1407 "-usbdevice name add the host or guest USB device 'name'\n", 1408 QEMU_ARCH_ALL) 1409STEXI 1410 1411@item -usbdevice @var{devname} 1412@findex -usbdevice 1413Add the USB device @var{devname}. Note that this option is deprecated, 1414please use @code{-device usb-...} instead. @xref{usb_devices}. 1415 1416@table @option 1417 1418@item mouse 1419Virtual Mouse. This will override the PS/2 mouse emulation when activated. 1420 1421@item tablet 1422Pointer device that uses absolute coordinates (like a touchscreen). This 1423means QEMU is able to report the mouse position without having to grab the 1424mouse. Also overrides the PS/2 mouse emulation when activated. 1425 1426@item braille 1427Braille device. This will use BrlAPI to display the braille output on a real 1428or fake device. 1429 1430@end table 1431ETEXI 1432 1433STEXI 1434@end table 1435ETEXI 1436DEFHEADING() 1437 1438DEFHEADING(Display options:) 1439STEXI 1440@table @option 1441ETEXI 1442 1443DEF("display", HAS_ARG, QEMU_OPTION_display, 1444 "-display spice-app[,gl=on|off]\n" 1445 "-display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]\n" 1446 " [,window_close=on|off][,gl=on|core|es|off]\n" 1447 "-display gtk[,grab_on_hover=on|off][,gl=on|off]|\n" 1448 "-display vnc=<display>[,<optargs>]\n" 1449 "-display curses[,charset=<encoding>]\n" 1450 "-display none\n" 1451 "-display egl-headless[,rendernode=<file>]" 1452 " select display type\n" 1453 "The default display is equivalent to\n" 1454#if defined(CONFIG_GTK) 1455 "\t\"-display gtk\"\n" 1456#elif defined(CONFIG_SDL) 1457 "\t\"-display sdl\"\n" 1458#elif defined(CONFIG_COCOA) 1459 "\t\"-display cocoa\"\n" 1460#elif defined(CONFIG_VNC) 1461 "\t\"-vnc localhost:0,to=99,id=default\"\n" 1462#else 1463 "\t\"-display none\"\n" 1464#endif 1465 , QEMU_ARCH_ALL) 1466STEXI 1467@item -display @var{type} 1468@findex -display 1469Select type of display to use. This option is a replacement for the 1470old style -sdl/-curses/... options. Valid values for @var{type} are 1471@table @option 1472@item sdl 1473Display video output via SDL (usually in a separate graphics 1474window; see the SDL documentation for other possibilities). 1475@item curses 1476Display video output via curses. For graphics device models which 1477support a text mode, QEMU can display this output using a 1478curses/ncurses interface. Nothing is displayed when the graphics 1479device is in graphical mode or if the graphics device does not support 1480a text mode. Generally only the VGA device models support text mode. 1481The font charset used by the guest can be specified with the 1482@code{charset} option, for example @code{charset=CP850} for IBM CP850 1483encoding. The default is @code{CP437}. 1484@item none 1485Do not display video output. The guest will still see an emulated 1486graphics card, but its output will not be displayed to the QEMU 1487user. This option differs from the -nographic option in that it 1488only affects what is done with video output; -nographic also changes 1489the destination of the serial and parallel port data. 1490@item gtk 1491Display video output in a GTK window. This interface provides drop-down 1492menus and other UI elements to configure and control the VM during 1493runtime. 1494@item vnc 1495Start a VNC server on display <arg> 1496@item egl-headless 1497Offload all OpenGL operations to a local DRI device. For any graphical display, 1498this display needs to be paired with either VNC or SPICE displays. 1499@item spice-app 1500Start QEMU as a Spice server and launch the default Spice client 1501application. The Spice server will redirect the serial consoles and 1502QEMU monitors. (Since 4.0) 1503@end table 1504ETEXI 1505 1506DEF("nographic", 0, QEMU_OPTION_nographic, 1507 "-nographic disable graphical output and redirect serial I/Os to console\n", 1508 QEMU_ARCH_ALL) 1509STEXI 1510@item -nographic 1511@findex -nographic 1512Normally, if QEMU is compiled with graphical window support, it displays 1513output such as guest graphics, guest console, and the QEMU monitor in a 1514window. With this option, you can totally disable graphical output so 1515that QEMU is a simple command line application. The emulated serial port 1516is redirected on the console and muxed with the monitor (unless 1517redirected elsewhere explicitly). Therefore, you can still use QEMU to 1518debug a Linux kernel with a serial console. Use @key{C-a h} for help on 1519switching between the console and monitor. 1520ETEXI 1521 1522DEF("curses", 0, QEMU_OPTION_curses, 1523 "-curses shorthand for -display curses\n", 1524 QEMU_ARCH_ALL) 1525STEXI 1526@item -curses 1527@findex -curses 1528Normally, if QEMU is compiled with graphical window support, it displays 1529output such as guest graphics, guest console, and the QEMU monitor in a 1530window. With this option, QEMU can display the VGA output when in text 1531mode using a curses/ncurses interface. Nothing is displayed in graphical 1532mode. 1533ETEXI 1534 1535DEF("alt-grab", 0, QEMU_OPTION_alt_grab, 1536 "-alt-grab use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt)\n", 1537 QEMU_ARCH_ALL) 1538STEXI 1539@item -alt-grab 1540@findex -alt-grab 1541Use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt). Note that this also 1542affects the special keys (for fullscreen, monitor-mode switching, etc). 1543ETEXI 1544 1545DEF("ctrl-grab", 0, QEMU_OPTION_ctrl_grab, 1546 "-ctrl-grab use Right-Ctrl to grab mouse (instead of Ctrl-Alt)\n", 1547 QEMU_ARCH_ALL) 1548STEXI 1549@item -ctrl-grab 1550@findex -ctrl-grab 1551Use Right-Ctrl to grab mouse (instead of Ctrl-Alt). Note that this also 1552affects the special keys (for fullscreen, monitor-mode switching, etc). 1553ETEXI 1554 1555DEF("no-quit", 0, QEMU_OPTION_no_quit, 1556 "-no-quit disable SDL window close capability\n", QEMU_ARCH_ALL) 1557STEXI 1558@item -no-quit 1559@findex -no-quit 1560Disable SDL window close capability. 1561ETEXI 1562 1563DEF("sdl", 0, QEMU_OPTION_sdl, 1564 "-sdl shorthand for -display sdl\n", QEMU_ARCH_ALL) 1565STEXI 1566@item -sdl 1567@findex -sdl 1568Enable SDL. 1569ETEXI 1570 1571DEF("spice", HAS_ARG, QEMU_OPTION_spice, 1572 "-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]\n" 1573 " [,x509-key-file=<file>][,x509-key-password=<file>]\n" 1574 " [,x509-cert-file=<file>][,x509-cacert-file=<file>]\n" 1575 " [,x509-dh-key-file=<file>][,addr=addr][,ipv4|ipv6|unix]\n" 1576 " [,tls-ciphers=<list>]\n" 1577 " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" 1578 " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" 1579 " [,sasl][,password=<secret>][,disable-ticketing]\n" 1580 " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" 1581 " [,jpeg-wan-compression=[auto|never|always]]\n" 1582 " [,zlib-glz-wan-compression=[auto|never|always]]\n" 1583 " [,streaming-video=[off|all|filter]][,disable-copy-paste]\n" 1584 " [,disable-agent-file-xfer][,agent-mouse=[on|off]]\n" 1585 " [,playback-compression=[on|off]][,seamless-migration=[on|off]]\n" 1586 " [,gl=[on|off]][,rendernode=<file>]\n" 1587 " enable spice\n" 1588 " at least one of {port, tls-port} is mandatory\n", 1589 QEMU_ARCH_ALL) 1590STEXI 1591@item -spice @var{option}[,@var{option}[,...]] 1592@findex -spice 1593Enable the spice remote desktop protocol. Valid options are 1594 1595@table @option 1596 1597@item port=<nr> 1598Set the TCP port spice is listening on for plaintext channels. 1599 1600@item addr=<addr> 1601Set the IP address spice is listening on. Default is any address. 1602 1603@item ipv4 1604@itemx ipv6 1605@itemx unix 1606Force using the specified IP version. 1607 1608@item password=<secret> 1609Set the password you need to authenticate. 1610 1611@item sasl 1612Require that the client use SASL to authenticate with the spice. 1613The exact choice of authentication method used is controlled from the 1614system / user's SASL configuration file for the 'qemu' service. This 1615is typically found in /etc/sasl2/qemu.conf. If running QEMU as an 1616unprivileged user, an environment variable SASL_CONF_PATH can be used 1617to make it search alternate locations for the service config. 1618While some SASL auth methods can also provide data encryption (eg GSSAPI), 1619it is recommended that SASL always be combined with the 'tls' and 1620'x509' settings to enable use of SSL and server certificates. This 1621ensures a data encryption preventing compromise of authentication 1622credentials. 1623 1624@item disable-ticketing 1625Allow client connects without authentication. 1626 1627@item disable-copy-paste 1628Disable copy paste between the client and the guest. 1629 1630@item disable-agent-file-xfer 1631Disable spice-vdagent based file-xfer between the client and the guest. 1632 1633@item tls-port=<nr> 1634Set the TCP port spice is listening on for encrypted channels. 1635 1636@item x509-dir=<dir> 1637Set the x509 file directory. Expects same filenames as -vnc $display,x509=$dir 1638 1639@item x509-key-file=<file> 1640@itemx x509-key-password=<file> 1641@itemx x509-cert-file=<file> 1642@itemx x509-cacert-file=<file> 1643@itemx x509-dh-key-file=<file> 1644The x509 file names can also be configured individually. 1645 1646@item tls-ciphers=<list> 1647Specify which ciphers to use. 1648 1649@item tls-channel=[main|display|cursor|inputs|record|playback] 1650@itemx plaintext-channel=[main|display|cursor|inputs|record|playback] 1651Force specific channel to be used with or without TLS encryption. The 1652options can be specified multiple times to configure multiple 1653channels. The special name "default" can be used to set the default 1654mode. For channels which are not explicitly forced into one mode the 1655spice client is allowed to pick tls/plaintext as he pleases. 1656 1657@item image-compression=[auto_glz|auto_lz|quic|glz|lz|off] 1658Configure image compression (lossless). 1659Default is auto_glz. 1660 1661@item jpeg-wan-compression=[auto|never|always] 1662@itemx zlib-glz-wan-compression=[auto|never|always] 1663Configure wan image compression (lossy for slow links). 1664Default is auto. 1665 1666@item streaming-video=[off|all|filter] 1667Configure video stream detection. Default is off. 1668 1669@item agent-mouse=[on|off] 1670Enable/disable passing mouse events via vdagent. Default is on. 1671 1672@item playback-compression=[on|off] 1673Enable/disable audio stream compression (using celt 0.5.1). Default is on. 1674 1675@item seamless-migration=[on|off] 1676Enable/disable spice seamless migration. Default is off. 1677 1678@item gl=[on|off] 1679Enable/disable OpenGL context. Default is off. 1680 1681@item rendernode=<file> 1682DRM render node for OpenGL rendering. If not specified, it will pick 1683the first available. (Since 2.9) 1684 1685@end table 1686ETEXI 1687 1688DEF("portrait", 0, QEMU_OPTION_portrait, 1689 "-portrait rotate graphical output 90 deg left (only PXA LCD)\n", 1690 QEMU_ARCH_ALL) 1691STEXI 1692@item -portrait 1693@findex -portrait 1694Rotate graphical output 90 deg left (only PXA LCD). 1695ETEXI 1696 1697DEF("rotate", HAS_ARG, QEMU_OPTION_rotate, 1698 "-rotate <deg> rotate graphical output some deg left (only PXA LCD)\n", 1699 QEMU_ARCH_ALL) 1700STEXI 1701@item -rotate @var{deg} 1702@findex -rotate 1703Rotate graphical output some deg left (only PXA LCD). 1704ETEXI 1705 1706DEF("vga", HAS_ARG, QEMU_OPTION_vga, 1707 "-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]\n" 1708 " select video card type\n", QEMU_ARCH_ALL) 1709STEXI 1710@item -vga @var{type} 1711@findex -vga 1712Select type of VGA card to emulate. Valid values for @var{type} are 1713@table @option 1714@item cirrus 1715Cirrus Logic GD5446 Video card. All Windows versions starting from 1716Windows 95 should recognize and use this graphic card. For optimal 1717performances, use 16 bit color depth in the guest and the host OS. 1718(This card was the default before QEMU 2.2) 1719@item std 1720Standard VGA card with Bochs VBE extensions. If your guest OS 1721supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if you want 1722to use high resolution modes (>= 1280x1024x16) then you should use 1723this option. (This card is the default since QEMU 2.2) 1724@item vmware 1725VMWare SVGA-II compatible adapter. Use it if you have sufficiently 1726recent XFree86/XOrg server or Windows guest with a driver for this 1727card. 1728@item qxl 1729QXL paravirtual graphic card. It is VGA compatible (including VESA 17302.0 VBE support). Works best with qxl guest drivers installed though. 1731Recommended choice when using the spice protocol. 1732@item tcx 1733(sun4m only) Sun TCX framebuffer. This is the default framebuffer for 1734sun4m machines and offers both 8-bit and 24-bit colour depths at a 1735fixed resolution of 1024x768. 1736@item cg3 1737(sun4m only) Sun cgthree framebuffer. This is a simple 8-bit framebuffer 1738for sun4m machines available in both 1024x768 (OpenBIOS) and 1152x900 (OBP) 1739resolutions aimed at people wishing to run older Solaris versions. 1740@item virtio 1741Virtio VGA card. 1742@item none 1743Disable VGA card. 1744@end table 1745ETEXI 1746 1747DEF("full-screen", 0, QEMU_OPTION_full_screen, 1748 "-full-screen start in full screen\n", QEMU_ARCH_ALL) 1749STEXI 1750@item -full-screen 1751@findex -full-screen 1752Start in full screen. 1753ETEXI 1754 1755DEF("g", 1, QEMU_OPTION_g , 1756 "-g WxH[xDEPTH] Set the initial graphical resolution and depth\n", 1757 QEMU_ARCH_PPC | QEMU_ARCH_SPARC) 1758STEXI 1759@item -g @var{width}x@var{height}[x@var{depth}] 1760@findex -g 1761Set the initial graphical resolution and depth (PPC, SPARC only). 1762ETEXI 1763 1764DEF("vnc", HAS_ARG, QEMU_OPTION_vnc , 1765 "-vnc <display> shorthand for -display vnc=<display>\n", QEMU_ARCH_ALL) 1766STEXI 1767@item -vnc @var{display}[,@var{option}[,@var{option}[,...]]] 1768@findex -vnc 1769Normally, if QEMU is compiled with graphical window support, it displays 1770output such as guest graphics, guest console, and the QEMU monitor in a 1771window. With this option, you can have QEMU listen on VNC display 1772@var{display} and redirect the VGA display over the VNC session. It is 1773very useful to enable the usb tablet device when using this option 1774(option @option{-device usb-tablet}). When using the VNC display, you 1775must use the @option{-k} parameter to set the keyboard layout if you are 1776not using en-us. Valid syntax for the @var{display} is 1777 1778@table @option 1779 1780@item to=@var{L} 1781 1782With this option, QEMU will try next available VNC @var{display}s, until the 1783number @var{L}, if the origianlly defined "-vnc @var{display}" is not 1784available, e.g. port 5900+@var{display} is already used by another 1785application. By default, to=0. 1786 1787@item @var{host}:@var{d} 1788 1789TCP connections will only be allowed from @var{host} on display @var{d}. 1790By convention the TCP port is 5900+@var{d}. Optionally, @var{host} can 1791be omitted in which case the server will accept connections from any host. 1792 1793@item unix:@var{path} 1794 1795Connections will be allowed over UNIX domain sockets where @var{path} is the 1796location of a unix socket to listen for connections on. 1797 1798@item none 1799 1800VNC is initialized but not started. The monitor @code{change} command 1801can be used to later start the VNC server. 1802 1803@end table 1804 1805Following the @var{display} value there may be one or more @var{option} flags 1806separated by commas. Valid options are 1807 1808@table @option 1809 1810@item reverse 1811 1812Connect to a listening VNC client via a ``reverse'' connection. The 1813client is specified by the @var{display}. For reverse network 1814connections (@var{host}:@var{d},@code{reverse}), the @var{d} argument 1815is a TCP port number, not a display number. 1816 1817@item websocket 1818 1819Opens an additional TCP listening port dedicated to VNC Websocket connections. 1820If a bare @var{websocket} option is given, the Websocket port is 18215700+@var{display}. An alternative port can be specified with the 1822syntax @code{websocket}=@var{port}. 1823 1824If @var{host} is specified connections will only be allowed from this host. 1825It is possible to control the websocket listen address independently, using 1826the syntax @code{websocket}=@var{host}:@var{port}. 1827 1828If no TLS credentials are provided, the websocket connection runs in 1829unencrypted mode. If TLS credentials are provided, the websocket connection 1830requires encrypted client connections. 1831 1832@item password 1833 1834Require that password based authentication is used for client connections. 1835 1836The password must be set separately using the @code{set_password} command in 1837the @ref{pcsys_monitor}. The syntax to change your password is: 1838@code{set_password <protocol> <password>} where <protocol> could be either 1839"vnc" or "spice". 1840 1841If you would like to change <protocol> password expiration, you should use 1842@code{expire_password <protocol> <expiration-time>} where expiration time could 1843be one of the following options: now, never, +seconds or UNIX time of 1844expiration, e.g. +60 to make password expire in 60 seconds, or 1335196800 1845to make password expire on "Mon Apr 23 12:00:00 EDT 2012" (UNIX time for this 1846date and time). 1847 1848You can also use keywords "now" or "never" for the expiration time to 1849allow <protocol> password to expire immediately or never expire. 1850 1851@item tls-creds=@var{ID} 1852 1853Provides the ID of a set of TLS credentials to use to secure the 1854VNC server. They will apply to both the normal VNC server socket 1855and the websocket socket (if enabled). Setting TLS credentials 1856will cause the VNC server socket to enable the VeNCrypt auth 1857mechanism. The credentials should have been previously created 1858using the @option{-object tls-creds} argument. 1859 1860@item tls-authz=@var{ID} 1861 1862Provides the ID of the QAuthZ authorization object against which 1863the client's x509 distinguished name will validated. This object is 1864only resolved at time of use, so can be deleted and recreated on the 1865fly while the VNC server is active. If missing, it will default 1866to denying access. 1867 1868@item sasl 1869 1870Require that the client use SASL to authenticate with the VNC server. 1871The exact choice of authentication method used is controlled from the 1872system / user's SASL configuration file for the 'qemu' service. This 1873is typically found in /etc/sasl2/qemu.conf. If running QEMU as an 1874unprivileged user, an environment variable SASL_CONF_PATH can be used 1875to make it search alternate locations for the service config. 1876While some SASL auth methods can also provide data encryption (eg GSSAPI), 1877it is recommended that SASL always be combined with the 'tls' and 1878'x509' settings to enable use of SSL and server certificates. This 1879ensures a data encryption preventing compromise of authentication 1880credentials. See the @ref{vnc_security} section for details on using 1881SASL authentication. 1882 1883@item sasl-authz=@var{ID} 1884 1885Provides the ID of the QAuthZ authorization object against which 1886the client's SASL username will validated. This object is 1887only resolved at time of use, so can be deleted and recreated on the 1888fly while the VNC server is active. If missing, it will default 1889to denying access. 1890 1891@item acl 1892 1893Legacy method for enabling authorization of clients against the 1894x509 distinguished name and SASL username. It results in the creation 1895of two @code{authz-list} objects with IDs of @code{vnc.username} and 1896@code{vnc.x509dname}. The rules for these objects must be configured 1897with the HMP ACL commands. 1898 1899This option is deprecated and should no longer be used. The new 1900@option{sasl-authz} and @option{tls-authz} options are a 1901replacement. 1902 1903@item lossy 1904 1905Enable lossy compression methods (gradient, JPEG, ...). If this 1906option is set, VNC client may receive lossy framebuffer updates 1907depending on its encoding settings. Enabling this option can save 1908a lot of bandwidth at the expense of quality. 1909 1910@item non-adaptive 1911 1912Disable adaptive encodings. Adaptive encodings are enabled by default. 1913An adaptive encoding will try to detect frequently updated screen regions, 1914and send updates in these regions using a lossy encoding (like JPEG). 1915This can be really helpful to save bandwidth when playing videos. Disabling 1916adaptive encodings restores the original static behavior of encodings 1917like Tight. 1918 1919@item share=[allow-exclusive|force-shared|ignore] 1920 1921Set display sharing policy. 'allow-exclusive' allows clients to ask 1922for exclusive access. As suggested by the rfb spec this is 1923implemented by dropping other connections. Connecting multiple 1924clients in parallel requires all clients asking for a shared session 1925(vncviewer: -shared switch). This is the default. 'force-shared' 1926disables exclusive client access. Useful for shared desktop sessions, 1927where you don't want someone forgetting specify -shared disconnect 1928everybody else. 'ignore' completely ignores the shared flag and 1929allows everybody connect unconditionally. Doesn't conform to the rfb 1930spec but is traditional QEMU behavior. 1931 1932@item key-delay-ms 1933 1934Set keyboard delay, for key down and key up events, in milliseconds. 1935Default is 10. Keyboards are low-bandwidth devices, so this slowdown 1936can help the device and guest to keep up and not lose events in case 1937events are arriving in bulk. Possible causes for the latter are flaky 1938network connections, or scripts for automated testing. 1939 1940@end table 1941ETEXI 1942 1943STEXI 1944@end table 1945ETEXI 1946ARCHHEADING(, QEMU_ARCH_I386) 1947 1948ARCHHEADING(i386 target only:, QEMU_ARCH_I386) 1949STEXI 1950@table @option 1951ETEXI 1952 1953DEF("win2k-hack", 0, QEMU_OPTION_win2k_hack, 1954 "-win2k-hack use it when installing Windows 2000 to avoid a disk full bug\n", 1955 QEMU_ARCH_I386) 1956STEXI 1957@item -win2k-hack 1958@findex -win2k-hack 1959Use it when installing Windows 2000 to avoid a disk full bug. After 1960Windows 2000 is installed, you no longer need this option (this option 1961slows down the IDE transfers). 1962ETEXI 1963 1964DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk, 1965 "-no-fd-bootchk disable boot signature checking for floppy disks\n", 1966 QEMU_ARCH_I386) 1967STEXI 1968@item -no-fd-bootchk 1969@findex -no-fd-bootchk 1970Disable boot signature checking for floppy disks in BIOS. May 1971be needed to boot from old floppy disks. 1972ETEXI 1973 1974DEF("no-acpi", 0, QEMU_OPTION_no_acpi, 1975 "-no-acpi disable ACPI\n", QEMU_ARCH_I386 | QEMU_ARCH_ARM) 1976STEXI 1977@item -no-acpi 1978@findex -no-acpi 1979Disable ACPI (Advanced Configuration and Power Interface) support. Use 1980it if your guest OS complains about ACPI problems (PC target machine 1981only). 1982ETEXI 1983 1984DEF("no-hpet", 0, QEMU_OPTION_no_hpet, 1985 "-no-hpet disable HPET\n", QEMU_ARCH_I386) 1986STEXI 1987@item -no-hpet 1988@findex -no-hpet 1989Disable HPET support. 1990ETEXI 1991 1992DEF("acpitable", HAS_ARG, QEMU_OPTION_acpitable, 1993 "-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]\n" 1994 " ACPI table description\n", QEMU_ARCH_I386) 1995STEXI 1996@item -acpitable [sig=@var{str}][,rev=@var{n}][,oem_id=@var{str}][,oem_table_id=@var{str}][,oem_rev=@var{n}] [,asl_compiler_id=@var{str}][,asl_compiler_rev=@var{n}][,data=@var{file1}[:@var{file2}]...] 1997@findex -acpitable 1998Add ACPI table with specified header fields and context from specified files. 1999For file=, take whole ACPI table from the specified files, including all 2000ACPI headers (possible overridden by other options). 2001For data=, only data 2002portion of the table is used, all header information is specified in the 2003command line. 2004If a SLIC table is supplied to QEMU, then the SLIC's oem_id and oem_table_id 2005fields will override the same in the RSDT and the FADT (a.k.a. FACP), in order 2006to ensure the field matches required by the Microsoft SLIC spec and the ACPI 2007spec. 2008ETEXI 2009 2010DEF("smbios", HAS_ARG, QEMU_OPTION_smbios, 2011 "-smbios file=binary\n" 2012 " load SMBIOS entry from binary file\n" 2013 "-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d]\n" 2014 " [,uefi=on|off]\n" 2015 " specify SMBIOS type 0 fields\n" 2016 "-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]\n" 2017 " [,uuid=uuid][,sku=str][,family=str]\n" 2018 " specify SMBIOS type 1 fields\n" 2019 "-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str]\n" 2020 " [,asset=str][,location=str]\n" 2021 " specify SMBIOS type 2 fields\n" 2022 "-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str]\n" 2023 " [,sku=str]\n" 2024 " specify SMBIOS type 3 fields\n" 2025 "-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str]\n" 2026 " [,asset=str][,part=str]\n" 2027 " specify SMBIOS type 4 fields\n" 2028 "-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n" 2029 " [,asset=str][,part=str][,speed=%d]\n" 2030 " specify SMBIOS type 17 fields\n", 2031 QEMU_ARCH_I386 | QEMU_ARCH_ARM) 2032STEXI 2033@item -smbios file=@var{binary} 2034@findex -smbios 2035Load SMBIOS entry from binary file. 2036 2037@item -smbios type=0[,vendor=@var{str}][,version=@var{str}][,date=@var{str}][,release=@var{%d.%d}][,uefi=on|off] 2038Specify SMBIOS type 0 fields 2039 2040@item -smbios type=1[,manufacturer=@var{str}][,product=@var{str}][,version=@var{str}][,serial=@var{str}][,uuid=@var{uuid}][,sku=@var{str}][,family=@var{str}] 2041Specify SMBIOS type 1 fields 2042 2043@item -smbios type=2[,manufacturer=@var{str}][,product=@var{str}][,version=@var{str}][,serial=@var{str}][,asset=@var{str}][,location=@var{str}][,family=@var{str}] 2044Specify SMBIOS type 2 fields 2045 2046@item -smbios type=3[,manufacturer=@var{str}][,version=@var{str}][,serial=@var{str}][,asset=@var{str}][,sku=@var{str}] 2047Specify SMBIOS type 3 fields 2048 2049@item -smbios type=4[,sock_pfx=@var{str}][,manufacturer=@var{str}][,version=@var{str}][,serial=@var{str}][,asset=@var{str}][,part=@var{str}] 2050Specify SMBIOS type 4 fields 2051 2052@item -smbios type=17[,loc_pfx=@var{str}][,bank=@var{str}][,manufacturer=@var{str}][,serial=@var{str}][,asset=@var{str}][,part=@var{str}][,speed=@var{%d}] 2053Specify SMBIOS type 17 fields 2054ETEXI 2055 2056STEXI 2057@end table 2058ETEXI 2059DEFHEADING() 2060 2061DEFHEADING(Network options:) 2062STEXI 2063@table @option 2064ETEXI 2065 2066DEF("netdev", HAS_ARG, QEMU_OPTION_netdev, 2067#ifdef CONFIG_SLIRP 2068 "-netdev user,id=str[,ipv4[=on|off]][,net=addr[/mask]][,host=addr]\n" 2069 " [,ipv6[=on|off]][,ipv6-net=addr[/int]][,ipv6-host=addr]\n" 2070 " [,restrict=on|off][,hostname=host][,dhcpstart=addr]\n" 2071 " [,dns=addr][,ipv6-dns=addr][,dnssearch=domain][,domainname=domain]\n" 2072 " [,tftp=dir][,tftp-server-name=name][,bootfile=f][,hostfwd=rule][,guestfwd=rule]" 2073#ifndef _WIN32 2074 "[,smb=dir[,smbserver=addr]]\n" 2075#endif 2076 " configure a user mode network backend with ID 'str',\n" 2077 " its DHCP server and optional services\n" 2078#endif 2079#ifdef _WIN32 2080 "-netdev tap,id=str,ifname=name\n" 2081 " configure a host TAP network backend with ID 'str'\n" 2082#else 2083 "-netdev tap,id=str[,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile]\n" 2084 " [,br=bridge][,helper=helper][,sndbuf=nbytes][,vnet_hdr=on|off][,vhost=on|off]\n" 2085 " [,vhostfd=h][,vhostfds=x:y:...:z][,vhostforce=on|off][,queues=n]\n" 2086 " [,poll-us=n]\n" 2087 " configure a host TAP network backend with ID 'str'\n" 2088 " connected to a bridge (default=" DEFAULT_BRIDGE_INTERFACE ")\n" 2089 " use network scripts 'file' (default=" DEFAULT_NETWORK_SCRIPT ")\n" 2090 " to configure it and 'dfile' (default=" DEFAULT_NETWORK_DOWN_SCRIPT ")\n" 2091 " to deconfigure it\n" 2092 " use '[down]script=no' to disable script execution\n" 2093 " use network helper 'helper' (default=" DEFAULT_BRIDGE_HELPER ") to\n" 2094 " configure it\n" 2095 " use 'fd=h' to connect to an already opened TAP interface\n" 2096 " use 'fds=x:y:...:z' to connect to already opened multiqueue capable TAP interfaces\n" 2097 " use 'sndbuf=nbytes' to limit the size of the send buffer (the\n" 2098 " default is disabled 'sndbuf=0' to enable flow control set 'sndbuf=1048576')\n" 2099 " use vnet_hdr=off to avoid enabling the IFF_VNET_HDR tap flag\n" 2100 " use vnet_hdr=on to make the lack of IFF_VNET_HDR support an error condition\n" 2101 " use vhost=on to enable experimental in kernel accelerator\n" 2102 " (only has effect for virtio guests which use MSIX)\n" 2103 " use vhostforce=on to force vhost on for non-MSIX virtio guests\n" 2104 " use 'vhostfd=h' to connect to an already opened vhost net device\n" 2105 " use 'vhostfds=x:y:...:z to connect to multiple already opened vhost net devices\n" 2106 " use 'queues=n' to specify the number of queues to be created for multiqueue TAP\n" 2107 " use 'poll-us=n' to speciy the maximum number of microseconds that could be\n" 2108 " spent on busy polling for vhost net\n" 2109 "-netdev bridge,id=str[,br=bridge][,helper=helper]\n" 2110 " configure a host TAP network backend with ID 'str' that is\n" 2111 " connected to a bridge (default=" DEFAULT_BRIDGE_INTERFACE ")\n" 2112 " using the program 'helper (default=" DEFAULT_BRIDGE_HELPER ")\n" 2113#endif 2114#ifdef __linux__ 2115 "-netdev l2tpv3,id=str,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport]\n" 2116 " [,rxsession=rxsession],txsession=txsession[,ipv6=on/off][,udp=on/off]\n" 2117 " [,cookie64=on/off][,counter][,pincounter][,txcookie=txcookie]\n" 2118 " [,rxcookie=rxcookie][,offset=offset]\n" 2119 " configure a network backend with ID 'str' connected to\n" 2120 " an Ethernet over L2TPv3 pseudowire.\n" 2121 " Linux kernel 3.3+ as well as most routers can talk\n" 2122 " L2TPv3. This transport allows connecting a VM to a VM,\n" 2123 " VM to a router and even VM to Host. It is a nearly-universal\n" 2124 " standard (RFC3391). Note - this implementation uses static\n" 2125 " pre-configured tunnels (same as the Linux kernel).\n" 2126 " use 'src=' to specify source address\n" 2127 " use 'dst=' to specify destination address\n" 2128 " use 'udp=on' to specify udp encapsulation\n" 2129 " use 'srcport=' to specify source udp port\n" 2130 " use 'dstport=' to specify destination udp port\n" 2131 " use 'ipv6=on' to force v6\n" 2132 " L2TPv3 uses cookies to prevent misconfiguration as\n" 2133 " well as a weak security measure\n" 2134 " use 'rxcookie=0x012345678' to specify a rxcookie\n" 2135 " use 'txcookie=0x012345678' to specify a txcookie\n" 2136 " use 'cookie64=on' to set cookie size to 64 bit, otherwise 32\n" 2137 " use 'counter=off' to force a 'cut-down' L2TPv3 with no counter\n" 2138 " use 'pincounter=on' to work around broken counter handling in peer\n" 2139 " use 'offset=X' to add an extra offset between header and data\n" 2140#endif 2141 "-netdev socket,id=str[,fd=h][,listen=[host]:port][,connect=host:port]\n" 2142 " configure a network backend to connect to another network\n" 2143 " using a socket connection\n" 2144 "-netdev socket,id=str[,fd=h][,mcast=maddr:port[,localaddr=addr]]\n" 2145 " configure a network backend to connect to a multicast maddr and port\n" 2146 " use 'localaddr=addr' to specify the host address to send packets from\n" 2147 "-netdev socket,id=str[,fd=h][,udp=host:port][,localaddr=host:port]\n" 2148 " configure a network backend to connect to another network\n" 2149 " using an UDP tunnel\n" 2150#ifdef CONFIG_VDE 2151 "-netdev vde,id=str[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]\n" 2152 " configure a network backend to connect to port 'n' of a vde switch\n" 2153 " running on host and listening for incoming connections on 'socketpath'.\n" 2154 " Use group 'groupname' and mode 'octalmode' to change default\n" 2155 " ownership and permissions for communication port.\n" 2156#endif 2157#ifdef CONFIG_NETMAP 2158 "-netdev netmap,id=str,ifname=name[,devname=nmname]\n" 2159 " attach to the existing netmap-enabled network interface 'name', or to a\n" 2160 " VALE port (created on the fly) called 'name' ('nmname' is name of the \n" 2161 " netmap device, defaults to '/dev/netmap')\n" 2162#endif 2163#ifdef CONFIG_POSIX 2164 "-netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off]\n" 2165 " configure a vhost-user network, backed by a chardev 'dev'\n" 2166#endif 2167 "-netdev hubport,id=str,hubid=n[,netdev=nd]\n" 2168 " configure a hub port on the hub with ID 'n'\n", QEMU_ARCH_ALL) 2169DEF("nic", HAS_ARG, QEMU_OPTION_nic, 2170 "-nic [tap|bridge|" 2171#ifdef CONFIG_SLIRP 2172 "user|" 2173#endif 2174#ifdef __linux__ 2175 "l2tpv3|" 2176#endif 2177#ifdef CONFIG_VDE 2178 "vde|" 2179#endif 2180#ifdef CONFIG_NETMAP 2181 "netmap|" 2182#endif 2183#ifdef CONFIG_POSIX 2184 "vhost-user|" 2185#endif 2186 "socket][,option][,...][mac=macaddr]\n" 2187 " initialize an on-board / default host NIC (using MAC address\n" 2188 " macaddr) and connect it to the given host network backend\n" 2189 "-nic none use it alone to have zero network devices (the default is to\n" 2190 " provided a 'user' network connection)\n", 2191 QEMU_ARCH_ALL) 2192DEF("net", HAS_ARG, QEMU_OPTION_net, 2193 "-net nic[,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n" 2194 " configure or create an on-board (or machine default) NIC and\n" 2195 " connect it to hub 0 (please use -nic unless you need a hub)\n" 2196 "-net [" 2197#ifdef CONFIG_SLIRP 2198 "user|" 2199#endif 2200 "tap|" 2201 "bridge|" 2202#ifdef CONFIG_VDE 2203 "vde|" 2204#endif 2205#ifdef CONFIG_NETMAP 2206 "netmap|" 2207#endif 2208 "socket][,option][,option][,...]\n" 2209 " old way to initialize a host network interface\n" 2210 " (use the -netdev option if possible instead)\n", QEMU_ARCH_ALL) 2211STEXI 2212@item -nic [tap|bridge|user|l2tpv3|vde|netmap|vhost-user|socket][,...][,mac=macaddr][,model=mn] 2213@findex -nic 2214This option is a shortcut for configuring both the on-board (default) guest 2215NIC hardware and the host network backend in one go. The host backend options 2216are the same as with the corresponding @option{-netdev} options below. 2217The guest NIC model can be set with @option{model=@var{modelname}}. 2218Use @option{model=help} to list the available device types. 2219The hardware MAC address can be set with @option{mac=@var{macaddr}}. 2220 2221The following two example do exactly the same, to show how @option{-nic} can 2222be used to shorten the command line length (note that the e1000 is the default 2223on i386, so the @option{model=e1000} parameter could even be omitted here, too): 2224@example 2225qemu-system-i386 -netdev user,id=n1,ipv6=off -device e1000,netdev=n1,mac=52:54:98:76:54:32 2226qemu-system-i386 -nic user,ipv6=off,model=e1000,mac=52:54:98:76:54:32 2227@end example 2228 2229@item -nic none 2230Indicate that no network devices should be configured. It is used to override 2231the default configuration (default NIC with ``user'' host network backend) 2232which is activated if no other networking options are provided. 2233 2234@item -netdev user,id=@var{id}[,@var{option}][,@var{option}][,...] 2235@findex -netdev 2236Configure user mode host network backend which requires no administrator 2237privilege to run. Valid options are: 2238 2239@table @option 2240@item id=@var{id} 2241Assign symbolic name for use in monitor commands. 2242 2243@item ipv4=on|off and ipv6=on|off 2244Specify that either IPv4 or IPv6 must be enabled. If neither is specified 2245both protocols are enabled. 2246 2247@item net=@var{addr}[/@var{mask}] 2248Set IP network address the guest will see. Optionally specify the netmask, 2249either in the form a.b.c.d or as number of valid top-most bits. Default is 225010.0.2.0/24. 2251 2252@item host=@var{addr} 2253Specify the guest-visible address of the host. Default is the 2nd IP in the 2254guest network, i.e. x.x.x.2. 2255 2256@item ipv6-net=@var{addr}[/@var{int}] 2257Set IPv6 network address the guest will see (default is fec0::/64). The 2258network prefix is given in the usual hexadecimal IPv6 address 2259notation. The prefix size is optional, and is given as the number of 2260valid top-most bits (default is 64). 2261 2262@item ipv6-host=@var{addr} 2263Specify the guest-visible IPv6 address of the host. Default is the 2nd IPv6 in 2264the guest network, i.e. xxxx::2. 2265 2266@item restrict=on|off 2267If this option is enabled, the guest will be isolated, i.e. it will not be 2268able to contact the host and no guest IP packets will be routed over the host 2269to the outside. This option does not affect any explicitly set forwarding rules. 2270 2271@item hostname=@var{name} 2272Specifies the client hostname reported by the built-in DHCP server. 2273 2274@item dhcpstart=@var{addr} 2275Specify the first of the 16 IPs the built-in DHCP server can assign. Default 2276is the 15th to 31st IP in the guest network, i.e. x.x.x.15 to x.x.x.31. 2277 2278@item dns=@var{addr} 2279Specify the guest-visible address of the virtual nameserver. The address must 2280be different from the host address. Default is the 3rd IP in the guest network, 2281i.e. x.x.x.3. 2282 2283@item ipv6-dns=@var{addr} 2284Specify the guest-visible address of the IPv6 virtual nameserver. The address 2285must be different from the host address. Default is the 3rd IP in the guest 2286network, i.e. xxxx::3. 2287 2288@item dnssearch=@var{domain} 2289Provides an entry for the domain-search list sent by the built-in 2290DHCP server. More than one domain suffix can be transmitted by specifying 2291this option multiple times. If supported, this will cause the guest to 2292automatically try to append the given domain suffix(es) in case a domain name 2293can not be resolved. 2294 2295Example: 2296@example 2297qemu-system-i386 -nic user,dnssearch=mgmt.example.org,dnssearch=example.org 2298@end example 2299 2300@item domainname=@var{domain} 2301Specifies the client domain name reported by the built-in DHCP server. 2302 2303@item tftp=@var{dir} 2304When using the user mode network stack, activate a built-in TFTP 2305server. The files in @var{dir} will be exposed as the root of a TFTP server. 2306The TFTP client on the guest must be configured in binary mode (use the command 2307@code{bin} of the Unix TFTP client). 2308 2309@item tftp-server-name=@var{name} 2310In BOOTP reply, broadcast @var{name} as the "TFTP server name" (RFC2132 option 231166). This can be used to advise the guest to load boot files or configurations 2312from a different server than the host address. 2313 2314@item bootfile=@var{file} 2315When using the user mode network stack, broadcast @var{file} as the BOOTP 2316filename. In conjunction with @option{tftp}, this can be used to network boot 2317a guest from a local directory. 2318 2319Example (using pxelinux): 2320@example 2321qemu-system-i386 -hda linux.img -boot n -device e1000,netdev=n1 \ 2322 -netdev user,id=n1,tftp=/path/to/tftp/files,bootfile=/pxelinux.0 2323@end example 2324 2325@item smb=@var{dir}[,smbserver=@var{addr}] 2326When using the user mode network stack, activate a built-in SMB 2327server so that Windows OSes can access to the host files in @file{@var{dir}} 2328transparently. The IP address of the SMB server can be set to @var{addr}. By 2329default the 4th IP in the guest network is used, i.e. x.x.x.4. 2330 2331In the guest Windows OS, the line: 2332@example 233310.0.2.4 smbserver 2334@end example 2335must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me) 2336or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000). 2337 2338Then @file{@var{dir}} can be accessed in @file{\\smbserver\qemu}. 2339 2340Note that a SAMBA server must be installed on the host OS. 2341 2342@item hostfwd=[tcp|udp]:[@var{hostaddr}]:@var{hostport}-[@var{guestaddr}]:@var{guestport} 2343Redirect incoming TCP or UDP connections to the host port @var{hostport} to 2344the guest IP address @var{guestaddr} on guest port @var{guestport}. If 2345@var{guestaddr} is not specified, its value is x.x.x.15 (default first address 2346given by the built-in DHCP server). By specifying @var{hostaddr}, the rule can 2347be bound to a specific host interface. If no connection type is set, TCP is 2348used. This option can be given multiple times. 2349 2350For example, to redirect host X11 connection from screen 1 to guest 2351screen 0, use the following: 2352 2353@example 2354# on the host 2355qemu-system-i386 -nic user,hostfwd=tcp:127.0.0.1:6001-:6000 2356# this host xterm should open in the guest X11 server 2357xterm -display :1 2358@end example 2359 2360To redirect telnet connections from host port 5555 to telnet port on 2361the guest, use the following: 2362 2363@example 2364# on the host 2365qemu-system-i386 -nic user,hostfwd=tcp::5555-:23 2366telnet localhost 5555 2367@end example 2368 2369Then when you use on the host @code{telnet localhost 5555}, you 2370connect to the guest telnet server. 2371 2372@item guestfwd=[tcp]:@var{server}:@var{port}-@var{dev} 2373@itemx guestfwd=[tcp]:@var{server}:@var{port}-@var{cmd:command} 2374Forward guest TCP connections to the IP address @var{server} on port @var{port} 2375to the character device @var{dev} or to a program executed by @var{cmd:command} 2376which gets spawned for each connection. This option can be given multiple times. 2377 2378You can either use a chardev directly and have that one used throughout QEMU's 2379lifetime, like in the following example: 2380 2381@example 2382# open 10.10.1.1:4321 on bootup, connect 10.0.2.100:1234 to it whenever 2383# the guest accesses it 2384qemu-system-i386 -nic user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321 2385@end example 2386 2387Or you can execute a command on every TCP connection established by the guest, 2388so that QEMU behaves similar to an inetd process for that virtual server: 2389 2390@example 2391# call "netcat 10.10.1.1 4321" on every TCP connection to 10.0.2.100:1234 2392# and connect the TCP stream to its stdin/stdout 2393qemu-system-i386 -nic 'user,id=n1,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321' 2394@end example 2395 2396@end table 2397 2398@item -netdev tap,id=@var{id}[,fd=@var{h}][,ifname=@var{name}][,script=@var{file}][,downscript=@var{dfile}][,br=@var{bridge}][,helper=@var{helper}] 2399Configure a host TAP network backend with ID @var{id}. 2400 2401Use the network script @var{file} to configure it and the network script 2402@var{dfile} to deconfigure it. If @var{name} is not provided, the OS 2403automatically provides one. The default network configure script is 2404@file{/etc/qemu-ifup} and the default network deconfigure script is 2405@file{/etc/qemu-ifdown}. Use @option{script=no} or @option{downscript=no} 2406to disable script execution. 2407 2408If running QEMU as an unprivileged user, use the network helper 2409@var{helper} to configure the TAP interface and attach it to the bridge. 2410The default network helper executable is @file{/path/to/qemu-bridge-helper} 2411and the default bridge device is @file{br0}. 2412 2413@option{fd}=@var{h} can be used to specify the handle of an already 2414opened host TAP interface. 2415 2416Examples: 2417 2418@example 2419#launch a QEMU instance with the default network script 2420qemu-system-i386 linux.img -nic tap 2421@end example 2422 2423@example 2424#launch a QEMU instance with two NICs, each one connected 2425#to a TAP device 2426qemu-system-i386 linux.img \ 2427 -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \ 2428 -netdev tap,id=nd1,ifname=tap1 -device rtl8139,netdev=nd1 2429@end example 2430 2431@example 2432#launch a QEMU instance with the default network helper to 2433#connect a TAP device to bridge br0 2434qemu-system-i386 linux.img -device virtio-net-pci,netdev=n1 \ 2435 -netdev tap,id=n1,"helper=/path/to/qemu-bridge-helper" 2436@end example 2437 2438@item -netdev bridge,id=@var{id}[,br=@var{bridge}][,helper=@var{helper}] 2439Connect a host TAP network interface to a host bridge device. 2440 2441Use the network helper @var{helper} to configure the TAP interface and 2442attach it to the bridge. The default network helper executable is 2443@file{/path/to/qemu-bridge-helper} and the default bridge 2444device is @file{br0}. 2445 2446Examples: 2447 2448@example 2449#launch a QEMU instance with the default network helper to 2450#connect a TAP device to bridge br0 2451qemu-system-i386 linux.img -netdev bridge,id=n1 -device virtio-net,netdev=n1 2452@end example 2453 2454@example 2455#launch a QEMU instance with the default network helper to 2456#connect a TAP device to bridge qemubr0 2457qemu-system-i386 linux.img -netdev bridge,br=qemubr0,id=n1 -device virtio-net,netdev=n1 2458@end example 2459 2460@item -netdev socket,id=@var{id}[,fd=@var{h}][,listen=[@var{host}]:@var{port}][,connect=@var{host}:@var{port}] 2461 2462This host network backend can be used to connect the guest's network to 2463another QEMU virtual machine using a TCP socket connection. If @option{listen} 2464is specified, QEMU waits for incoming connections on @var{port} 2465(@var{host} is optional). @option{connect} is used to connect to 2466another QEMU instance using the @option{listen} option. @option{fd}=@var{h} 2467specifies an already opened TCP socket. 2468 2469Example: 2470@example 2471# launch a first QEMU instance 2472qemu-system-i386 linux.img \ 2473 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \ 2474 -netdev socket,id=n1,listen=:1234 2475# connect the network of this instance to the network of the first instance 2476qemu-system-i386 linux.img \ 2477 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \ 2478 -netdev socket,id=n2,connect=127.0.0.1:1234 2479@end example 2480 2481@item -netdev socket,id=@var{id}[,fd=@var{h}][,mcast=@var{maddr}:@var{port}[,localaddr=@var{addr}]] 2482 2483Configure a socket host network backend to share the guest's network traffic 2484with another QEMU virtual machines using a UDP multicast socket, effectively 2485making a bus for every QEMU with same multicast address @var{maddr} and @var{port}. 2486NOTES: 2487@enumerate 2488@item 2489Several QEMU can be running on different hosts and share same bus (assuming 2490correct multicast setup for these hosts). 2491@item 2492mcast support is compatible with User Mode Linux (argument @option{eth@var{N}=mcast}), see 2493@url{http://user-mode-linux.sf.net}. 2494@item 2495Use @option{fd=h} to specify an already opened UDP multicast socket. 2496@end enumerate 2497 2498Example: 2499@example 2500# launch one QEMU instance 2501qemu-system-i386 linux.img \ 2502 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \ 2503 -netdev socket,id=n1,mcast=230.0.0.1:1234 2504# launch another QEMU instance on same "bus" 2505qemu-system-i386 linux.img \ 2506 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \ 2507 -netdev socket,id=n2,mcast=230.0.0.1:1234 2508# launch yet another QEMU instance on same "bus" 2509qemu-system-i386 linux.img \ 2510 -device e1000,netdev=n3,mac=52:54:00:12:34:58 \ 2511 -netdev socket,id=n3,mcast=230.0.0.1:1234 2512@end example 2513 2514Example (User Mode Linux compat.): 2515@example 2516# launch QEMU instance (note mcast address selected is UML's default) 2517qemu-system-i386 linux.img \ 2518 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \ 2519 -netdev socket,id=n1,mcast=239.192.168.1:1102 2520# launch UML 2521/path/to/linux ubd0=/path/to/root_fs eth0=mcast 2522@end example 2523 2524Example (send packets from host's 1.2.3.4): 2525@example 2526qemu-system-i386 linux.img \ 2527 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \ 2528 -netdev socket,id=n1,mcast=239.192.168.1:1102,localaddr=1.2.3.4 2529@end example 2530 2531@item -netdev l2tpv3,id=@var{id},src=@var{srcaddr},dst=@var{dstaddr}[,srcport=@var{srcport}][,dstport=@var{dstport}],txsession=@var{txsession}[,rxsession=@var{rxsession}][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=@var{txcookie}][,rxcookie=@var{rxcookie}][,offset=@var{offset}] 2532Configure a L2TPv3 pseudowire host network backend. L2TPv3 (RFC3391) is a 2533popular protocol to transport Ethernet (and other Layer 2) data frames between 2534two systems. It is present in routers, firewalls and the Linux kernel 2535(from version 3.3 onwards). 2536 2537This transport allows a VM to communicate to another VM, router or firewall directly. 2538 2539@table @option 2540@item src=@var{srcaddr} 2541 source address (mandatory) 2542@item dst=@var{dstaddr} 2543 destination address (mandatory) 2544@item udp 2545 select udp encapsulation (default is ip). 2546@item srcport=@var{srcport} 2547 source udp port. 2548@item dstport=@var{dstport} 2549 destination udp port. 2550@item ipv6 2551 force v6, otherwise defaults to v4. 2552@item rxcookie=@var{rxcookie} 2553@itemx txcookie=@var{txcookie} 2554 Cookies are a weak form of security in the l2tpv3 specification. 2555Their function is mostly to prevent misconfiguration. By default they are 32 2556bit. 2557@item cookie64 2558 Set cookie size to 64 bit instead of the default 32 2559@item counter=off 2560 Force a 'cut-down' L2TPv3 with no counter as in 2561draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00 2562@item pincounter=on 2563 Work around broken counter handling in peer. This may also help on 2564networks which have packet reorder. 2565@item offset=@var{offset} 2566 Add an extra offset between header and data 2567@end table 2568 2569For example, to attach a VM running on host 4.3.2.1 via L2TPv3 to the bridge br-lan 2570on the remote Linux host 1.2.3.4: 2571@example 2572# Setup tunnel on linux host using raw ip as encapsulation 2573# on 1.2.3.4 2574ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \ 2575 encap udp udp_sport 16384 udp_dport 16384 2576ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \ 2577 0xFFFFFFFF peer_session_id 0xFFFFFFFF 2578ifconfig vmtunnel0 mtu 1500 2579ifconfig vmtunnel0 up 2580brctl addif br-lan vmtunnel0 2581 2582 2583# on 4.3.2.1 2584# launch QEMU instance - if your network has reorder or is very lossy add ,pincounter 2585 2586qemu-system-i386 linux.img -device e1000,netdev=n1 \ 2587 -netdev l2tpv3,id=n1,src=4.2.3.1,dst=1.2.3.4,udp,srcport=16384,dstport=16384,rxsession=0xffffffff,txsession=0xffffffff,counter 2588 2589@end example 2590 2591@item -netdev vde,id=@var{id}[,sock=@var{socketpath}][,port=@var{n}][,group=@var{groupname}][,mode=@var{octalmode}] 2592Configure VDE backend to connect to PORT @var{n} of a vde switch running on host and 2593listening for incoming connections on @var{socketpath}. Use GROUP @var{groupname} 2594and MODE @var{octalmode} to change default ownership and permissions for 2595communication port. This option is only available if QEMU has been compiled 2596with vde support enabled. 2597 2598Example: 2599@example 2600# launch vde switch 2601vde_switch -F -sock /tmp/myswitch 2602# launch QEMU instance 2603qemu-system-i386 linux.img -nic vde,sock=/tmp/myswitch 2604@end example 2605 2606@item -netdev vhost-user,chardev=@var{id}[,vhostforce=on|off][,queues=n] 2607 2608Establish a vhost-user netdev, backed by a chardev @var{id}. The chardev should 2609be a unix domain socket backed one. The vhost-user uses a specifically defined 2610protocol to pass vhost ioctl replacement messages to an application on the other 2611end of the socket. On non-MSIX guests, the feature can be forced with 2612@var{vhostforce}. Use 'queues=@var{n}' to specify the number of queues to 2613be created for multiqueue vhost-user. 2614 2615Example: 2616@example 2617qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \ 2618 -numa node,memdev=mem \ 2619 -chardev socket,id=chr0,path=/path/to/socket \ 2620 -netdev type=vhost-user,id=net0,chardev=chr0 \ 2621 -device virtio-net-pci,netdev=net0 2622@end example 2623 2624@item -netdev hubport,id=@var{id},hubid=@var{hubid}[,netdev=@var{nd}] 2625 2626Create a hub port on the emulated hub with ID @var{hubid}. 2627 2628The hubport netdev lets you connect a NIC to a QEMU emulated hub instead of a 2629single netdev. Alternatively, you can also connect the hubport to another 2630netdev with ID @var{nd} by using the @option{netdev=@var{nd}} option. 2631 2632@item -net nic[,netdev=@var{nd}][,macaddr=@var{mac}][,model=@var{type}] [,name=@var{name}][,addr=@var{addr}][,vectors=@var{v}] 2633@findex -net 2634Legacy option to configure or create an on-board (or machine default) Network 2635Interface Card(NIC) and connect it either to the emulated hub with ID 0 (i.e. 2636the default hub), or to the netdev @var{nd}. 2637The NIC is an e1000 by default on the PC target. Optionally, the MAC address 2638can be changed to @var{mac}, the device address set to @var{addr} (PCI cards 2639only), and a @var{name} can be assigned for use in monitor commands. 2640Optionally, for PCI cards, you can specify the number @var{v} of MSI-X vectors 2641that the card should have; this option currently only affects virtio cards; set 2642@var{v} = 0 to disable MSI-X. If no @option{-net} option is specified, a single 2643NIC is created. QEMU can emulate several different models of network card. 2644Use @code{-net nic,model=help} for a list of available devices for your target. 2645 2646@item -net user|tap|bridge|socket|l2tpv3|vde[,...][,name=@var{name}] 2647Configure a host network backend (with the options corresponding to the same 2648@option{-netdev} option) and connect it to the emulated hub 0 (the default 2649hub). Use @var{name} to specify the name of the hub port. 2650ETEXI 2651 2652STEXI 2653@end table 2654ETEXI 2655DEFHEADING() 2656 2657DEFHEADING(Character device options:) 2658 2659DEF("chardev", HAS_ARG, QEMU_OPTION_chardev, 2660 "-chardev help\n" 2661 "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2662 "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4][,ipv6][,nodelay][,reconnect=seconds]\n" 2663 " [,server][,nowait][,telnet][,websocket][,reconnect=seconds][,mux=on|off]\n" 2664 " [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n" 2665 "-chardev socket,id=id,path=path[,server][,nowait][,telnet][,websocket][,reconnect=seconds]\n" 2666 " [,mux=on|off][,logfile=PATH][,logappend=on|off] (unix)\n" 2667 "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n" 2668 " [,localport=localport][,ipv4][,ipv6][,mux=on|off]\n" 2669 " [,logfile=PATH][,logappend=on|off]\n" 2670 "-chardev msmouse,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2671 "-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]\n" 2672 " [,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2673 "-chardev ringbuf,id=id[,size=size][,logfile=PATH][,logappend=on|off]\n" 2674 "-chardev file,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2675 "-chardev pipe,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2676#ifdef _WIN32 2677 "-chardev console,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2678 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2679#else 2680 "-chardev pty,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2681 "-chardev stdio,id=id[,mux=on|off][,signal=on|off][,logfile=PATH][,logappend=on|off]\n" 2682#endif 2683#ifdef CONFIG_BRLAPI 2684 "-chardev braille,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2685#endif 2686#if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \ 2687 || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) 2688 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2689 "-chardev tty,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2690#endif 2691#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) 2692 "-chardev parallel,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2693 "-chardev parport,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2694#endif 2695#if defined(CONFIG_SPICE) 2696 "-chardev spicevmc,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n" 2697 "-chardev spiceport,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n" 2698#endif 2699 , QEMU_ARCH_ALL 2700) 2701 2702STEXI 2703 2704The general form of a character device option is: 2705@table @option 2706@item -chardev @var{backend},id=@var{id}[,mux=on|off][,@var{options}] 2707@findex -chardev 2708Backend is one of: 2709@option{null}, 2710@option{socket}, 2711@option{udp}, 2712@option{msmouse}, 2713@option{vc}, 2714@option{ringbuf}, 2715@option{file}, 2716@option{pipe}, 2717@option{console}, 2718@option{serial}, 2719@option{pty}, 2720@option{stdio}, 2721@option{braille}, 2722@option{tty}, 2723@option{parallel}, 2724@option{parport}, 2725@option{spicevmc}, 2726@option{spiceport}. 2727The specific backend will determine the applicable options. 2728 2729Use @code{-chardev help} to print all available chardev backend types. 2730 2731All devices must have an id, which can be any string up to 127 characters long. 2732It is used to uniquely identify this device in other command line directives. 2733 2734A character device may be used in multiplexing mode by multiple front-ends. 2735Specify @option{mux=on} to enable this mode. 2736A multiplexer is a "1:N" device, and here the "1" end is your specified chardev 2737backend, and the "N" end is the various parts of QEMU that can talk to a chardev. 2738If you create a chardev with @option{id=myid} and @option{mux=on}, QEMU will 2739create a multiplexer with your specified ID, and you can then configure multiple 2740front ends to use that chardev ID for their input/output. Up to four different 2741front ends can be connected to a single multiplexed chardev. (Without 2742multiplexing enabled, a chardev can only be used by a single front end.) 2743For instance you could use this to allow a single stdio chardev to be used by 2744two serial ports and the QEMU monitor: 2745 2746@example 2747-chardev stdio,mux=on,id=char0 \ 2748-mon chardev=char0,mode=readline \ 2749-serial chardev:char0 \ 2750-serial chardev:char0 2751@end example 2752 2753You can have more than one multiplexer in a system configuration; for instance 2754you could have a TCP port multiplexed between UART 0 and UART 1, and stdio 2755multiplexed between the QEMU monitor and a parallel port: 2756 2757@example 2758-chardev stdio,mux=on,id=char0 \ 2759-mon chardev=char0,mode=readline \ 2760-parallel chardev:char0 \ 2761-chardev tcp,...,mux=on,id=char1 \ 2762-serial chardev:char1 \ 2763-serial chardev:char1 2764@end example 2765 2766When you're using a multiplexed character device, some escape sequences are 2767interpreted in the input. @xref{mux_keys, Keys in the character backend 2768multiplexer}. 2769 2770Note that some other command line options may implicitly create multiplexed 2771character backends; for instance @option{-serial mon:stdio} creates a 2772multiplexed stdio backend connected to the serial port and the QEMU monitor, 2773and @option{-nographic} also multiplexes the console and the monitor to 2774stdio. 2775 2776There is currently no support for multiplexing in the other direction 2777(where a single QEMU front end takes input and output from multiple chardevs). 2778 2779Every backend supports the @option{logfile} option, which supplies the path 2780to a file to record all data transmitted via the backend. The @option{logappend} 2781option controls whether the log file will be truncated or appended to when 2782opened. 2783 2784@end table 2785 2786The available backends are: 2787 2788@table @option 2789@item -chardev null,id=@var{id} 2790A void device. This device will not emit any data, and will drop any data it 2791receives. The null backend does not take any options. 2792 2793@item -chardev socket,id=@var{id}[,@var{TCP options} or @var{unix options}][,server][,nowait][,telnet][,websocket][,reconnect=@var{seconds}][,tls-creds=@var{id}][,tls-authz=@var{id}] 2794 2795Create a two-way stream socket, which can be either a TCP or a unix socket. A 2796unix socket will be created if @option{path} is specified. Behaviour is 2797undefined if TCP options are specified for a unix socket. 2798 2799@option{server} specifies that the socket shall be a listening socket. 2800 2801@option{nowait} specifies that QEMU should not block waiting for a client to 2802connect to a listening socket. 2803 2804@option{telnet} specifies that traffic on the socket should interpret telnet 2805escape sequences. 2806 2807@option{websocket} specifies that the socket uses WebSocket protocol for 2808communication. 2809 2810@option{reconnect} sets the timeout for reconnecting on non-server sockets when 2811the remote end goes away. qemu will delay this many seconds and then attempt 2812to reconnect. Zero disables reconnecting, and is the default. 2813 2814@option{tls-creds} requests enablement of the TLS protocol for encryption, 2815and specifies the id of the TLS credentials to use for the handshake. The 2816credentials must be previously created with the @option{-object tls-creds} 2817argument. 2818 2819@option{tls-auth} provides the ID of the QAuthZ authorization object against 2820which the client's x509 distinguished name will be validated. This object is 2821only resolved at time of use, so can be deleted and recreated on the fly 2822while the chardev server is active. If missing, it will default to denying 2823access. 2824 2825TCP and unix socket options are given below: 2826 2827@table @option 2828 2829@item TCP options: port=@var{port}[,host=@var{host}][,to=@var{to}][,ipv4][,ipv6][,nodelay] 2830 2831@option{host} for a listening socket specifies the local address to be bound. 2832For a connecting socket species the remote host to connect to. @option{host} is 2833optional for listening sockets. If not specified it defaults to @code{0.0.0.0}. 2834 2835@option{port} for a listening socket specifies the local port to be bound. For a 2836connecting socket specifies the port on the remote host to connect to. 2837@option{port} can be given as either a port number or a service name. 2838@option{port} is required. 2839 2840@option{to} is only relevant to listening sockets. If it is specified, and 2841@option{port} cannot be bound, QEMU will attempt to bind to subsequent ports up 2842to and including @option{to} until it succeeds. @option{to} must be specified 2843as a port number. 2844 2845@option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must be used. 2846If neither is specified the socket may use either protocol. 2847 2848@option{nodelay} disables the Nagle algorithm. 2849 2850@item unix options: path=@var{path} 2851 2852@option{path} specifies the local path of the unix socket. @option{path} is 2853required. 2854 2855@end table 2856 2857@item -chardev udp,id=@var{id}[,host=@var{host}],port=@var{port}[,localaddr=@var{localaddr}][,localport=@var{localport}][,ipv4][,ipv6] 2858 2859Sends all traffic from the guest to a remote host over UDP. 2860 2861@option{host} specifies the remote host to connect to. If not specified it 2862defaults to @code{localhost}. 2863 2864@option{port} specifies the port on the remote host to connect to. @option{port} 2865is required. 2866 2867@option{localaddr} specifies the local address to bind to. If not specified it 2868defaults to @code{0.0.0.0}. 2869 2870@option{localport} specifies the local port to bind to. If not specified any 2871available local port will be used. 2872 2873@option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must be used. 2874If neither is specified the device may use either protocol. 2875 2876@item -chardev msmouse,id=@var{id} 2877 2878Forward QEMU's emulated msmouse events to the guest. @option{msmouse} does not 2879take any options. 2880 2881@item -chardev vc,id=@var{id}[[,width=@var{width}][,height=@var{height}]][[,cols=@var{cols}][,rows=@var{rows}]] 2882 2883Connect to a QEMU text console. @option{vc} may optionally be given a specific 2884size. 2885 2886@option{width} and @option{height} specify the width and height respectively of 2887the console, in pixels. 2888 2889@option{cols} and @option{rows} specify that the console be sized to fit a text 2890console with the given dimensions. 2891 2892@item -chardev ringbuf,id=@var{id}[,size=@var{size}] 2893 2894Create a ring buffer with fixed size @option{size}. 2895@var{size} must be a power of two and defaults to @code{64K}. 2896 2897@item -chardev file,id=@var{id},path=@var{path} 2898 2899Log all traffic received from the guest to a file. 2900 2901@option{path} specifies the path of the file to be opened. This file will be 2902created if it does not already exist, and overwritten if it does. @option{path} 2903is required. 2904 2905@item -chardev pipe,id=@var{id},path=@var{path} 2906 2907Create a two-way connection to the guest. The behaviour differs slightly between 2908Windows hosts and other hosts: 2909 2910On Windows, a single duplex pipe will be created at 2911@file{\\.pipe\@option{path}}. 2912 2913On other hosts, 2 pipes will be created called @file{@option{path}.in} and 2914@file{@option{path}.out}. Data written to @file{@option{path}.in} will be 2915received by the guest. Data written by the guest can be read from 2916@file{@option{path}.out}. QEMU will not create these fifos, and requires them to 2917be present. 2918 2919@option{path} forms part of the pipe path as described above. @option{path} is 2920required. 2921 2922@item -chardev console,id=@var{id} 2923 2924Send traffic from the guest to QEMU's standard output. @option{console} does not 2925take any options. 2926 2927@option{console} is only available on Windows hosts. 2928 2929@item -chardev serial,id=@var{id},path=@option{path} 2930 2931Send traffic from the guest to a serial device on the host. 2932 2933On Unix hosts serial will actually accept any tty device, 2934not only serial lines. 2935 2936@option{path} specifies the name of the serial device to open. 2937 2938@item -chardev pty,id=@var{id} 2939 2940Create a new pseudo-terminal on the host and connect to it. @option{pty} does 2941not take any options. 2942 2943@option{pty} is not available on Windows hosts. 2944 2945@item -chardev stdio,id=@var{id}[,signal=on|off] 2946Connect to standard input and standard output of the QEMU process. 2947 2948@option{signal} controls if signals are enabled on the terminal, that includes 2949exiting QEMU with the key sequence @key{Control-c}. This option is enabled by 2950default, use @option{signal=off} to disable it. 2951 2952@item -chardev braille,id=@var{id} 2953 2954Connect to a local BrlAPI server. @option{braille} does not take any options. 2955 2956@item -chardev tty,id=@var{id},path=@var{path} 2957 2958@option{tty} is only available on Linux, Sun, FreeBSD, NetBSD, OpenBSD and 2959DragonFlyBSD hosts. It is an alias for @option{serial}. 2960 2961@option{path} specifies the path to the tty. @option{path} is required. 2962 2963@item -chardev parallel,id=@var{id},path=@var{path} 2964@itemx -chardev parport,id=@var{id},path=@var{path} 2965 2966@option{parallel} is only available on Linux, FreeBSD and DragonFlyBSD hosts. 2967 2968Connect to a local parallel port. 2969 2970@option{path} specifies the path to the parallel port device. @option{path} is 2971required. 2972 2973@item -chardev spicevmc,id=@var{id},debug=@var{debug},name=@var{name} 2974 2975@option{spicevmc} is only available when spice support is built in. 2976 2977@option{debug} debug level for spicevmc 2978 2979@option{name} name of spice channel to connect to 2980 2981Connect to a spice virtual machine channel, such as vdiport. 2982 2983@item -chardev spiceport,id=@var{id},debug=@var{debug},name=@var{name} 2984 2985@option{spiceport} is only available when spice support is built in. 2986 2987@option{debug} debug level for spicevmc 2988 2989@option{name} name of spice port to connect to 2990 2991Connect to a spice port, allowing a Spice client to handle the traffic 2992identified by a name (preferably a fqdn). 2993ETEXI 2994 2995STEXI 2996@end table 2997ETEXI 2998DEFHEADING() 2999 3000DEFHEADING(Bluetooth(R) options:) 3001STEXI 3002@table @option 3003ETEXI 3004 3005DEF("bt", HAS_ARG, QEMU_OPTION_bt, \ 3006 "-bt hci,null dumb bluetooth HCI - doesn't respond to commands\n" \ 3007 "-bt hci,host[:id]\n" \ 3008 " use host's HCI with the given name\n" \ 3009 "-bt hci[,vlan=n]\n" \ 3010 " emulate a standard HCI in virtual scatternet 'n'\n" \ 3011 "-bt vhci[,vlan=n]\n" \ 3012 " add host computer to virtual scatternet 'n' using VHCI\n" \ 3013 "-bt device:dev[,vlan=n]\n" \ 3014 " emulate a bluetooth device 'dev' in scatternet 'n'\n", 3015 QEMU_ARCH_ALL) 3016STEXI 3017@item -bt hci[...] 3018@findex -bt 3019Defines the function of the corresponding Bluetooth HCI. -bt options 3020are matched with the HCIs present in the chosen machine type. For 3021example when emulating a machine with only one HCI built into it, only 3022the first @code{-bt hci[...]} option is valid and defines the HCI's 3023logic. The Transport Layer is decided by the machine type. Currently 3024the machines @code{n800} and @code{n810} have one HCI and all other 3025machines have none. 3026 3027Note: This option and the whole bluetooth subsystem is considered as deprecated. 3028If you still use it, please send a mail to @email{qemu-devel@@nongnu.org} where 3029you describe your usecase. 3030 3031@anchor{bt-hcis} 3032The following three types are recognized: 3033 3034@table @option 3035@item -bt hci,null 3036(default) The corresponding Bluetooth HCI assumes no internal logic 3037and will not respond to any HCI commands or emit events. 3038 3039@item -bt hci,host[:@var{id}] 3040(@code{bluez} only) The corresponding HCI passes commands / events 3041to / from the physical HCI identified by the name @var{id} (default: 3042@code{hci0}) on the computer running QEMU. Only available on @code{bluez} 3043capable systems like Linux. 3044 3045@item -bt hci[,vlan=@var{n}] 3046Add a virtual, standard HCI that will participate in the Bluetooth 3047scatternet @var{n} (default @code{0}). Similarly to @option{-net} 3048VLANs, devices inside a bluetooth network @var{n} can only communicate 3049with other devices in the same network (scatternet). 3050@end table 3051 3052@item -bt vhci[,vlan=@var{n}] 3053(Linux-host only) Create a HCI in scatternet @var{n} (default 0) attached 3054to the host bluetooth stack instead of to the emulated target. This 3055allows the host and target machines to participate in a common scatternet 3056and communicate. Requires the Linux @code{vhci} driver installed. Can 3057be used as following: 3058 3059@example 3060qemu-system-i386 [...OPTIONS...] -bt hci,vlan=5 -bt vhci,vlan=5 3061@end example 3062 3063@item -bt device:@var{dev}[,vlan=@var{n}] 3064Emulate a bluetooth device @var{dev} and place it in network @var{n} 3065(default @code{0}). QEMU can only emulate one type of bluetooth devices 3066currently: 3067 3068@table @option 3069@item keyboard 3070Virtual wireless keyboard implementing the HIDP bluetooth profile. 3071@end table 3072ETEXI 3073 3074STEXI 3075@end table 3076ETEXI 3077DEFHEADING() 3078 3079#ifdef CONFIG_TPM 3080DEFHEADING(TPM device options:) 3081 3082DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \ 3083 "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n" 3084 " use path to provide path to a character device; default is /dev/tpm0\n" 3085 " use cancel-path to provide path to TPM's cancel sysfs entry; if\n" 3086 " not provided it will be searched for in /sys/class/misc/tpm?/device\n" 3087 "-tpmdev emulator,id=id,chardev=dev\n" 3088 " configure the TPM device using chardev backend\n", 3089 QEMU_ARCH_ALL) 3090STEXI 3091 3092The general form of a TPM device option is: 3093@table @option 3094 3095@item -tpmdev @var{backend},id=@var{id}[,@var{options}] 3096@findex -tpmdev 3097 3098The specific backend type will determine the applicable options. 3099The @code{-tpmdev} option creates the TPM backend and requires a 3100@code{-device} option that specifies the TPM frontend interface model. 3101 3102Use @code{-tpmdev help} to print all available TPM backend types. 3103 3104@end table 3105 3106The available backends are: 3107 3108@table @option 3109 3110@item -tpmdev passthrough,id=@var{id},path=@var{path},cancel-path=@var{cancel-path} 3111 3112(Linux-host only) Enable access to the host's TPM using the passthrough 3113driver. 3114 3115@option{path} specifies the path to the host's TPM device, i.e., on 3116a Linux host this would be @code{/dev/tpm0}. 3117@option{path} is optional and by default @code{/dev/tpm0} is used. 3118 3119@option{cancel-path} specifies the path to the host TPM device's sysfs 3120entry allowing for cancellation of an ongoing TPM command. 3121@option{cancel-path} is optional and by default QEMU will search for the 3122sysfs entry to use. 3123 3124Some notes about using the host's TPM with the passthrough driver: 3125 3126The TPM device accessed by the passthrough driver must not be 3127used by any other application on the host. 3128 3129Since the host's firmware (BIOS/UEFI) has already initialized the TPM, 3130the VM's firmware (BIOS/UEFI) will not be able to initialize the 3131TPM again and may therefore not show a TPM-specific menu that would 3132otherwise allow the user to configure the TPM, e.g., allow the user to 3133enable/disable or activate/deactivate the TPM. 3134Further, if TPM ownership is released from within a VM then the host's TPM 3135will get disabled and deactivated. To enable and activate the 3136TPM again afterwards, the host has to be rebooted and the user is 3137required to enter the firmware's menu to enable and activate the TPM. 3138If the TPM is left disabled and/or deactivated most TPM commands will fail. 3139 3140To create a passthrough TPM use the following two options: 3141@example 3142-tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0 3143@end example 3144Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by 3145@code{tpmdev=tpm0} in the device option. 3146 3147@item -tpmdev emulator,id=@var{id},chardev=@var{dev} 3148 3149(Linux-host only) Enable access to a TPM emulator using Unix domain socket based 3150chardev backend. 3151 3152@option{chardev} specifies the unique ID of a character device backend that provides connection to the software TPM server. 3153 3154To create a TPM emulator backend device with chardev socket backend: 3155@example 3156 3157-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 3158 3159@end example 3160 3161ETEXI 3162 3163STEXI 3164@end table 3165ETEXI 3166DEFHEADING() 3167 3168#endif 3169 3170DEFHEADING(Linux/Multiboot boot specific:) 3171STEXI 3172 3173When using these options, you can use a given Linux or Multiboot 3174kernel without installing it in the disk image. It can be useful 3175for easier testing of various kernels. 3176 3177@table @option 3178ETEXI 3179 3180DEF("kernel", HAS_ARG, QEMU_OPTION_kernel, \ 3181 "-kernel bzImage use 'bzImage' as kernel image\n", QEMU_ARCH_ALL) 3182STEXI 3183@item -kernel @var{bzImage} 3184@findex -kernel 3185Use @var{bzImage} as kernel image. The kernel can be either a Linux kernel 3186or in multiboot format. 3187ETEXI 3188 3189DEF("append", HAS_ARG, QEMU_OPTION_append, \ 3190 "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL) 3191STEXI 3192@item -append @var{cmdline} 3193@findex -append 3194Use @var{cmdline} as kernel command line 3195ETEXI 3196 3197DEF("initrd", HAS_ARG, QEMU_OPTION_initrd, \ 3198 "-initrd file use 'file' as initial ram disk\n", QEMU_ARCH_ALL) 3199STEXI 3200@item -initrd @var{file} 3201@findex -initrd 3202Use @var{file} as initial ram disk. 3203 3204@item -initrd "@var{file1} arg=foo,@var{file2}" 3205 3206This syntax is only available with multiboot. 3207 3208Use @var{file1} and @var{file2} as modules and pass arg=foo as parameter to the 3209first module. 3210ETEXI 3211 3212DEF("dtb", HAS_ARG, QEMU_OPTION_dtb, \ 3213 "-dtb file use 'file' as device tree image\n", QEMU_ARCH_ALL) 3214STEXI 3215@item -dtb @var{file} 3216@findex -dtb 3217Use @var{file} as a device tree binary (dtb) image and pass it to the kernel 3218on boot. 3219ETEXI 3220 3221STEXI 3222@end table 3223ETEXI 3224DEFHEADING() 3225 3226DEFHEADING(Debug/Expert options:) 3227STEXI 3228@table @option 3229ETEXI 3230 3231DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg, 3232 "-fw_cfg [name=]<name>,file=<file>\n" 3233 " add named fw_cfg entry with contents from file\n" 3234 "-fw_cfg [name=]<name>,string=<str>\n" 3235 " add named fw_cfg entry with contents from string\n", 3236 QEMU_ARCH_ALL) 3237STEXI 3238 3239@item -fw_cfg [name=]@var{name},file=@var{file} 3240@findex -fw_cfg 3241Add named fw_cfg entry with contents from file @var{file}. 3242 3243@item -fw_cfg [name=]@var{name},string=@var{str} 3244Add named fw_cfg entry with contents from string @var{str}. 3245 3246The terminating NUL character of the contents of @var{str} will not be 3247included as part of the fw_cfg item data. To insert contents with 3248embedded NUL characters, you have to use the @var{file} parameter. 3249 3250The fw_cfg entries are passed by QEMU through to the guest. 3251 3252Example: 3253@example 3254 -fw_cfg name=opt/com.mycompany/blob,file=./my_blob.bin 3255@end example 3256creates an fw_cfg entry named opt/com.mycompany/blob with contents 3257from ./my_blob.bin. 3258 3259ETEXI 3260 3261DEF("serial", HAS_ARG, QEMU_OPTION_serial, \ 3262 "-serial dev redirect the serial port to char device 'dev'\n", 3263 QEMU_ARCH_ALL) 3264STEXI 3265@item -serial @var{dev} 3266@findex -serial 3267Redirect the virtual serial port to host character device 3268@var{dev}. The default device is @code{vc} in graphical mode and 3269@code{stdio} in non graphical mode. 3270 3271This option can be used several times to simulate up to 4 serial 3272ports. 3273 3274Use @code{-serial none} to disable all serial ports. 3275 3276Available character devices are: 3277@table @option 3278@item vc[:@var{W}x@var{H}] 3279Virtual console. Optionally, a width and height can be given in pixel with 3280@example 3281vc:800x600 3282@end example 3283It is also possible to specify width or height in characters: 3284@example 3285vc:80Cx24C 3286@end example 3287@item pty 3288[Linux only] Pseudo TTY (a new PTY is automatically allocated) 3289@item none 3290No device is allocated. 3291@item null 3292void device 3293@item chardev:@var{id} 3294Use a named character device defined with the @code{-chardev} option. 3295@item /dev/XXX 3296[Linux only] Use host tty, e.g. @file{/dev/ttyS0}. The host serial port 3297parameters are set according to the emulated ones. 3298@item /dev/parport@var{N} 3299[Linux only, parallel port only] Use host parallel port 3300@var{N}. Currently SPP and EPP parallel port features can be used. 3301@item file:@var{filename} 3302Write output to @var{filename}. No character can be read. 3303@item stdio 3304[Unix only] standard input/output 3305@item pipe:@var{filename} 3306name pipe @var{filename} 3307@item COM@var{n} 3308[Windows only] Use host serial port @var{n} 3309@item udp:[@var{remote_host}]:@var{remote_port}[@@[@var{src_ip}]:@var{src_port}] 3310This implements UDP Net Console. 3311When @var{remote_host} or @var{src_ip} are not specified 3312they default to @code{0.0.0.0}. 3313When not using a specified @var{src_port} a random port is automatically chosen. 3314 3315If you just want a simple readonly console you can use @code{netcat} or 3316@code{nc}, by starting QEMU with: @code{-serial udp::4555} and nc as: 3317@code{nc -u -l -p 4555}. Any time QEMU writes something to that port it 3318will appear in the netconsole session. 3319 3320If you plan to send characters back via netconsole or you want to stop 3321and start QEMU a lot of times, you should have QEMU use the same 3322source port each time by using something like @code{-serial 3323udp::4555@@:4556} to QEMU. Another approach is to use a patched 3324version of netcat which can listen to a TCP port and send and receive 3325characters via udp. If you have a patched version of netcat which 3326activates telnet remote echo and single char transfer, then you can 3327use the following options to set up a netcat redirector to allow 3328telnet on port 5555 to access the QEMU port. 3329@table @code 3330@item QEMU Options: 3331-serial udp::4555@@:4556 3332@item netcat options: 3333-u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T 3334@item telnet options: 3335localhost 5555 3336@end table 3337 3338@item tcp:[@var{host}]:@var{port}[,@var{server}][,nowait][,nodelay][,reconnect=@var{seconds}] 3339The TCP Net Console has two modes of operation. It can send the serial 3340I/O to a location or wait for a connection from a location. By default 3341the TCP Net Console is sent to @var{host} at the @var{port}. If you use 3342the @var{server} option QEMU will wait for a client socket application 3343to connect to the port before continuing, unless the @code{nowait} 3344option was specified. The @code{nodelay} option disables the Nagle buffering 3345algorithm. The @code{reconnect} option only applies if @var{noserver} is 3346set, if the connection goes down it will attempt to reconnect at the 3347given interval. If @var{host} is omitted, 0.0.0.0 is assumed. Only 3348one TCP connection at a time is accepted. You can use @code{telnet} to 3349connect to the corresponding character device. 3350@table @code 3351@item Example to send tcp console to 192.168.0.2 port 4444 3352-serial tcp:192.168.0.2:4444 3353@item Example to listen and wait on port 4444 for connection 3354-serial tcp::4444,server 3355@item Example to not wait and listen on ip 192.168.0.100 port 4444 3356-serial tcp:192.168.0.100:4444,server,nowait 3357@end table 3358 3359@item telnet:@var{host}:@var{port}[,server][,nowait][,nodelay] 3360The telnet protocol is used instead of raw tcp sockets. The options 3361work the same as if you had specified @code{-serial tcp}. The 3362difference is that the port acts like a telnet server or client using 3363telnet option negotiation. This will also allow you to send the 3364MAGIC_SYSRQ sequence if you use a telnet that supports sending the break 3365sequence. Typically in unix telnet you do it with Control-] and then 3366type "send break" followed by pressing the enter key. 3367 3368@item websocket:@var{host}:@var{port},server[,nowait][,nodelay] 3369The WebSocket protocol is used instead of raw tcp socket. The port acts as 3370a WebSocket server. Client mode is not supported. 3371 3372@item unix:@var{path}[,server][,nowait][,reconnect=@var{seconds}] 3373A unix domain socket is used instead of a tcp socket. The option works the 3374same as if you had specified @code{-serial tcp} except the unix domain socket 3375@var{path} is used for connections. 3376 3377@item mon:@var{dev_string} 3378This is a special option to allow the monitor to be multiplexed onto 3379another serial port. The monitor is accessed with key sequence of 3380@key{Control-a} and then pressing @key{c}. 3381@var{dev_string} should be any one of the serial devices specified 3382above. An example to multiplex the monitor onto a telnet server 3383listening on port 4444 would be: 3384@table @code 3385@item -serial mon:telnet::4444,server,nowait 3386@end table 3387When the monitor is multiplexed to stdio in this way, Ctrl+C will not terminate 3388QEMU any more but will be passed to the guest instead. 3389 3390@item braille 3391Braille device. This will use BrlAPI to display the braille output on a real 3392or fake device. 3393 3394@item msmouse 3395Three button serial mouse. Configure the guest to use Microsoft protocol. 3396@end table 3397ETEXI 3398 3399DEF("parallel", HAS_ARG, QEMU_OPTION_parallel, \ 3400 "-parallel dev redirect the parallel port to char device 'dev'\n", 3401 QEMU_ARCH_ALL) 3402STEXI 3403@item -parallel @var{dev} 3404@findex -parallel 3405Redirect the virtual parallel port to host device @var{dev} (same 3406devices as the serial port). On Linux hosts, @file{/dev/parportN} can 3407be used to use hardware devices connected on the corresponding host 3408parallel port. 3409 3410This option can be used several times to simulate up to 3 parallel 3411ports. 3412 3413Use @code{-parallel none} to disable all parallel ports. 3414ETEXI 3415 3416DEF("monitor", HAS_ARG, QEMU_OPTION_monitor, \ 3417 "-monitor dev redirect the monitor to char device 'dev'\n", 3418 QEMU_ARCH_ALL) 3419STEXI 3420@item -monitor @var{dev} 3421@findex -monitor 3422Redirect the monitor to host device @var{dev} (same devices as the 3423serial port). 3424The default device is @code{vc} in graphical mode and @code{stdio} in 3425non graphical mode. 3426Use @code{-monitor none} to disable the default monitor. 3427ETEXI 3428DEF("qmp", HAS_ARG, QEMU_OPTION_qmp, \ 3429 "-qmp dev like -monitor but opens in 'control' mode\n", 3430 QEMU_ARCH_ALL) 3431STEXI 3432@item -qmp @var{dev} 3433@findex -qmp 3434Like -monitor but opens in 'control' mode. 3435ETEXI 3436DEF("qmp-pretty", HAS_ARG, QEMU_OPTION_qmp_pretty, \ 3437 "-qmp-pretty dev like -qmp but uses pretty JSON formatting\n", 3438 QEMU_ARCH_ALL) 3439STEXI 3440@item -qmp-pretty @var{dev} 3441@findex -qmp-pretty 3442Like -qmp but uses pretty JSON formatting. 3443ETEXI 3444 3445DEF("mon", HAS_ARG, QEMU_OPTION_mon, \ 3446 "-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]\n", QEMU_ARCH_ALL) 3447STEXI 3448@item -mon [chardev=]name[,mode=readline|control][,pretty[=on|off]] 3449@findex -mon 3450Setup monitor on chardev @var{name}. @code{pretty} turns on JSON pretty printing 3451easing human reading and debugging. 3452ETEXI 3453 3454DEF("debugcon", HAS_ARG, QEMU_OPTION_debugcon, \ 3455 "-debugcon dev redirect the debug console to char device 'dev'\n", 3456 QEMU_ARCH_ALL) 3457STEXI 3458@item -debugcon @var{dev} 3459@findex -debugcon 3460Redirect the debug console to host device @var{dev} (same devices as the 3461serial port). The debug console is an I/O port which is typically port 34620xe9; writing to that I/O port sends output to this device. 3463The default device is @code{vc} in graphical mode and @code{stdio} in 3464non graphical mode. 3465ETEXI 3466 3467DEF("pidfile", HAS_ARG, QEMU_OPTION_pidfile, \ 3468 "-pidfile file write PID to 'file'\n", QEMU_ARCH_ALL) 3469STEXI 3470@item -pidfile @var{file} 3471@findex -pidfile 3472Store the QEMU process PID in @var{file}. It is useful if you launch QEMU 3473from a script. 3474ETEXI 3475 3476DEF("singlestep", 0, QEMU_OPTION_singlestep, \ 3477 "-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL) 3478STEXI 3479@item -singlestep 3480@findex -singlestep 3481Run the emulation in single step mode. 3482ETEXI 3483 3484DEF("preconfig", 0, QEMU_OPTION_preconfig, \ 3485 "--preconfig pause QEMU before machine is initialized (experimental)\n", 3486 QEMU_ARCH_ALL) 3487STEXI 3488@item --preconfig 3489@findex --preconfig 3490Pause QEMU for interactive configuration before the machine is created, 3491which allows querying and configuring properties that will affect 3492machine initialization. Use QMP command 'x-exit-preconfig' to exit 3493the preconfig state and move to the next state (i.e. run guest if -S 3494isn't used or pause the second time if -S is used). This option is 3495experimental. 3496ETEXI 3497 3498DEF("S", 0, QEMU_OPTION_S, \ 3499 "-S freeze CPU at startup (use 'c' to start execution)\n", 3500 QEMU_ARCH_ALL) 3501STEXI 3502@item -S 3503@findex -S 3504Do not start CPU at startup (you must type 'c' in the monitor). 3505ETEXI 3506 3507DEF("realtime", HAS_ARG, QEMU_OPTION_realtime, 3508 "-realtime [mlock=on|off]\n" 3509 " run qemu with realtime features\n" 3510 " mlock=on|off controls mlock support (default: on)\n", 3511 QEMU_ARCH_ALL) 3512STEXI 3513@item -realtime mlock=on|off 3514@findex -realtime 3515Run qemu with realtime features. 3516mlocking qemu and guest memory can be enabled via @option{mlock=on} 3517(enabled by default). 3518ETEXI 3519 3520DEF("overcommit", HAS_ARG, QEMU_OPTION_overcommit, 3521 "-overcommit [mem-lock=on|off][cpu-pm=on|off]\n" 3522 " run qemu with overcommit hints\n" 3523 " mem-lock=on|off controls memory lock support (default: off)\n" 3524 " cpu-pm=on|off controls cpu power management (default: off)\n", 3525 QEMU_ARCH_ALL) 3526STEXI 3527@item -overcommit mem-lock=on|off 3528@item -overcommit cpu-pm=on|off 3529@findex -overcommit 3530Run qemu with hints about host resource overcommit. The default is 3531to assume that host overcommits all resources. 3532 3533Locking qemu and guest memory can be enabled via @option{mem-lock=on} (disabled 3534by default). This works when host memory is not overcommitted and reduces the 3535worst-case latency for guest. This is equivalent to @option{realtime}. 3536 3537Guest ability to manage power state of host cpus (increasing latency for other 3538processes on the same host cpu, but decreasing latency for guest) can be 3539enabled via @option{cpu-pm=on} (disabled by default). This works best when 3540host CPU is not overcommitted. When used, host estimates of CPU cycle and power 3541utilization will be incorrect, not taking into account guest idle time. 3542ETEXI 3543 3544DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \ 3545 "-gdb dev wait for gdb connection on 'dev'\n", QEMU_ARCH_ALL) 3546STEXI 3547@item -gdb @var{dev} 3548@findex -gdb 3549Wait for gdb connection on device @var{dev} (@pxref{gdb_usage}). Typical 3550connections will likely be TCP-based, but also UDP, pseudo TTY, or even 3551stdio are reasonable use case. The latter is allowing to start QEMU from 3552within gdb and establish the connection via a pipe: 3553@example 3554(gdb) target remote | exec qemu-system-i386 -gdb stdio ... 3555@end example 3556ETEXI 3557 3558DEF("s", 0, QEMU_OPTION_s, \ 3559 "-s shorthand for -gdb tcp::" DEFAULT_GDBSTUB_PORT "\n", 3560 QEMU_ARCH_ALL) 3561STEXI 3562@item -s 3563@findex -s 3564Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234 3565(@pxref{gdb_usage}). 3566ETEXI 3567 3568DEF("d", HAS_ARG, QEMU_OPTION_d, \ 3569 "-d item1,... enable logging of specified items (use '-d help' for a list of log items)\n", 3570 QEMU_ARCH_ALL) 3571STEXI 3572@item -d @var{item1}[,...] 3573@findex -d 3574Enable logging of specified items. Use '-d help' for a list of log items. 3575ETEXI 3576 3577DEF("D", HAS_ARG, QEMU_OPTION_D, \ 3578 "-D logfile output log to logfile (default stderr)\n", 3579 QEMU_ARCH_ALL) 3580STEXI 3581@item -D @var{logfile} 3582@findex -D 3583Output log in @var{logfile} instead of to stderr 3584ETEXI 3585 3586DEF("dfilter", HAS_ARG, QEMU_OPTION_DFILTER, \ 3587 "-dfilter range,.. filter debug output to range of addresses (useful for -d cpu,exec,etc..)\n", 3588 QEMU_ARCH_ALL) 3589STEXI 3590@item -dfilter @var{range1}[,...] 3591@findex -dfilter 3592Filter debug output to that relevant to a range of target addresses. The filter 3593spec can be either @var{start}+@var{size}, @var{start}-@var{size} or 3594@var{start}..@var{end} where @var{start} @var{end} and @var{size} are the 3595addresses and sizes required. For example: 3596@example 3597 -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,0xffffffc000060000-0x1000 3598@end example 3599Will dump output for any code in the 0x1000 sized block starting at 0x8000 and 3600the 0x200 sized block starting at 0xffffffc000080000 and another 0x1000 sized 3601block starting at 0xffffffc00005f000. 3602ETEXI 3603 3604DEF("L", HAS_ARG, QEMU_OPTION_L, \ 3605 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n", 3606 QEMU_ARCH_ALL) 3607STEXI 3608@item -L @var{path} 3609@findex -L 3610Set the directory for the BIOS, VGA BIOS and keymaps. 3611 3612To list all the data directories, use @code{-L help}. 3613ETEXI 3614 3615DEF("bios", HAS_ARG, QEMU_OPTION_bios, \ 3616 "-bios file set the filename for the BIOS\n", QEMU_ARCH_ALL) 3617STEXI 3618@item -bios @var{file} 3619@findex -bios 3620Set the filename for the BIOS. 3621ETEXI 3622 3623DEF("enable-kvm", 0, QEMU_OPTION_enable_kvm, \ 3624 "-enable-kvm enable KVM full virtualization support\n", QEMU_ARCH_ALL) 3625STEXI 3626@item -enable-kvm 3627@findex -enable-kvm 3628Enable KVM full virtualization support. This option is only available 3629if KVM support is enabled when compiling. 3630ETEXI 3631 3632DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid, 3633 "-xen-domid id specify xen guest domain id\n", QEMU_ARCH_ALL) 3634DEF("xen-attach", 0, QEMU_OPTION_xen_attach, 3635 "-xen-attach attach to existing xen domain\n" 3636 " libxl will use this when starting QEMU\n", 3637 QEMU_ARCH_ALL) 3638DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict, 3639 "-xen-domid-restrict restrict set of available xen operations\n" 3640 " to specified domain id. (Does not affect\n" 3641 " xenpv machine type).\n", 3642 QEMU_ARCH_ALL) 3643STEXI 3644@item -xen-domid @var{id} 3645@findex -xen-domid 3646Specify xen guest domain @var{id} (XEN only). 3647@item -xen-attach 3648@findex -xen-attach 3649Attach to existing xen domain. 3650libxl will use this when starting QEMU (XEN only). 3651@findex -xen-domid-restrict 3652Restrict set of available xen operations to specified domain id (XEN only). 3653ETEXI 3654 3655DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \ 3656 "-no-reboot exit instead of rebooting\n", QEMU_ARCH_ALL) 3657STEXI 3658@item -no-reboot 3659@findex -no-reboot 3660Exit instead of rebooting. 3661ETEXI 3662 3663DEF("no-shutdown", 0, QEMU_OPTION_no_shutdown, \ 3664 "-no-shutdown stop before shutdown\n", QEMU_ARCH_ALL) 3665STEXI 3666@item -no-shutdown 3667@findex -no-shutdown 3668Don't exit QEMU on guest shutdown, but instead only stop the emulation. 3669This allows for instance switching to monitor to commit changes to the 3670disk image. 3671ETEXI 3672 3673DEF("loadvm", HAS_ARG, QEMU_OPTION_loadvm, \ 3674 "-loadvm [tag|id]\n" \ 3675 " start right away with a saved state (loadvm in monitor)\n", 3676 QEMU_ARCH_ALL) 3677STEXI 3678@item -loadvm @var{file} 3679@findex -loadvm 3680Start right away with a saved state (@code{loadvm} in monitor) 3681ETEXI 3682 3683#ifndef _WIN32 3684DEF("daemonize", 0, QEMU_OPTION_daemonize, \ 3685 "-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL) 3686#endif 3687STEXI 3688@item -daemonize 3689@findex -daemonize 3690Daemonize the QEMU process after initialization. QEMU will not detach from 3691standard IO until it is ready to receive connections on any of its devices. 3692This option is a useful way for external programs to launch QEMU without having 3693to cope with initialization race conditions. 3694ETEXI 3695 3696DEF("option-rom", HAS_ARG, QEMU_OPTION_option_rom, \ 3697 "-option-rom rom load a file, rom, into the option ROM space\n", 3698 QEMU_ARCH_ALL) 3699STEXI 3700@item -option-rom @var{file} 3701@findex -option-rom 3702Load the contents of @var{file} as an option ROM. 3703This option is useful to load things like EtherBoot. 3704ETEXI 3705 3706DEF("rtc", HAS_ARG, QEMU_OPTION_rtc, \ 3707 "-rtc [base=utc|localtime|<datetime>][,clock=host|rt|vm][,driftfix=none|slew]\n" \ 3708 " set the RTC base and clock, enable drift fix for clock ticks (x86 only)\n", 3709 QEMU_ARCH_ALL) 3710 3711STEXI 3712 3713@item -rtc [base=utc|localtime|@var{datetime}][,clock=host|rt|vm][,driftfix=none|slew] 3714@findex -rtc 3715Specify @option{base} as @code{utc} or @code{localtime} to let the RTC start at the current 3716UTC or local time, respectively. @code{localtime} is required for correct date in 3717MS-DOS or Windows. To start at a specific point in time, provide @var{datetime} in the 3718format @code{2006-06-17T16:01:21} or @code{2006-06-17}. The default base is UTC. 3719 3720By default the RTC is driven by the host system time. This allows using of the 3721RTC as accurate reference clock inside the guest, specifically if the host 3722time is smoothly following an accurate external reference clock, e.g. via NTP. 3723If you want to isolate the guest time from the host, you can set @option{clock} 3724to @code{rt} instead, which provides a host monotonic clock if host support it. 3725To even prevent the RTC from progressing during suspension, you can set @option{clock} 3726to @code{vm} (virtual clock). @samp{clock=vm} is recommended especially in 3727icount mode in order to preserve determinism; however, note that in icount mode 3728the speed of the virtual clock is variable and can in general differ from the 3729host clock. 3730 3731Enable @option{driftfix} (i386 targets only) if you experience time drift problems, 3732specifically with Windows' ACPI HAL. This option will try to figure out how 3733many timer interrupts were not processed by the Windows guest and will 3734re-inject them. 3735ETEXI 3736 3737DEF("icount", HAS_ARG, QEMU_OPTION_icount, \ 3738 "-icount [shift=N|auto][,align=on|off][,sleep=on|off,rr=record|replay,rrfile=<filename>,rrsnapshot=<snapshot>]\n" \ 3739 " enable virtual instruction counter with 2^N clock ticks per\n" \ 3740 " instruction, enable aligning the host and virtual clocks\n" \ 3741 " or disable real time cpu sleeping\n", QEMU_ARCH_ALL) 3742STEXI 3743@item -icount [shift=@var{N}|auto][,rr=record|replay,rrfile=@var{filename},rrsnapshot=@var{snapshot}] 3744@findex -icount 3745Enable virtual instruction counter. The virtual cpu will execute one 3746instruction every 2^@var{N} ns of virtual time. If @code{auto} is specified 3747then the virtual cpu speed will be automatically adjusted to keep virtual 3748time within a few seconds of real time. 3749 3750When the virtual cpu is sleeping, the virtual time will advance at default 3751speed unless @option{sleep=on|off} is specified. 3752With @option{sleep=on|off}, the virtual time will jump to the next timer deadline 3753instantly whenever the virtual cpu goes to sleep mode and will not advance 3754if no timer is enabled. This behavior give deterministic execution times from 3755the guest point of view. 3756 3757Note that while this option can give deterministic behavior, it does not 3758provide cycle accurate emulation. Modern CPUs contain superscalar out of 3759order cores with complex cache hierarchies. The number of instructions 3760executed often has little or no correlation with actual performance. 3761 3762@option{align=on} will activate the delay algorithm which will try 3763to synchronise the host clock and the virtual clock. The goal is to 3764have a guest running at the real frequency imposed by the shift option. 3765Whenever the guest clock is behind the host clock and if 3766@option{align=on} is specified then we print a message to the user 3767to inform about the delay. 3768Currently this option does not work when @option{shift} is @code{auto}. 3769Note: The sync algorithm will work for those shift values for which 3770the guest clock runs ahead of the host clock. Typically this happens 3771when the shift value is high (how high depends on the host machine). 3772 3773When @option{rr} option is specified deterministic record/replay is enabled. 3774Replay log is written into @var{filename} file in record mode and 3775read from this file in replay mode. 3776 3777Option rrsnapshot is used to create new vm snapshot named @var{snapshot} 3778at the start of execution recording. In replay mode this option is used 3779to load the initial VM state. 3780ETEXI 3781 3782DEF("watchdog", HAS_ARG, QEMU_OPTION_watchdog, \ 3783 "-watchdog model\n" \ 3784 " enable virtual hardware watchdog [default=none]\n", 3785 QEMU_ARCH_ALL) 3786STEXI 3787@item -watchdog @var{model} 3788@findex -watchdog 3789Create a virtual hardware watchdog device. Once enabled (by a guest 3790action), the watchdog must be periodically polled by an agent inside 3791the guest or else the guest will be restarted. Choose a model for 3792which your guest has drivers. 3793 3794The @var{model} is the model of hardware watchdog to emulate. Use 3795@code{-watchdog help} to list available hardware models. Only one 3796watchdog can be enabled for a guest. 3797 3798The following models may be available: 3799@table @option 3800@item ib700 3801iBASE 700 is a very simple ISA watchdog with a single timer. 3802@item i6300esb 3803Intel 6300ESB I/O controller hub is a much more featureful PCI-based 3804dual-timer watchdog. 3805@item diag288 3806A virtual watchdog for s390x backed by the diagnose 288 hypercall 3807(currently KVM only). 3808@end table 3809ETEXI 3810 3811DEF("watchdog-action", HAS_ARG, QEMU_OPTION_watchdog_action, \ 3812 "-watchdog-action reset|shutdown|poweroff|inject-nmi|pause|debug|none\n" \ 3813 " action when watchdog fires [default=reset]\n", 3814 QEMU_ARCH_ALL) 3815STEXI 3816@item -watchdog-action @var{action} 3817@findex -watchdog-action 3818 3819The @var{action} controls what QEMU will do when the watchdog timer 3820expires. 3821The default is 3822@code{reset} (forcefully reset the guest). 3823Other possible actions are: 3824@code{shutdown} (attempt to gracefully shutdown the guest), 3825@code{poweroff} (forcefully poweroff the guest), 3826@code{inject-nmi} (inject a NMI into the guest), 3827@code{pause} (pause the guest), 3828@code{debug} (print a debug message and continue), or 3829@code{none} (do nothing). 3830 3831Note that the @code{shutdown} action requires that the guest responds 3832to ACPI signals, which it may not be able to do in the sort of 3833situations where the watchdog would have expired, and thus 3834@code{-watchdog-action shutdown} is not recommended for production use. 3835 3836Examples: 3837 3838@table @code 3839@item -watchdog i6300esb -watchdog-action pause 3840@itemx -watchdog ib700 3841@end table 3842ETEXI 3843 3844DEF("echr", HAS_ARG, QEMU_OPTION_echr, \ 3845 "-echr chr set terminal escape character instead of ctrl-a\n", 3846 QEMU_ARCH_ALL) 3847STEXI 3848 3849@item -echr @var{numeric_ascii_value} 3850@findex -echr 3851Change the escape character used for switching to the monitor when using 3852monitor and serial sharing. The default is @code{0x01} when using the 3853@code{-nographic} option. @code{0x01} is equal to pressing 3854@code{Control-a}. You can select a different character from the ascii 3855control keys where 1 through 26 map to Control-a through Control-z. For 3856instance you could use the either of the following to change the escape 3857character to Control-t. 3858@table @code 3859@item -echr 0x14 3860@itemx -echr 20 3861@end table 3862ETEXI 3863 3864DEF("show-cursor", 0, QEMU_OPTION_show_cursor, \ 3865 "-show-cursor show cursor\n", QEMU_ARCH_ALL) 3866STEXI 3867@item -show-cursor 3868@findex -show-cursor 3869Show cursor. 3870ETEXI 3871 3872DEF("tb-size", HAS_ARG, QEMU_OPTION_tb_size, \ 3873 "-tb-size n set TB size\n", QEMU_ARCH_ALL) 3874STEXI 3875@item -tb-size @var{n} 3876@findex -tb-size 3877Set TB size. 3878ETEXI 3879 3880DEF("incoming", HAS_ARG, QEMU_OPTION_incoming, \ 3881 "-incoming tcp:[host]:port[,to=maxport][,ipv4][,ipv6]\n" \ 3882 "-incoming rdma:host:port[,ipv4][,ipv6]\n" \ 3883 "-incoming unix:socketpath\n" \ 3884 " prepare for incoming migration, listen on\n" \ 3885 " specified protocol and socket address\n" \ 3886 "-incoming fd:fd\n" \ 3887 "-incoming exec:cmdline\n" \ 3888 " accept incoming migration on given file descriptor\n" \ 3889 " or from given external command\n" \ 3890 "-incoming defer\n" \ 3891 " wait for the URI to be specified via migrate_incoming\n", 3892 QEMU_ARCH_ALL) 3893STEXI 3894@item -incoming tcp:[@var{host}]:@var{port}[,to=@var{maxport}][,ipv4][,ipv6] 3895@itemx -incoming rdma:@var{host}:@var{port}[,ipv4][,ipv6] 3896@findex -incoming 3897Prepare for incoming migration, listen on a given tcp port. 3898 3899@item -incoming unix:@var{socketpath} 3900Prepare for incoming migration, listen on a given unix socket. 3901 3902@item -incoming fd:@var{fd} 3903Accept incoming migration from a given filedescriptor. 3904 3905@item -incoming exec:@var{cmdline} 3906Accept incoming migration as an output from specified external command. 3907 3908@item -incoming defer 3909Wait for the URI to be specified via migrate_incoming. The monitor can 3910be used to change settings (such as migration parameters) prior to issuing 3911the migrate_incoming to allow the migration to begin. 3912ETEXI 3913 3914DEF("only-migratable", 0, QEMU_OPTION_only_migratable, \ 3915 "-only-migratable allow only migratable devices\n", QEMU_ARCH_ALL) 3916STEXI 3917@item -only-migratable 3918@findex -only-migratable 3919Only allow migratable devices. Devices will not be allowed to enter an 3920unmigratable state. 3921ETEXI 3922 3923DEF("nodefaults", 0, QEMU_OPTION_nodefaults, \ 3924 "-nodefaults don't create default devices\n", QEMU_ARCH_ALL) 3925STEXI 3926@item -nodefaults 3927@findex -nodefaults 3928Don't create default devices. Normally, QEMU sets the default devices like serial 3929port, parallel port, virtual console, monitor device, VGA adapter, floppy and 3930CD-ROM drive and others. The @code{-nodefaults} option will disable all those 3931default devices. 3932ETEXI 3933 3934#ifndef _WIN32 3935DEF("chroot", HAS_ARG, QEMU_OPTION_chroot, \ 3936 "-chroot dir chroot to dir just before starting the VM\n", 3937 QEMU_ARCH_ALL) 3938#endif 3939STEXI 3940@item -chroot @var{dir} 3941@findex -chroot 3942Immediately before starting guest execution, chroot to the specified 3943directory. Especially useful in combination with -runas. 3944ETEXI 3945 3946#ifndef _WIN32 3947DEF("runas", HAS_ARG, QEMU_OPTION_runas, \ 3948 "-runas user change to user id user just before starting the VM\n" \ 3949 " user can be numeric uid:gid instead\n", 3950 QEMU_ARCH_ALL) 3951#endif 3952STEXI 3953@item -runas @var{user} 3954@findex -runas 3955Immediately before starting guest execution, drop root privileges, switching 3956to the specified user. 3957ETEXI 3958 3959DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env, 3960 "-prom-env variable=value\n" 3961 " set OpenBIOS nvram variables\n", 3962 QEMU_ARCH_PPC | QEMU_ARCH_SPARC) 3963STEXI 3964@item -prom-env @var{variable}=@var{value} 3965@findex -prom-env 3966Set OpenBIOS nvram @var{variable} to given @var{value} (PPC, SPARC only). 3967ETEXI 3968DEF("semihosting", 0, QEMU_OPTION_semihosting, 3969 "-semihosting semihosting mode\n", 3970 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 | 3971 QEMU_ARCH_MIPS | QEMU_ARCH_NIOS2) 3972STEXI 3973@item -semihosting 3974@findex -semihosting 3975Enable semihosting mode (ARM, M68K, Xtensa, MIPS, Nios II only). 3976ETEXI 3977DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config, 3978 "-semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]]\n" \ 3979 " semihosting configuration\n", 3980QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 | 3981QEMU_ARCH_MIPS | QEMU_ARCH_NIOS2) 3982STEXI 3983@item -semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]] 3984@findex -semihosting-config 3985Enable and configure semihosting (ARM, M68K, Xtensa, MIPS, Nios II only). 3986@table @option 3987@item target=@code{native|gdb|auto} 3988Defines where the semihosting calls will be addressed, to QEMU (@code{native}) 3989or to GDB (@code{gdb}). The default is @code{auto}, which means @code{gdb} 3990during debug sessions and @code{native} otherwise. 3991@item arg=@var{str1},arg=@var{str2},... 3992Allows the user to pass input arguments, and can be used multiple times to build 3993up a list. The old-style @code{-kernel}/@code{-append} method of passing a 3994command line is still supported for backward compatibility. If both the 3995@code{--semihosting-config arg} and the @code{-kernel}/@code{-append} are 3996specified, the former is passed to semihosting as it always takes precedence. 3997@end table 3998ETEXI 3999DEF("old-param", 0, QEMU_OPTION_old_param, 4000 "-old-param old param mode\n", QEMU_ARCH_ARM) 4001STEXI 4002@item -old-param 4003@findex -old-param (ARM) 4004Old param mode (ARM only). 4005ETEXI 4006 4007DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \ 4008 "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \ 4009 " [,spawn=allow|deny][,resourcecontrol=allow|deny]\n" \ 4010 " Enable seccomp mode 2 system call filter (default 'off').\n" \ 4011 " use 'obsolete' to allow obsolete system calls that are provided\n" \ 4012 " by the kernel, but typically no longer used by modern\n" \ 4013 " C library implementations.\n" \ 4014 " use 'elevateprivileges' to allow or deny QEMU process to elevate\n" \ 4015 " its privileges by blacklisting all set*uid|gid system calls.\n" \ 4016 " The value 'children' will deny set*uid|gid system calls for\n" \ 4017 " main QEMU process but will allow forks and execves to run unprivileged\n" \ 4018 " use 'spawn' to avoid QEMU to spawn new threads or processes by\n" \ 4019 " blacklisting *fork and execve\n" \ 4020 " use 'resourcecontrol' to disable process affinity and schedular priority\n", 4021 QEMU_ARCH_ALL) 4022STEXI 4023@item -sandbox @var{arg}[,obsolete=@var{string}][,elevateprivileges=@var{string}][,spawn=@var{string}][,resourcecontrol=@var{string}] 4024@findex -sandbox 4025Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering and 'off' will 4026disable it. The default is 'off'. 4027@table @option 4028@item obsolete=@var{string} 4029Enable Obsolete system calls 4030@item elevateprivileges=@var{string} 4031Disable set*uid|gid system calls 4032@item spawn=@var{string} 4033Disable *fork and execve 4034@item resourcecontrol=@var{string} 4035Disable process affinity and schedular priority 4036@end table 4037ETEXI 4038 4039DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig, 4040 "-readconfig <file>\n", QEMU_ARCH_ALL) 4041STEXI 4042@item -readconfig @var{file} 4043@findex -readconfig 4044Read device configuration from @var{file}. This approach is useful when you want to spawn 4045QEMU process with many command line options but you don't want to exceed the command line 4046character limit. 4047ETEXI 4048DEF("writeconfig", HAS_ARG, QEMU_OPTION_writeconfig, 4049 "-writeconfig <file>\n" 4050 " read/write config file\n", QEMU_ARCH_ALL) 4051STEXI 4052@item -writeconfig @var{file} 4053@findex -writeconfig 4054Write device configuration to @var{file}. The @var{file} can be either filename to save 4055command line and device configuration into file or dash @code{-}) character to print the 4056output to stdout. This can be later used as input file for @code{-readconfig} option. 4057ETEXI 4058 4059DEF("no-user-config", 0, QEMU_OPTION_nouserconfig, 4060 "-no-user-config\n" 4061 " do not load default user-provided config files at startup\n", 4062 QEMU_ARCH_ALL) 4063STEXI 4064@item -no-user-config 4065@findex -no-user-config 4066The @code{-no-user-config} option makes QEMU not load any of the user-provided 4067config files on @var{sysconfdir}. 4068ETEXI 4069 4070DEF("trace", HAS_ARG, QEMU_OPTION_trace, 4071 "-trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n" 4072 " specify tracing options\n", 4073 QEMU_ARCH_ALL) 4074STEXI 4075HXCOMM This line is not accurate, as some sub-options are backend-specific but 4076HXCOMM HX does not support conditional compilation of text. 4077@item -trace [[enable=]@var{pattern}][,events=@var{file}][,file=@var{file}] 4078@findex -trace 4079@include qemu-option-trace.texi 4080ETEXI 4081 4082HXCOMM Internal use 4083DEF("qtest", HAS_ARG, QEMU_OPTION_qtest, "", QEMU_ARCH_ALL) 4084DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL) 4085 4086#ifdef __linux__ 4087DEF("enable-fips", 0, QEMU_OPTION_enablefips, 4088 "-enable-fips enable FIPS 140-2 compliance\n", 4089 QEMU_ARCH_ALL) 4090#endif 4091STEXI 4092@item -enable-fips 4093@findex -enable-fips 4094Enable FIPS 140-2 compliance mode. 4095ETEXI 4096 4097HXCOMM Deprecated by -machine accel=tcg property 4098DEF("no-kvm", 0, QEMU_OPTION_no_kvm, "", QEMU_ARCH_I386) 4099 4100DEF("msg", HAS_ARG, QEMU_OPTION_msg, 4101 "-msg timestamp[=on|off]\n" 4102 " change the format of messages\n" 4103 " on|off controls leading timestamps (default:on)\n", 4104 QEMU_ARCH_ALL) 4105STEXI 4106@item -msg timestamp[=on|off] 4107@findex -msg 4108prepend a timestamp to each log message.(default:on) 4109ETEXI 4110 4111DEF("dump-vmstate", HAS_ARG, QEMU_OPTION_dump_vmstate, 4112 "-dump-vmstate <file>\n" 4113 " Output vmstate information in JSON format to file.\n" 4114 " Use the scripts/vmstate-static-checker.py file to\n" 4115 " check for possible regressions in migration code\n" 4116 " by comparing two such vmstate dumps.\n", 4117 QEMU_ARCH_ALL) 4118STEXI 4119@item -dump-vmstate @var{file} 4120@findex -dump-vmstate 4121Dump json-encoded vmstate information for current machine type to file 4122in @var{file} 4123ETEXI 4124 4125DEF("enable-sync-profile", 0, QEMU_OPTION_enable_sync_profile, 4126 "-enable-sync-profile\n" 4127 " enable synchronization profiling\n", 4128 QEMU_ARCH_ALL) 4129STEXI 4130@item -enable-sync-profile 4131@findex -enable-sync-profile 4132Enable synchronization profiling. 4133ETEXI 4134 4135STEXI 4136@end table 4137ETEXI 4138DEFHEADING() 4139 4140DEFHEADING(Generic object creation:) 4141STEXI 4142@table @option 4143ETEXI 4144 4145DEF("object", HAS_ARG, QEMU_OPTION_object, 4146 "-object TYPENAME[,PROP1=VALUE1,...]\n" 4147 " create a new object of type TYPENAME setting properties\n" 4148 " in the order they are specified. Note that the 'id'\n" 4149 " property must be set. These objects are placed in the\n" 4150 " '/objects' path.\n", 4151 QEMU_ARCH_ALL) 4152STEXI 4153@item -object @var{typename}[,@var{prop1}=@var{value1},...] 4154@findex -object 4155Create a new object of type @var{typename} setting properties 4156in the order they are specified. Note that the 'id' 4157property must be set. These objects are placed in the 4158'/objects' path. 4159 4160@table @option 4161 4162@item -object memory-backend-file,id=@var{id},size=@var{size},mem-path=@var{dir},share=@var{on|off},discard-data=@var{on|off},merge=@var{on|off},dump=@var{on|off},prealloc=@var{on|off},host-nodes=@var{host-nodes},policy=@var{default|preferred|bind|interleave},align=@var{align} 4163 4164Creates a memory file backend object, which can be used to back 4165the guest RAM with huge pages. 4166 4167The @option{id} parameter is a unique ID that will be used to reference this 4168memory region when configuring the @option{-numa} argument. 4169 4170The @option{size} option provides the size of the memory region, and accepts 4171common suffixes, eg @option{500M}. 4172 4173The @option{mem-path} provides the path to either a shared memory or huge page 4174filesystem mount. 4175 4176The @option{share} boolean option determines whether the memory 4177region is marked as private to QEMU, or shared. The latter allows 4178a co-operating external process to access the QEMU memory region. 4179 4180The @option{share} is also required for pvrdma devices due to 4181limitations in the RDMA API provided by Linux. 4182 4183Setting share=on might affect the ability to configure NUMA 4184bindings for the memory backend under some circumstances, see 4185Documentation/vm/numa_memory_policy.txt on the Linux kernel 4186source tree for additional details. 4187 4188Setting the @option{discard-data} boolean option to @var{on} 4189indicates that file contents can be destroyed when QEMU exits, 4190to avoid unnecessarily flushing data to the backing file. Note 4191that @option{discard-data} is only an optimization, and QEMU 4192might not discard file contents if it aborts unexpectedly or is 4193terminated using SIGKILL. 4194 4195The @option{merge} boolean option enables memory merge, also known as 4196MADV_MERGEABLE, so that Kernel Samepage Merging will consider the pages for 4197memory deduplication. 4198 4199Setting the @option{dump} boolean option to @var{off} excludes the memory from 4200core dumps. This feature is also known as MADV_DONTDUMP. 4201 4202The @option{prealloc} boolean option enables memory preallocation. 4203 4204The @option{host-nodes} option binds the memory range to a list of NUMA host 4205nodes. 4206 4207The @option{policy} option sets the NUMA policy to one of the following values: 4208 4209@table @option 4210@item @var{default} 4211default host policy 4212 4213@item @var{preferred} 4214prefer the given host node list for allocation 4215 4216@item @var{bind} 4217restrict memory allocation to the given host node list 4218 4219@item @var{interleave} 4220interleave memory allocations across the given host node list 4221@end table 4222 4223The @option{align} option specifies the base address alignment when 4224QEMU mmap(2) @option{mem-path}, and accepts common suffixes, eg 4225@option{2M}. Some backend store specified by @option{mem-path} 4226requires an alignment different than the default one used by QEMU, eg 4227the device DAX /dev/dax0.0 requires 2M alignment rather than 4K. In 4228such cases, users can specify the required alignment via this option. 4229 4230The @option{pmem} option specifies whether the backing file specified 4231by @option{mem-path} is in host persistent memory that can be accessed 4232using the SNIA NVM programming model (e.g. Intel NVDIMM). 4233If @option{pmem} is set to 'on', QEMU will take necessary operations to 4234guarantee the persistence of its own writes to @option{mem-path} 4235(e.g. in vNVDIMM label emulation and live migration). 4236Also, we will map the backend-file with MAP_SYNC flag, which ensures the 4237file metadata is in sync for @option{mem-path} in case of host crash 4238or a power failure. MAP_SYNC requires support from both the host kernel 4239(since Linux kernel 4.15) and the filesystem of @option{mem-path} mounted 4240with DAX option. 4241 4242@item -object memory-backend-ram,id=@var{id},merge=@var{on|off},dump=@var{on|off},share=@var{on|off},prealloc=@var{on|off},size=@var{size},host-nodes=@var{host-nodes},policy=@var{default|preferred|bind|interleave} 4243 4244Creates a memory backend object, which can be used to back the guest RAM. 4245Memory backend objects offer more control than the @option{-m} option that is 4246traditionally used to define guest RAM. Please refer to 4247@option{memory-backend-file} for a description of the options. 4248 4249@item -object memory-backend-memfd,id=@var{id},merge=@var{on|off},dump=@var{on|off},share=@var{on|off},prealloc=@var{on|off},size=@var{size},host-nodes=@var{host-nodes},policy=@var{default|preferred|bind|interleave},seal=@var{on|off},hugetlb=@var{on|off},hugetlbsize=@var{size} 4250 4251Creates an anonymous memory file backend object, which allows QEMU to 4252share the memory with an external process (e.g. when using 4253vhost-user). The memory is allocated with memfd and optional 4254sealing. (Linux only) 4255 4256The @option{seal} option creates a sealed-file, that will block 4257further resizing the memory ('on' by default). 4258 4259The @option{hugetlb} option specify the file to be created resides in 4260the hugetlbfs filesystem (since Linux 4.14). Used in conjunction with 4261the @option{hugetlb} option, the @option{hugetlbsize} option specify 4262the hugetlb page size on systems that support multiple hugetlb page 4263sizes (it must be a power of 2 value supported by the system). 4264 4265In some versions of Linux, the @option{hugetlb} option is incompatible 4266with the @option{seal} option (requires at least Linux 4.16). 4267 4268Please refer to @option{memory-backend-file} for a description of the 4269other options. 4270 4271The @option{share} boolean option is @var{on} by default with memfd. 4272 4273@item -object rng-random,id=@var{id},filename=@var{/dev/random} 4274 4275Creates a random number generator backend which obtains entropy from 4276a device on the host. The @option{id} parameter is a unique ID that 4277will be used to reference this entropy backend from the @option{virtio-rng} 4278device. The @option{filename} parameter specifies which file to obtain 4279entropy from and if omitted defaults to @option{/dev/random}. 4280 4281@item -object rng-egd,id=@var{id},chardev=@var{chardevid} 4282 4283Creates a random number generator backend which obtains entropy from 4284an external daemon running on the host. The @option{id} parameter is 4285a unique ID that will be used to reference this entropy backend from 4286the @option{virtio-rng} device. The @option{chardev} parameter is 4287the unique ID of a character device backend that provides the connection 4288to the RNG daemon. 4289 4290@item -object tls-creds-anon,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},verify-peer=@var{on|off} 4291 4292Creates a TLS anonymous credentials object, which can be used to provide 4293TLS support on network backends. The @option{id} parameter is a unique 4294ID which network backends will use to access the credentials. The 4295@option{endpoint} is either @option{server} or @option{client} depending 4296on whether the QEMU network backend that uses the credentials will be 4297acting as a client or as a server. If @option{verify-peer} is enabled 4298(the default) then once the handshake is completed, the peer credentials 4299will be verified, though this is a no-op for anonymous credentials. 4300 4301The @var{dir} parameter tells QEMU where to find the credential 4302files. For server endpoints, this directory may contain a file 4303@var{dh-params.pem} providing diffie-hellman parameters to use 4304for the TLS server. If the file is missing, QEMU will generate 4305a set of DH parameters at startup. This is a computationally 4306expensive operation that consumes random pool entropy, so it is 4307recommended that a persistent set of parameters be generated 4308upfront and saved. 4309 4310@item -object tls-creds-psk,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/keys/dir}[,username=@var{username}] 4311 4312Creates a TLS Pre-Shared Keys (PSK) credentials object, which can be used to provide 4313TLS support on network backends. The @option{id} parameter is a unique 4314ID which network backends will use to access the credentials. The 4315@option{endpoint} is either @option{server} or @option{client} depending 4316on whether the QEMU network backend that uses the credentials will be 4317acting as a client or as a server. For clients only, @option{username} 4318is the username which will be sent to the server. If omitted 4319it defaults to ``qemu''. 4320 4321The @var{dir} parameter tells QEMU where to find the keys file. 4322It is called ``@var{dir}/keys.psk'' and contains ``username:key'' 4323pairs. This file can most easily be created using the GnuTLS 4324@code{psktool} program. 4325 4326For server endpoints, @var{dir} may also contain a file 4327@var{dh-params.pem} providing diffie-hellman parameters to use 4328for the TLS server. If the file is missing, QEMU will generate 4329a set of DH parameters at startup. This is a computationally 4330expensive operation that consumes random pool entropy, so it is 4331recommended that a persistent set of parameters be generated 4332up front and saved. 4333 4334@item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},priority=@var{priority},verify-peer=@var{on|off},passwordid=@var{id} 4335 4336Creates a TLS anonymous credentials object, which can be used to provide 4337TLS support on network backends. The @option{id} parameter is a unique 4338ID which network backends will use to access the credentials. The 4339@option{endpoint} is either @option{server} or @option{client} depending 4340on whether the QEMU network backend that uses the credentials will be 4341acting as a client or as a server. If @option{verify-peer} is enabled 4342(the default) then once the handshake is completed, the peer credentials 4343will be verified. With x509 certificates, this implies that the clients 4344must be provided with valid client certificates too. 4345 4346The @var{dir} parameter tells QEMU where to find the credential 4347files. For server endpoints, this directory may contain a file 4348@var{dh-params.pem} providing diffie-hellman parameters to use 4349for the TLS server. If the file is missing, QEMU will generate 4350a set of DH parameters at startup. This is a computationally 4351expensive operation that consumes random pool entropy, so it is 4352recommended that a persistent set of parameters be generated 4353upfront and saved. 4354 4355For x509 certificate credentials the directory will contain further files 4356providing the x509 certificates. The certificates must be stored 4357in PEM format, in filenames @var{ca-cert.pem}, @var{ca-crl.pem} (optional), 4358@var{server-cert.pem} (only servers), @var{server-key.pem} (only servers), 4359@var{client-cert.pem} (only clients), and @var{client-key.pem} (only clients). 4360 4361For the @var{server-key.pem} and @var{client-key.pem} files which 4362contain sensitive private keys, it is possible to use an encrypted 4363version by providing the @var{passwordid} parameter. This provides 4364the ID of a previously created @code{secret} object containing the 4365password for decryption. 4366 4367The @var{priority} parameter allows to override the global default 4368priority used by gnutls. This can be useful if the system administrator 4369needs to use a weaker set of crypto priorities for QEMU without 4370potentially forcing the weakness onto all applications. Or conversely 4371if one wants wants a stronger default for QEMU than for all other 4372applications, they can do this through this parameter. Its format is 4373a gnutls priority string as described at 4374@url{https://gnutls.org/manual/html_node/Priority-Strings.html}. 4375 4376@item -object filter-buffer,id=@var{id},netdev=@var{netdevid},interval=@var{t}[,queue=@var{all|rx|tx}][,status=@var{on|off}] 4377 4378Interval @var{t} can't be 0, this filter batches the packet delivery: all 4379packets arriving in a given interval on netdev @var{netdevid} are delayed 4380until the end of the interval. Interval is in microseconds. 4381@option{status} is optional that indicate whether the netfilter is 4382on (enabled) or off (disabled), the default status for netfilter will be 'on'. 4383 4384queue @var{all|rx|tx} is an option that can be applied to any netfilter. 4385 4386@option{all}: the filter is attached both to the receive and the transmit 4387 queue of the netdev (default). 4388 4389@option{rx}: the filter is attached to the receive queue of the netdev, 4390 where it will receive packets sent to the netdev. 4391 4392@option{tx}: the filter is attached to the transmit queue of the netdev, 4393 where it will receive packets sent by the netdev. 4394 4395@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support] 4396 4397filter-mirror on netdev @var{netdevid},mirror net packet to chardev@var{chardevid}, if it has the vnet_hdr_support flag, filter-mirror will mirror packet with vnet_hdr_len. 4398 4399@item -object filter-redirector,id=@var{id},netdev=@var{netdevid},indev=@var{chardevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support] 4400 4401filter-redirector on netdev @var{netdevid},redirect filter's net packet to chardev 4402@var{chardevid},and redirect indev's packet to filter.if it has the vnet_hdr_support flag, 4403filter-redirector will redirect packet with vnet_hdr_len. 4404Create a filter-redirector we need to differ outdev id from indev id, id can not 4405be the same. we can just use indev or outdev, but at least one of indev or outdev 4406need to be specified. 4407 4408@item -object filter-rewriter,id=@var{id},netdev=@var{netdevid},queue=@var{all|rx|tx},[vnet_hdr_support] 4409 4410Filter-rewriter is a part of COLO project.It will rewrite tcp packet to 4411secondary from primary to keep secondary tcp connection,and rewrite 4412tcp packet to primary from secondary make tcp packet can be handled by 4413client.if it has the vnet_hdr_support flag, we can parse packet with vnet header. 4414 4415usage: 4416colo secondary: 4417-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 4418-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 4419-object filter-rewriter,id=rew0,netdev=hn0,queue=all 4420 4421@item -object filter-dump,id=@var{id},netdev=@var{dev}[,file=@var{filename}][,maxlen=@var{len}] 4422 4423Dump the network traffic on netdev @var{dev} to the file specified by 4424@var{filename}. At most @var{len} bytes (64k by default) per packet are stored. 4425The file format is libpcap, so it can be analyzed with tools such as tcpdump 4426or Wireshark. 4427 4428@item -object colo-compare,id=@var{id},primary_in=@var{chardevid},secondary_in=@var{chardevid},outdev=@var{chardevid}[,vnet_hdr_support] 4429 4430Colo-compare gets packet from primary_in@var{chardevid} and secondary_in@var{chardevid}, than compare primary packet with 4431secondary packet. If the packets are same, we will output primary 4432packet to outdev@var{chardevid}, else we will notify colo-frame 4433do checkpoint and send primary packet to outdev@var{chardevid}. 4434if it has the vnet_hdr_support flag, colo compare will send/recv packet with vnet_hdr_len. 4435 4436we must use it with the help of filter-mirror and filter-redirector. 4437 4438@example 4439 4440primary: 4441-netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown 4442-device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66 4443-chardev socket,id=mirror0,host=3.3.3.3,port=9003,server,nowait 4444-chardev socket,id=compare1,host=3.3.3.3,port=9004,server,nowait 4445-chardev socket,id=compare0,host=3.3.3.3,port=9001,server,nowait 4446-chardev socket,id=compare0-0,host=3.3.3.3,port=9001 4447-chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait 4448-chardev socket,id=compare_out0,host=3.3.3.3,port=9005 4449-object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0 4450-object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out 4451-object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0 4452-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0 4453 4454secondary: 4455-netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,down script=/etc/qemu-ifdown 4456-device e1000,netdev=hn0,mac=52:a4:00:12:78:66 4457-chardev socket,id=red0,host=3.3.3.3,port=9003 4458-chardev socket,id=red1,host=3.3.3.3,port=9004 4459-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 4460-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 4461 4462@end example 4463 4464If you want to know the detail of above command line, you can read 4465the colo-compare git log. 4466 4467@item -object cryptodev-backend-builtin,id=@var{id}[,queues=@var{queues}] 4468 4469Creates a cryptodev backend which executes crypto opreation from 4470the QEMU cipher APIS. The @var{id} parameter is 4471a unique ID that will be used to reference this cryptodev backend from 4472the @option{virtio-crypto} device. The @var{queues} parameter is optional, 4473which specify the queue number of cryptodev backend, the default of 4474@var{queues} is 1. 4475 4476@example 4477 4478 # qemu-system-x86_64 \ 4479 [...] \ 4480 -object cryptodev-backend-builtin,id=cryptodev0 \ 4481 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \ 4482 [...] 4483@end example 4484 4485@item -object cryptodev-vhost-user,id=@var{id},chardev=@var{chardevid}[,queues=@var{queues}] 4486 4487Creates a vhost-user cryptodev backend, backed by a chardev @var{chardevid}. 4488The @var{id} parameter is a unique ID that will be used to reference this 4489cryptodev backend from the @option{virtio-crypto} device. 4490The chardev should be a unix domain socket backed one. The vhost-user uses 4491a specifically defined protocol to pass vhost ioctl replacement messages 4492to an application on the other end of the socket. 4493The @var{queues} parameter is optional, which specify the queue number 4494of cryptodev backend for multiqueue vhost-user, the default of @var{queues} is 1. 4495 4496@example 4497 4498 # qemu-system-x86_64 \ 4499 [...] \ 4500 -chardev socket,id=chardev0,path=/path/to/socket \ 4501 -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \ 4502 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \ 4503 [...] 4504@end example 4505 4506@item -object secret,id=@var{id},data=@var{string},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] 4507@item -object secret,id=@var{id},file=@var{filename},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] 4508 4509Defines a secret to store a password, encryption key, or some other sensitive 4510data. The sensitive data can either be passed directly via the @var{data} 4511parameter, or indirectly via the @var{file} parameter. Using the @var{data} 4512parameter is insecure unless the sensitive data is encrypted. 4513 4514The sensitive data can be provided in raw format (the default), or base64. 4515When encoded as JSON, the raw format only supports valid UTF-8 characters, 4516so base64 is recommended for sending binary data. QEMU will convert from 4517which ever format is provided to the format it needs internally. eg, an 4518RBD password can be provided in raw format, even though it will be base64 4519encoded when passed onto the RBD sever. 4520 4521For added protection, it is possible to encrypt the data associated with 4522a secret using the AES-256-CBC cipher. Use of encryption is indicated 4523by providing the @var{keyid} and @var{iv} parameters. The @var{keyid} 4524parameter provides the ID of a previously defined secret that contains 4525the AES-256 decryption key. This key should be 32-bytes long and be 4526base64 encoded. The @var{iv} parameter provides the random initialization 4527vector used for encryption of this particular secret and should be a 4528base64 encrypted string of the 16-byte IV. 4529 4530The simplest (insecure) usage is to provide the secret inline 4531 4532@example 4533 4534 # $QEMU -object secret,id=sec0,data=letmein,format=raw 4535 4536@end example 4537 4538The simplest secure usage is to provide the secret via a file 4539 4540 # printf "letmein" > mypasswd.txt 4541 # $QEMU -object secret,id=sec0,file=mypasswd.txt,format=raw 4542 4543For greater security, AES-256-CBC should be used. To illustrate usage, 4544consider the openssl command line tool which can encrypt the data. Note 4545that when encrypting, the plaintext must be padded to the cipher block 4546size (32 bytes) using the standard PKCS#5/6 compatible padding algorithm. 4547 4548First a master key needs to be created in base64 encoding: 4549 4550@example 4551 # openssl rand -base64 32 > key.b64 4552 # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"') 4553@end example 4554 4555Each secret to be encrypted needs to have a random initialization vector 4556generated. These do not need to be kept secret 4557 4558@example 4559 # openssl rand -base64 16 > iv.b64 4560 # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"') 4561@end example 4562 4563The secret to be defined can now be encrypted, in this case we're 4564telling openssl to base64 encode the result, but it could be left 4565as raw bytes if desired. 4566 4567@example 4568 # SECRET=$(printf "letmein" | 4569 openssl enc -aes-256-cbc -a -K $KEY -iv $IV) 4570@end example 4571 4572When launching QEMU, create a master secret pointing to @code{key.b64} 4573and specify that to be used to decrypt the user password. Pass the 4574contents of @code{iv.b64} to the second secret 4575 4576@example 4577 # $QEMU \ 4578 -object secret,id=secmaster0,format=base64,file=key.b64 \ 4579 -object secret,id=sec0,keyid=secmaster0,format=base64,\ 4580 data=$SECRET,iv=$(<iv.b64) 4581@end example 4582 4583@item -object sev-guest,id=@var{id},cbitpos=@var{cbitpos},reduced-phys-bits=@var{val},[sev-device=@var{string},policy=@var{policy},handle=@var{handle},dh-cert-file=@var{file},session-file=@var{file}] 4584 4585Create a Secure Encrypted Virtualization (SEV) guest object, which can be used 4586to provide the guest memory encryption support on AMD processors. 4587 4588When memory encryption is enabled, one of the physical address bit (aka the 4589C-bit) is utilized to mark if a memory page is protected. The @option{cbitpos} 4590is used to provide the C-bit position. The C-bit position is Host family dependent 4591hence user must provide this value. On EPYC, the value should be 47. 4592 4593When memory encryption is enabled, we loose certain bits in physical address space. 4594The @option{reduced-phys-bits} is used to provide the number of bits we loose in 4595physical address space. Similar to C-bit, the value is Host family dependent. 4596On EPYC, the value should be 5. 4597 4598The @option{sev-device} provides the device file to use for communicating with 4599the SEV firmware running inside AMD Secure Processor. The default device is 4600'/dev/sev'. If hardware supports memory encryption then /dev/sev devices are 4601created by CCP driver. 4602 4603The @option{policy} provides the guest policy to be enforced by the SEV firmware 4604and restrict what configuration and operational commands can be performed on this 4605guest by the hypervisor. The policy should be provided by the guest owner and is 4606bound to the guest and cannot be changed throughout the lifetime of the guest. 4607The default is 0. 4608 4609If guest @option{policy} allows sharing the key with another SEV guest then 4610@option{handle} can be use to provide handle of the guest from which to share 4611the key. 4612 4613The @option{dh-cert-file} and @option{session-file} provides the guest owner's 4614Public Diffie-Hillman key defined in SEV spec. The PDH and session parameters 4615are used for establishing a cryptographic session with the guest owner to 4616negotiate keys used for attestation. The file must be encoded in base64. 4617 4618e.g to launch a SEV guest 4619@example 4620 # $QEMU \ 4621 ...... 4622 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \ 4623 -machine ...,memory-encryption=sev0 4624 ..... 4625 4626@end example 4627 4628 4629@item -object authz-simple,id=@var{id},identity=@var{string} 4630 4631Create an authorization object that will control access to network services. 4632 4633The @option{identity} parameter is identifies the user and its format 4634depends on the network service that authorization object is associated 4635with. For authorizing based on TLS x509 certificates, the identity must 4636be the x509 distinguished name. Note that care must be taken to escape 4637any commas in the distinguished name. 4638 4639An example authorization object to validate a x509 distinguished name 4640would look like: 4641@example 4642 # $QEMU \ 4643 ... 4644 -object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB' \ 4645 ... 4646@end example 4647 4648Note the use of quotes due to the x509 distinguished name containing 4649whitespace, and escaping of ','. 4650 4651@item -object authz-listfile,id=@var{id},filename=@var{path},refresh=@var{yes|no} 4652 4653Create an authorization object that will control access to network services. 4654 4655The @option{filename} parameter is the fully qualified path to a file 4656containing the access control list rules in JSON format. 4657 4658An example set of rules that match against SASL usernames might look 4659like: 4660 4661@example 4662 @{ 4663 "rules": [ 4664 @{ "match": "fred", "policy": "allow", "format": "exact" @}, 4665 @{ "match": "bob", "policy": "allow", "format": "exact" @}, 4666 @{ "match": "danb", "policy": "deny", "format": "glob" @}, 4667 @{ "match": "dan*", "policy": "allow", "format": "exact" @}, 4668 ], 4669 "policy": "deny" 4670 @} 4671@end example 4672 4673When checking access the object will iterate over all the rules and 4674the first rule to match will have its @option{policy} value returned 4675as the result. If no rules match, then the default @option{policy} 4676value is returned. 4677 4678The rules can either be an exact string match, or they can use the 4679simple UNIX glob pattern matching to allow wildcards to be used. 4680 4681If @option{refresh} is set to true the file will be monitored 4682and automatically reloaded whenever its content changes. 4683 4684As with the @code{authz-simple} object, the format of the identity 4685strings being matched depends on the network service, but is usually 4686a TLS x509 distinguished name, or a SASL username. 4687 4688An example authorization object to validate a SASL username 4689would look like: 4690@example 4691 # $QEMU \ 4692 ... 4693 -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes 4694 ... 4695@end example 4696 4697@item -object authz-pam,id=@var{id},service=@var{string} 4698 4699Create an authorization object that will control access to network services. 4700 4701The @option{service} parameter provides the name of a PAM service to use 4702for authorization. It requires that a file @code{/etc/pam.d/@var{service}} 4703exist to provide the configuration for the @code{account} subsystem. 4704 4705An example authorization object to validate a TLS x509 distinguished 4706name would look like: 4707 4708@example 4709 # $QEMU \ 4710 ... 4711 -object authz-pam,id=auth0,service=qemu-vnc 4712 ... 4713@end example 4714 4715There would then be a corresponding config file for PAM at 4716@code{/etc/pam.d/qemu-vnc} that contains: 4717 4718@example 4719account requisite pam_listfile.so item=user sense=allow \ 4720 file=/etc/qemu/vnc.allow 4721@end example 4722 4723Finally the @code{/etc/qemu/vnc.allow} file would contain 4724the list of x509 distingished names that are permitted 4725access 4726 4727@example 4728CN=laptop.example.com,O=Example Home,L=London,ST=London,C=GB 4729@end example 4730 4731 4732@end table 4733 4734ETEXI 4735 4736 4737HXCOMM This is the last statement. Insert new options before this line! 4738STEXI 4739@end table 4740ETEXI 4741