1HXCOMM Use DEFHEADING() to define headings in both help text and texi 2HXCOMM Text between STEXI and ETEXI are copied to texi version and 3HXCOMM discarded from C version 4HXCOMM DEF(option, HAS_ARG/0, opt_enum, opt_help, arch_mask) is used to 5HXCOMM construct option structures, enums and help message for specified 6HXCOMM architectures. 7HXCOMM HXCOMM can be used for comments, discarded from both texi and C 8 9DEFHEADING(Standard options) 10STEXI 11@table @option 12ETEXI 13 14DEF("help", 0, QEMU_OPTION_h, 15 "-h or -help display this help and exit\n", QEMU_ARCH_ALL) 16STEXI 17@item -h 18@findex -h 19Display help and exit 20ETEXI 21 22DEF("version", 0, QEMU_OPTION_version, 23 "-version display version information and exit\n", QEMU_ARCH_ALL) 24STEXI 25@item -version 26@findex -version 27Display version information and exit 28ETEXI 29 30DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ 31 "-machine [type=]name[,prop[=value][,...]]\n" 32 " selects emulated machine ('-machine help' for list)\n" 33 " property accel=accel1[:accel2[:...]] selects accelerator\n" 34 " supported accelerators are kvm, xen, hax or tcg (default: tcg)\n" 35 " kernel_irqchip=on|off|split controls accelerated irqchip support (default=off)\n" 36 " vmport=on|off|auto controls emulation of vmport (default: auto)\n" 37 " kvm_shadow_mem=size of KVM shadow MMU in bytes\n" 38 " dump-guest-core=on|off include guest memory in a core dump (default=on)\n" 39 " mem-merge=on|off controls memory merge support (default: on)\n" 40 " igd-passthru=on|off controls IGD GFX passthrough support (default=off)\n" 41 " aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n" 42 " dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n" 43 " suppress-vmdesc=on|off disables self-describing migration (default=off)\n" 44 " nvdimm=on|off controls NVDIMM support (default=off)\n" 45 " enforce-config-section=on|off enforce configuration section migration (default=off)\n" 46 " s390-squash-mcss=on|off controls support for squashing into default css (default=off)\n", 47 QEMU_ARCH_ALL) 48STEXI 49@item -machine [type=]@var{name}[,prop=@var{value}[,...]] 50@findex -machine 51Select the emulated machine by @var{name}. Use @code{-machine help} to list 52available machines. 53 54For architectures which aim to support live migration compatibility 55across releases, each release will introduce a new versioned machine 56type. For example, the 2.8.0 release introduced machine types 57``pc-i440fx-2.8'' and ``pc-q35-2.8'' for the x86_64/i686 architectures. 58 59To allow live migration of guests from QEMU version 2.8.0, to QEMU 60version 2.9.0, the 2.9.0 version must support the ``pc-i440fx-2.8'' 61and ``pc-q35-2.8'' machines too. To allow users live migrating VMs 62to skip multiple intermediate releases when upgrading, new releases 63of QEMU will support machine types from many previous versions. 64 65Supported machine properties are: 66@table @option 67@item accel=@var{accels1}[:@var{accels2}[:...]] 68This is used to enable an accelerator. Depending on the target architecture, 69kvm, xen, hax or tcg can be available. By default, tcg is used. If there is 70more than one accelerator specified, the next one is used if the previous one 71fails to initialize. 72@item kernel_irqchip=on|off 73Controls in-kernel irqchip support for the chosen accelerator when available. 74@item gfx_passthru=on|off 75Enables IGD GFX passthrough support for the chosen machine when available. 76@item vmport=on|off|auto 77Enables emulation of VMWare IO port, for vmmouse etc. auto says to select the 78value based on accel. For accel=xen the default is off otherwise the default 79is on. 80@item kvm_shadow_mem=size 81Defines the size of the KVM shadow MMU. 82@item dump-guest-core=on|off 83Include guest memory in a core dump. The default is on. 84@item mem-merge=on|off 85Enables or disables memory merge support. This feature, when supported by 86the host, de-duplicates identical memory pages among VMs instances 87(enabled by default). 88@item aes-key-wrap=on|off 89Enables or disables AES key wrapping support on s390-ccw hosts. This feature 90controls whether AES wrapping keys will be created to allow 91execution of AES cryptographic functions. The default is on. 92@item dea-key-wrap=on|off 93Enables or disables DEA key wrapping support on s390-ccw hosts. This feature 94controls whether DEA wrapping keys will be created to allow 95execution of DEA cryptographic functions. The default is on. 96@item nvdimm=on|off 97Enables or disables NVDIMM support. The default is off. 98@item s390-squash-mcss=on|off 99Enables or disables squashing subchannels into the default css. 100The default is off. 101@item enforce-config-section=on|off 102If @option{enforce-config-section} is set to @var{on}, force migration 103code to send configuration section even if the machine-type sets the 104@option{migration.send-configuration} property to @var{off}. 105NOTE: this parameter is deprecated. Please use @option{-global} 106@option{migration.send-configuration}=@var{on|off} instead. 107@end table 108ETEXI 109 110HXCOMM Deprecated by -machine 111DEF("M", HAS_ARG, QEMU_OPTION_M, "", QEMU_ARCH_ALL) 112 113DEF("cpu", HAS_ARG, QEMU_OPTION_cpu, 114 "-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL) 115STEXI 116@item -cpu @var{model} 117@findex -cpu 118Select CPU model (@code{-cpu help} for list and additional feature selection) 119ETEXI 120 121DEF("accel", HAS_ARG, QEMU_OPTION_accel, 122 "-accel [accel=]accelerator[,thread=single|multi]\n" 123 " select accelerator (kvm, xen, hax or tcg; use 'help' for a list)\n" 124 " thread=single|multi (enable multi-threaded TCG)\n", QEMU_ARCH_ALL) 125STEXI 126@item -accel @var{name}[,prop=@var{value}[,...]] 127@findex -accel 128This is used to enable an accelerator. Depending on the target architecture, 129kvm, xen, hax or tcg can be available. By default, tcg is used. If there is 130more than one accelerator specified, the next one is used if the previous one 131fails to initialize. 132@table @option 133@item thread=single|multi 134Controls number of TCG threads. When the TCG is multi-threaded there will be one 135thread per vCPU therefor taking advantage of additional host cores. The default 136is to enable multi-threading where both the back-end and front-ends support it and 137no incompatible TCG features have been enabled (e.g. icount/replay). 138@end table 139ETEXI 140 141DEF("smp", HAS_ARG, QEMU_OPTION_smp, 142 "-smp [cpus=]n[,maxcpus=cpus][,cores=cores][,threads=threads][,sockets=sockets]\n" 143 " set the number of CPUs to 'n' [default=1]\n" 144 " maxcpus= maximum number of total cpus, including\n" 145 " offline CPUs for hotplug, etc\n" 146 " cores= number of CPU cores on one socket\n" 147 " threads= number of threads on one CPU core\n" 148 " sockets= number of discrete sockets in the system\n", 149 QEMU_ARCH_ALL) 150STEXI 151@item -smp [cpus=]@var{n}[,cores=@var{cores}][,threads=@var{threads}][,sockets=@var{sockets}][,maxcpus=@var{maxcpus}] 152@findex -smp 153Simulate an SMP system with @var{n} CPUs. On the PC target, up to 255 154CPUs are supported. On Sparc32 target, Linux limits the number of usable CPUs 155to 4. 156For the PC target, the number of @var{cores} per socket, the number 157of @var{threads} per cores and the total number of @var{sockets} can be 158specified. Missing values will be computed. If any on the three values is 159given, the total number of CPUs @var{n} can be omitted. @var{maxcpus} 160specifies the maximum number of hotpluggable CPUs. 161ETEXI 162 163DEF("numa", HAS_ARG, QEMU_OPTION_numa, 164 "-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node]\n" 165 "-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node]\n" 166 "-numa dist,src=source,dst=destination,val=distance\n", QEMU_ARCH_ALL) 167STEXI 168@item -numa node[,mem=@var{size}][,cpus=@var{firstcpu}[-@var{lastcpu}]][,nodeid=@var{node}] 169@itemx -numa node[,memdev=@var{id}][,cpus=@var{firstcpu}[-@var{lastcpu}]][,nodeid=@var{node}] 170@itemx -numa dist,src=@var{source},dst=@var{destination},val=@var{distance} 171@itemx -numa cpu,node-id=@var{node}[,socket-id=@var{x}][,core-id=@var{y}][,thread-id=@var{z}] 172@findex -numa 173Define a NUMA node and assign RAM and VCPUs to it. 174Set the NUMA distance from a source node to a destination node. 175 176Legacy VCPU assignment uses @samp{cpus} option where 177@var{firstcpu} and @var{lastcpu} are CPU indexes. Each 178@samp{cpus} option represent a contiguous range of CPU indexes 179(or a single VCPU if @var{lastcpu} is omitted). A non-contiguous 180set of VCPUs can be represented by providing multiple @samp{cpus} 181options. If @samp{cpus} is omitted on all nodes, VCPUs are automatically 182split between them. 183 184For example, the following option assigns VCPUs 0, 1, 2 and 5 to 185a NUMA node: 186@example 187-numa node,cpus=0-2,cpus=5 188@end example 189 190@samp{cpu} option is a new alternative to @samp{cpus} option 191which uses @samp{socket-id|core-id|thread-id} properties to assign 192CPU objects to a @var{node} using topology layout properties of CPU. 193The set of properties is machine specific, and depends on used 194machine type/@samp{smp} options. It could be queried with 195@samp{hotpluggable-cpus} monitor command. 196@samp{node-id} property specifies @var{node} to which CPU object 197will be assigned, it's required for @var{node} to be declared 198with @samp{node} option before it's used with @samp{cpu} option. 199 200For example: 201@example 202-M pc \ 203-smp 1,sockets=2,maxcpus=2 \ 204-numa node,nodeid=0 -numa node,nodeid=1 \ 205-numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=1,socket-id=1 206@end example 207 208@samp{mem} assigns a given RAM amount to a node. @samp{memdev} 209assigns RAM from a given memory backend device to a node. If 210@samp{mem} and @samp{memdev} are omitted in all nodes, RAM is 211split equally between them. 212 213@samp{mem} and @samp{memdev} are mutually exclusive. Furthermore, 214if one node uses @samp{memdev}, all of them have to use it. 215 216@var{source} and @var{destination} are NUMA node IDs. 217@var{distance} is the NUMA distance from @var{source} to @var{destination}. 218The distance from a node to itself is always 10. If any pair of nodes is 219given a distance, then all pairs must be given distances. Although, when 220distances are only given in one direction for each pair of nodes, then 221the distances in the opposite directions are assumed to be the same. If, 222however, an asymmetrical pair of distances is given for even one node 223pair, then all node pairs must be provided distance values for both 224directions, even when they are symmetrical. When a node is unreachable 225from another node, set the pair's distance to 255. 226 227Note that the -@option{numa} option doesn't allocate any of the 228specified resources, it just assigns existing resources to NUMA 229nodes. This means that one still has to use the @option{-m}, 230@option{-smp} options to allocate RAM and VCPUs respectively. 231 232ETEXI 233 234DEF("add-fd", HAS_ARG, QEMU_OPTION_add_fd, 235 "-add-fd fd=fd,set=set[,opaque=opaque]\n" 236 " Add 'fd' to fd 'set'\n", QEMU_ARCH_ALL) 237STEXI 238@item -add-fd fd=@var{fd},set=@var{set}[,opaque=@var{opaque}] 239@findex -add-fd 240 241Add a file descriptor to an fd set. Valid options are: 242 243@table @option 244@item fd=@var{fd} 245This option defines the file descriptor of which a duplicate is added to fd set. 246The file descriptor cannot be stdin, stdout, or stderr. 247@item set=@var{set} 248This option defines the ID of the fd set to add the file descriptor to. 249@item opaque=@var{opaque} 250This option defines a free-form string that can be used to describe @var{fd}. 251@end table 252 253You can open an image using pre-opened file descriptors from an fd set: 254@example 255qemu-system-i386 256-add-fd fd=3,set=2,opaque="rdwr:/path/to/file" 257-add-fd fd=4,set=2,opaque="rdonly:/path/to/file" 258-drive file=/dev/fdset/2,index=0,media=disk 259@end example 260ETEXI 261 262DEF("set", HAS_ARG, QEMU_OPTION_set, 263 "-set group.id.arg=value\n" 264 " set <arg> parameter for item <id> of type <group>\n" 265 " i.e. -set drive.$id.file=/path/to/image\n", QEMU_ARCH_ALL) 266STEXI 267@item -set @var{group}.@var{id}.@var{arg}=@var{value} 268@findex -set 269Set parameter @var{arg} for item @var{id} of type @var{group} 270ETEXI 271 272DEF("global", HAS_ARG, QEMU_OPTION_global, 273 "-global driver.property=value\n" 274 "-global driver=driver,property=property,value=value\n" 275 " set a global default for a driver property\n", 276 QEMU_ARCH_ALL) 277STEXI 278@item -global @var{driver}.@var{prop}=@var{value} 279@itemx -global driver=@var{driver},property=@var{property},value=@var{value} 280@findex -global 281Set default value of @var{driver}'s property @var{prop} to @var{value}, e.g.: 282 283@example 284qemu-system-i386 -global ide-hd.physical_block_size=4096 disk-image.img 285@end example 286 287In particular, you can use this to set driver properties for devices which are 288created automatically by the machine model. To create a device which is not 289created automatically and set properties on it, use -@option{device}. 290 291-global @var{driver}.@var{prop}=@var{value} is shorthand for -global 292driver=@var{driver},property=@var{prop},value=@var{value}. The 293longhand syntax works even when @var{driver} contains a dot. 294ETEXI 295 296DEF("boot", HAS_ARG, QEMU_OPTION_boot, 297 "-boot [order=drives][,once=drives][,menu=on|off]\n" 298 " [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]\n" 299 " 'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)\n" 300 " 'sp_name': the file's name that would be passed to bios as logo picture, if menu=on\n" 301 " 'sp_time': the period that splash picture last if menu=on, unit is ms\n" 302 " 'rb_timeout': the timeout before guest reboot when boot failed, unit is ms\n", 303 QEMU_ARCH_ALL) 304STEXI 305@item -boot [order=@var{drives}][,once=@var{drives}][,menu=on|off][,splash=@var{sp_name}][,splash-time=@var{sp_time}][,reboot-timeout=@var{rb_timeout}][,strict=on|off] 306@findex -boot 307Specify boot order @var{drives} as a string of drive letters. Valid 308drive letters depend on the target architecture. The x86 PC uses: a, b 309(floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p (Etherboot 310from network adapter 1-4), hard disk boot is the default. To apply a 311particular boot order only on the first startup, specify it via 312@option{once}. Note that the @option{order} or @option{once} parameter 313should not be used together with the @option{bootindex} property of 314devices, since the firmware implementations normally do not support both 315at the same time. 316 317Interactive boot menus/prompts can be enabled via @option{menu=on} as far 318as firmware/BIOS supports them. The default is non-interactive boot. 319 320A splash picture could be passed to bios, enabling user to show it as logo, 321when option splash=@var{sp_name} is given and menu=on, If firmware/BIOS 322supports them. Currently Seabios for X86 system support it. 323limitation: The splash file could be a jpeg file or a BMP file in 24 BPP 324format(true color). The resolution should be supported by the SVGA mode, so 325the recommended is 320x240, 640x480, 800x640. 326 327A timeout could be passed to bios, guest will pause for @var{rb_timeout} ms 328when boot failed, then reboot. If @var{rb_timeout} is '-1', guest will not 329reboot, qemu passes '-1' to bios by default. Currently Seabios for X86 330system support it. 331 332Do strict boot via @option{strict=on} as far as firmware/BIOS 333supports it. This only effects when boot priority is changed by 334bootindex options. The default is non-strict boot. 335 336@example 337# try to boot from network first, then from hard disk 338qemu-system-i386 -boot order=nc 339# boot from CD-ROM first, switch back to default order after reboot 340qemu-system-i386 -boot once=d 341# boot with a splash picture for 5 seconds. 342qemu-system-i386 -boot menu=on,splash=/root/boot.bmp,splash-time=5000 343@end example 344 345Note: The legacy format '-boot @var{drives}' is still supported but its 346use is discouraged as it may be removed from future versions. 347ETEXI 348 349DEF("m", HAS_ARG, QEMU_OPTION_m, 350 "-m [size=]megs[,slots=n,maxmem=size]\n" 351 " configure guest RAM\n" 352 " size: initial amount of guest memory\n" 353 " slots: number of hotplug slots (default: none)\n" 354 " maxmem: maximum amount of guest memory (default: none)\n" 355 "NOTE: Some architectures might enforce a specific granularity\n", 356 QEMU_ARCH_ALL) 357STEXI 358@item -m [size=]@var{megs}[,slots=n,maxmem=size] 359@findex -m 360Sets guest startup RAM size to @var{megs} megabytes. Default is 128 MiB. 361Optionally, a suffix of ``M'' or ``G'' can be used to signify a value in 362megabytes or gigabytes respectively. Optional pair @var{slots}, @var{maxmem} 363could be used to set amount of hotpluggable memory slots and maximum amount of 364memory. Note that @var{maxmem} must be aligned to the page size. 365 366For example, the following command-line sets the guest startup RAM size to 3671GB, creates 3 slots to hotplug additional memory and sets the maximum 368memory the guest can reach to 4GB: 369 370@example 371qemu-system-x86_64 -m 1G,slots=3,maxmem=4G 372@end example 373 374If @var{slots} and @var{maxmem} are not specified, memory hotplug won't 375be enabled and the guest startup RAM will never increase. 376ETEXI 377 378DEF("mem-path", HAS_ARG, QEMU_OPTION_mempath, 379 "-mem-path FILE provide backing storage for guest RAM\n", QEMU_ARCH_ALL) 380STEXI 381@item -mem-path @var{path} 382@findex -mem-path 383Allocate guest RAM from a temporarily created file in @var{path}. 384ETEXI 385 386DEF("mem-prealloc", 0, QEMU_OPTION_mem_prealloc, 387 "-mem-prealloc preallocate guest memory (use with -mem-path)\n", 388 QEMU_ARCH_ALL) 389STEXI 390@item -mem-prealloc 391@findex -mem-prealloc 392Preallocate memory when using -mem-path. 393ETEXI 394 395DEF("k", HAS_ARG, QEMU_OPTION_k, 396 "-k language use keyboard layout (for example 'fr' for French)\n", 397 QEMU_ARCH_ALL) 398STEXI 399@item -k @var{language} 400@findex -k 401Use keyboard layout @var{language} (for example @code{fr} for 402French). This option is only needed where it is not easy to get raw PC 403keycodes (e.g. on Macs, with some X11 servers or with a VNC or curses 404display). You don't normally need to use it on PC/Linux or PC/Windows 405hosts. 406 407The available layouts are: 408@example 409ar de-ch es fo fr-ca hu ja mk no pt-br sv 410da en-gb et fr fr-ch is lt nl pl ru th 411de en-us fi fr-be hr it lv nl-be pt sl tr 412@end example 413 414The default is @code{en-us}. 415ETEXI 416 417 418DEF("audio-help", 0, QEMU_OPTION_audio_help, 419 "-audio-help print list of audio drivers and their options\n", 420 QEMU_ARCH_ALL) 421STEXI 422@item -audio-help 423@findex -audio-help 424Will show the audio subsystem help: list of drivers, tunable 425parameters. 426ETEXI 427 428DEF("soundhw", HAS_ARG, QEMU_OPTION_soundhw, 429 "-soundhw c1,... enable audio support\n" 430 " and only specified sound cards (comma separated list)\n" 431 " use '-soundhw help' to get the list of supported cards\n" 432 " use '-soundhw all' to enable all of them\n", QEMU_ARCH_ALL) 433STEXI 434@item -soundhw @var{card1}[,@var{card2},...] or -soundhw all 435@findex -soundhw 436Enable audio and selected sound hardware. Use 'help' to print all 437available sound hardware. 438 439@example 440qemu-system-i386 -soundhw sb16,adlib disk.img 441qemu-system-i386 -soundhw es1370 disk.img 442qemu-system-i386 -soundhw ac97 disk.img 443qemu-system-i386 -soundhw hda disk.img 444qemu-system-i386 -soundhw all disk.img 445qemu-system-i386 -soundhw help 446@end example 447 448Note that Linux's i810_audio OSS kernel (for AC97) module might 449require manually specifying clocking. 450 451@example 452modprobe i810_audio clocking=48000 453@end example 454ETEXI 455 456DEF("balloon", HAS_ARG, QEMU_OPTION_balloon, 457 "-balloon none disable balloon device\n" 458 "-balloon virtio[,addr=str]\n" 459 " enable virtio balloon device (default)\n", QEMU_ARCH_ALL) 460STEXI 461@item -balloon none 462@findex -balloon 463Disable balloon device. 464@item -balloon virtio[,addr=@var{addr}] 465Enable virtio balloon device (default), optionally with PCI address 466@var{addr}. 467ETEXI 468 469DEF("device", HAS_ARG, QEMU_OPTION_device, 470 "-device driver[,prop[=value][,...]]\n" 471 " add device (based on driver)\n" 472 " prop=value,... sets driver properties\n" 473 " use '-device help' to print all possible drivers\n" 474 " use '-device driver,help' to print all possible properties\n", 475 QEMU_ARCH_ALL) 476STEXI 477@item -device @var{driver}[,@var{prop}[=@var{value}][,...]] 478@findex -device 479Add device @var{driver}. @var{prop}=@var{value} sets driver 480properties. Valid properties depend on the driver. To get help on 481possible drivers and properties, use @code{-device help} and 482@code{-device @var{driver},help}. 483 484Some drivers are: 485@item -device ipmi-bmc-sim,id=@var{id}[,slave_addr=@var{val}][,sdrfile=@var{file}][,furareasize=@var{val}][,furdatafile=@var{file}] 486 487Add an IPMI BMC. This is a simulation of a hardware management 488interface processor that normally sits on a system. It provides 489a watchdog and the ability to reset and power control the system. 490You need to connect this to an IPMI interface to make it useful 491 492The IPMI slave address to use for the BMC. The default is 0x20. 493This address is the BMC's address on the I2C network of management 494controllers. If you don't know what this means, it is safe to ignore 495it. 496 497@table @option 498@item bmc=@var{id} 499The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above. 500@item slave_addr=@var{val} 501Define slave address to use for the BMC. The default is 0x20. 502@item sdrfile=@var{file} 503file containing raw Sensor Data Records (SDR) data. The default is none. 504@item fruareasize=@var{val} 505size of a Field Replaceable Unit (FRU) area. The default is 1024. 506@item frudatafile=@var{file} 507file containing raw Field Replaceable Unit (FRU) inventory data. The default is none. 508@end table 509 510@item -device ipmi-bmc-extern,id=@var{id},chardev=@var{id}[,slave_addr=@var{val}] 511 512Add a connection to an external IPMI BMC simulator. Instead of 513locally emulating the BMC like the above item, instead connect 514to an external entity that provides the IPMI services. 515 516A connection is made to an external BMC simulator. If you do this, it 517is strongly recommended that you use the "reconnect=" chardev option 518to reconnect to the simulator if the connection is lost. Note that if 519this is not used carefully, it can be a security issue, as the 520interface has the ability to send resets, NMIs, and power off the VM. 521It's best if QEMU makes a connection to an external simulator running 522on a secure port on localhost, so neither the simulator nor QEMU is 523exposed to any outside network. 524 525See the "lanserv/README.vm" file in the OpenIPMI library for more 526details on the external interface. 527 528@item -device isa-ipmi-kcs,bmc=@var{id}[,ioport=@var{val}][,irq=@var{val}] 529 530Add a KCS IPMI interafce on the ISA bus. This also adds a 531corresponding ACPI and SMBIOS entries, if appropriate. 532 533@table @option 534@item bmc=@var{id} 535The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above. 536@item ioport=@var{val} 537Define the I/O address of the interface. The default is 0xca0 for KCS. 538@item irq=@var{val} 539Define the interrupt to use. The default is 5. To disable interrupts, 540set this to 0. 541@end table 542 543@item -device isa-ipmi-bt,bmc=@var{id}[,ioport=@var{val}][,irq=@var{val}] 544 545Like the KCS interface, but defines a BT interface. The default port is 5460xe4 and the default interrupt is 5. 547 548ETEXI 549 550DEF("name", HAS_ARG, QEMU_OPTION_name, 551 "-name string1[,process=string2][,debug-threads=on|off]\n" 552 " set the name of the guest\n" 553 " string1 sets the window title and string2 the process name (on Linux)\n" 554 " When debug-threads is enabled, individual threads are given a separate name (on Linux)\n" 555 " NOTE: The thread names are for debugging and not a stable API.\n", 556 QEMU_ARCH_ALL) 557STEXI 558@item -name @var{name} 559@findex -name 560Sets the @var{name} of the guest. 561This name will be displayed in the SDL window caption. 562The @var{name} will also be used for the VNC server. 563Also optionally set the top visible process name in Linux. 564Naming of individual threads can also be enabled on Linux to aid debugging. 565ETEXI 566 567DEF("uuid", HAS_ARG, QEMU_OPTION_uuid, 568 "-uuid %08x-%04x-%04x-%04x-%012x\n" 569 " specify machine UUID\n", QEMU_ARCH_ALL) 570STEXI 571@item -uuid @var{uuid} 572@findex -uuid 573Set system UUID. 574ETEXI 575 576STEXI 577@end table 578ETEXI 579DEFHEADING() 580 581DEFHEADING(Block device options) 582STEXI 583@table @option 584ETEXI 585 586DEF("fda", HAS_ARG, QEMU_OPTION_fda, 587 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL) 588DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL) 589STEXI 590@item -fda @var{file} 591@itemx -fdb @var{file} 592@findex -fda 593@findex -fdb 594Use @var{file} as floppy disk 0/1 image (@pxref{disk_images}). 595ETEXI 596 597DEF("hda", HAS_ARG, QEMU_OPTION_hda, 598 "-hda/-hdb file use 'file' as IDE hard disk 0/1 image\n", QEMU_ARCH_ALL) 599DEF("hdb", HAS_ARG, QEMU_OPTION_hdb, "", QEMU_ARCH_ALL) 600DEF("hdc", HAS_ARG, QEMU_OPTION_hdc, 601 "-hdc/-hdd file use 'file' as IDE hard disk 2/3 image\n", QEMU_ARCH_ALL) 602DEF("hdd", HAS_ARG, QEMU_OPTION_hdd, "", QEMU_ARCH_ALL) 603STEXI 604@item -hda @var{file} 605@itemx -hdb @var{file} 606@itemx -hdc @var{file} 607@itemx -hdd @var{file} 608@findex -hda 609@findex -hdb 610@findex -hdc 611@findex -hdd 612Use @var{file} as hard disk 0, 1, 2 or 3 image (@pxref{disk_images}). 613ETEXI 614 615DEF("cdrom", HAS_ARG, QEMU_OPTION_cdrom, 616 "-cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master)\n", 617 QEMU_ARCH_ALL) 618STEXI 619@item -cdrom @var{file} 620@findex -cdrom 621Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and 622@option{-cdrom} at the same time). You can use the host CD-ROM by 623using @file{/dev/cdrom} as filename (@pxref{host_drives}). 624ETEXI 625 626DEF("blockdev", HAS_ARG, QEMU_OPTION_blockdev, 627 "-blockdev [driver=]driver[,node-name=N][,discard=ignore|unmap]\n" 628 " [,cache.direct=on|off][,cache.no-flush=on|off]\n" 629 " [,read-only=on|off][,detect-zeroes=on|off|unmap]\n" 630 " [,driver specific parameters...]\n" 631 " configure a block backend\n", QEMU_ARCH_ALL) 632STEXI 633@item -blockdev @var{option}[,@var{option}[,@var{option}[,...]]] 634@findex -blockdev 635 636Define a new block driver node. Some of the options apply to all block drivers, 637other options are only accepted for a specific block driver. See below for a 638list of generic options and options for the most common block drivers. 639 640Options that expect a reference to another node (e.g. @code{file}) can be 641given in two ways. Either you specify the node name of an already existing node 642(file=@var{node-name}), or you define a new node inline, adding options 643for the referenced node after a dot (file.filename=@var{path},file.aio=native). 644 645A block driver node created with @option{-blockdev} can be used for a guest 646device by specifying its node name for the @code{drive} property in a 647@option{-device} argument that defines a block device. 648 649@table @option 650@item Valid options for any block driver node: 651 652@table @code 653@item driver 654Specifies the block driver to use for the given node. 655@item node-name 656This defines the name of the block driver node by which it will be referenced 657later. The name must be unique, i.e. it must not match the name of a different 658block driver node, or (if you use @option{-drive} as well) the ID of a drive. 659 660If no node name is specified, it is automatically generated. The generated node 661name is not intended to be predictable and changes between QEMU invocations. 662For the top level, an explicit node name must be specified. 663@item read-only 664Open the node read-only. Guest write attempts will fail. 665@item cache.direct 666The host page cache can be avoided with @option{cache.direct=on}. This will 667attempt to do disk IO directly to the guest's memory. QEMU may still perform an 668internal copy of the data. 669@item cache.no-flush 670In case you don't care about data integrity over host failures, you can use 671@option{cache.no-flush=on}. This option tells QEMU that it never needs to write 672any data to the disk but can instead keep things in cache. If anything goes 673wrong, like your host losing power, the disk storage getting disconnected 674accidentally, etc. your image will most probably be rendered unusable. 675@item discard=@var{discard} 676@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and controls 677whether @code{discard} (also known as @code{trim} or @code{unmap}) requests are 678ignored or passed to the filesystem. Some machine types may not support 679discard requests. 680@item detect-zeroes=@var{detect-zeroes} 681@var{detect-zeroes} is "off", "on" or "unmap" and enables the automatic 682conversion of plain zero writes by the OS to driver specific optimized 683zero write commands. You may even choose "unmap" if @var{discard} is set 684to "unmap" to allow a zero write to be converted to an @code{unmap} operation. 685@end table 686 687@item Driver-specific options for @code{file} 688 689This is the protocol-level block driver for accessing regular files. 690 691@table @code 692@item filename 693The path to the image file in the local filesystem 694@item aio 695Specifies the AIO backend (threads/native, default: threads) 696@item locking 697Specifies whether the image file is protected with Linux OFD / POSIX locks. The 698default is to use the Linux Open File Descriptor API if available, otherwise no 699lock is applied. (auto/on/off, default: auto) 700@end table 701Example: 702@example 703-blockdev driver=file,node-name=disk,filename=disk.img 704@end example 705 706@item Driver-specific options for @code{raw} 707 708This is the image format block driver for raw images. It is usually 709stacked on top of a protocol level block driver such as @code{file}. 710 711@table @code 712@item file 713Reference to or definition of the data source block driver node 714(e.g. a @code{file} driver node) 715@end table 716Example 1: 717@example 718-blockdev driver=file,node-name=disk_file,filename=disk.img 719-blockdev driver=raw,node-name=disk,file=disk_file 720@end example 721Example 2: 722@example 723-blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img 724@end example 725 726@item Driver-specific options for @code{qcow2} 727 728This is the image format block driver for qcow2 images. It is usually 729stacked on top of a protocol level block driver such as @code{file}. 730 731@table @code 732@item file 733Reference to or definition of the data source block driver node 734(e.g. a @code{file} driver node) 735 736@item backing 737Reference to or definition of the backing file block device (default is taken 738from the image file). It is allowed to pass an empty string here in order to 739disable the default backing file. 740 741@item lazy-refcounts 742Whether to enable the lazy refcounts feature (on/off; default is taken from the 743image file) 744 745@item cache-size 746The maximum total size of the L2 table and refcount block caches in bytes 747(default: 1048576 bytes or 8 clusters, whichever is larger) 748 749@item l2-cache-size 750The maximum size of the L2 table cache in bytes 751(default: 4/5 of the total cache size) 752 753@item refcount-cache-size 754The maximum size of the refcount block cache in bytes 755(default: 1/5 of the total cache size) 756 757@item cache-clean-interval 758Clean unused entries in the L2 and refcount caches. The interval is in seconds. 759The default value is 0 and it disables this feature. 760 761@item pass-discard-request 762Whether discard requests to the qcow2 device should be forwarded to the data 763source (on/off; default: on if discard=unmap is specified, off otherwise) 764 765@item pass-discard-snapshot 766Whether discard requests for the data source should be issued when a snapshot 767operation (e.g. deleting a snapshot) frees clusters in the qcow2 file (on/off; 768default: on) 769 770@item pass-discard-other 771Whether discard requests for the data source should be issued on other 772occasions where a cluster gets freed (on/off; default: off) 773 774@item overlap-check 775Which overlap checks to perform for writes to the image 776(none/constant/cached/all; default: cached). For details or finer 777granularity control refer to the QAPI documentation of @code{blockdev-add}. 778@end table 779 780Example 1: 781@example 782-blockdev driver=file,node-name=my_file,filename=/tmp/disk.qcow2 783-blockdev driver=qcow2,node-name=hda,file=my_file,overlap-check=none,cache-size=16777216 784@end example 785Example 2: 786@example 787-blockdev driver=qcow2,node-name=disk,file.driver=http,file.filename=http://example.com/image.qcow2 788@end example 789 790@item Driver-specific options for other drivers 791Please refer to the QAPI documentation of the @code{blockdev-add} QMP command. 792 793@end table 794 795ETEXI 796 797DEF("drive", HAS_ARG, QEMU_OPTION_drive, 798 "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n" 799 " [,cyls=c,heads=h,secs=s[,trans=t]][,snapshot=on|off]\n" 800 " [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]\n" 801 " [,serial=s][,addr=A][,rerror=ignore|stop|report]\n" 802 " [,werror=ignore|stop|report|enospc][,id=name][,aio=threads|native]\n" 803 " [,readonly=on|off][,copy-on-read=on|off]\n" 804 " [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]\n" 805 " [[,bps=b]|[[,bps_rd=r][,bps_wr=w]]]\n" 806 " [[,iops=i]|[[,iops_rd=r][,iops_wr=w]]]\n" 807 " [[,bps_max=bm]|[[,bps_rd_max=rm][,bps_wr_max=wm]]]\n" 808 " [[,iops_max=im]|[[,iops_rd_max=irm][,iops_wr_max=iwm]]]\n" 809 " [[,iops_size=is]]\n" 810 " [[,group=g]]\n" 811 " use 'file' as a drive image\n", QEMU_ARCH_ALL) 812STEXI 813@item -drive @var{option}[,@var{option}[,@var{option}[,...]]] 814@findex -drive 815 816Define a new drive. This includes creating a block driver node (the backend) as 817well as a guest device, and is mostly a shortcut for defining the corresponding 818@option{-blockdev} and @option{-device} options. 819 820@option{-drive} accepts all options that are accepted by @option{-blockdev}. In 821addition, it knows the following options: 822 823@table @option 824@item file=@var{file} 825This option defines which disk image (@pxref{disk_images}) to use with 826this drive. If the filename contains comma, you must double it 827(for instance, "file=my,,file" to use file "my,file"). 828 829Special files such as iSCSI devices can be specified using protocol 830specific URLs. See the section for "Device URL Syntax" for more information. 831@item if=@var{interface} 832This option defines on which type on interface the drive is connected. 833Available types are: ide, scsi, sd, mtd, floppy, pflash, virtio, none. 834@item bus=@var{bus},unit=@var{unit} 835These options define where is connected the drive by defining the bus number and 836the unit id. 837@item index=@var{index} 838This option defines where is connected the drive by using an index in the list 839of available connectors of a given interface type. 840@item media=@var{media} 841This option defines the type of the media: disk or cdrom. 842@item cyls=@var{c},heads=@var{h},secs=@var{s}[,trans=@var{t}] 843These options have the same definition as they have in @option{-hdachs}. 844These parameters are deprecated, use the corresponding parameters 845of @code{-device} instead. 846@item snapshot=@var{snapshot} 847@var{snapshot} is "on" or "off" and controls snapshot mode for the given drive 848(see @option{-snapshot}). 849@item cache=@var{cache} 850@var{cache} is "none", "writeback", "unsafe", "directsync" or "writethrough" 851and controls how the host cache is used to access block data. This is a 852shortcut that sets the @option{cache.direct} and @option{cache.no-flush} 853options (as in @option{-blockdev}), and additionally @option{cache.writeback}, 854which provides a default for the @option{write-cache} option of block guest 855devices (as in @option{-device}). The modes correspond to the following 856settings: 857 858@c Our texi2pod.pl script doesn't support @multitable, so fall back to using 859@c plain ASCII art (well, UTF-8 art really). This looks okay both in the manpage 860@c and the HTML output. 861@example 862@ │ cache.writeback cache.direct cache.no-flush 863─────────────┼───────────────────────────────────────────────── 864writeback │ on off off 865none │ on on off 866writethrough │ off off off 867directsync │ off on off 868unsafe │ on off on 869@end example 870 871The default mode is @option{cache=writeback}. 872 873@item aio=@var{aio} 874@var{aio} is "threads", or "native" and selects between pthread based disk I/O and native Linux AIO. 875@item format=@var{format} 876Specify which disk @var{format} will be used rather than detecting 877the format. Can be used to specify format=raw to avoid interpreting 878an untrusted format header. 879@item serial=@var{serial} 880This option specifies the serial number to assign to the device. This 881parameter is deprecated, use the corresponding parameter of @code{-device} 882instead. 883@item addr=@var{addr} 884Specify the controller's PCI address (if=virtio only). This parameter is 885deprecated, use the corresponding parameter of @code{-device} instead. 886@item werror=@var{action},rerror=@var{action} 887Specify which @var{action} to take on write and read errors. Valid actions are: 888"ignore" (ignore the error and try to continue), "stop" (pause QEMU), 889"report" (report the error to the guest), "enospc" (pause QEMU only if the 890host disk is full; report the error to the guest otherwise). 891The default setting is @option{werror=enospc} and @option{rerror=report}. 892@item copy-on-read=@var{copy-on-read} 893@var{copy-on-read} is "on" or "off" and enables whether to copy read backing 894file sectors into the image file. 895@item bps=@var{b},bps_rd=@var{r},bps_wr=@var{w} 896Specify bandwidth throttling limits in bytes per second, either for all request 897types or for reads or writes only. Small values can lead to timeouts or hangs 898inside the guest. A safe minimum for disks is 2 MB/s. 899@item bps_max=@var{bm},bps_rd_max=@var{rm},bps_wr_max=@var{wm} 900Specify bursts in bytes per second, either for all request types or for reads 901or writes only. Bursts allow the guest I/O to spike above the limit 902temporarily. 903@item iops=@var{i},iops_rd=@var{r},iops_wr=@var{w} 904Specify request rate limits in requests per second, either for all request 905types or for reads or writes only. 906@item iops_max=@var{bm},iops_rd_max=@var{rm},iops_wr_max=@var{wm} 907Specify bursts in requests per second, either for all request types or for reads 908or writes only. Bursts allow the guest I/O to spike above the limit 909temporarily. 910@item iops_size=@var{is} 911Let every @var{is} bytes of a request count as a new request for iops 912throttling purposes. Use this option to prevent guests from circumventing iops 913limits by sending fewer but larger requests. 914@item group=@var{g} 915Join a throttling quota group with given name @var{g}. All drives that are 916members of the same group are accounted for together. Use this option to 917prevent guests from circumventing throttling limits by using many small disks 918instead of a single larger disk. 919@end table 920 921By default, the @option{cache.writeback=on} mode is used. It will report data 922writes as completed as soon as the data is present in the host page cache. 923This is safe as long as your guest OS makes sure to correctly flush disk caches 924where needed. If your guest OS does not handle volatile disk write caches 925correctly and your host crashes or loses power, then the guest may experience 926data corruption. 927 928For such guests, you should consider using @option{cache.writeback=off}. This 929means that the host page cache will be used to read and write data, but write 930notification will be sent to the guest only after QEMU has made sure to flush 931each write to the disk. Be aware that this has a major impact on performance. 932 933When using the @option{-snapshot} option, unsafe caching is always used. 934 935Copy-on-read avoids accessing the same backing file sectors repeatedly and is 936useful when the backing file is over a slow network. By default copy-on-read 937is off. 938 939Instead of @option{-cdrom} you can use: 940@example 941qemu-system-i386 -drive file=file,index=2,media=cdrom 942@end example 943 944Instead of @option{-hda}, @option{-hdb}, @option{-hdc}, @option{-hdd}, you can 945use: 946@example 947qemu-system-i386 -drive file=file,index=0,media=disk 948qemu-system-i386 -drive file=file,index=1,media=disk 949qemu-system-i386 -drive file=file,index=2,media=disk 950qemu-system-i386 -drive file=file,index=3,media=disk 951@end example 952 953You can open an image using pre-opened file descriptors from an fd set: 954@example 955qemu-system-i386 956-add-fd fd=3,set=2,opaque="rdwr:/path/to/file" 957-add-fd fd=4,set=2,opaque="rdonly:/path/to/file" 958-drive file=/dev/fdset/2,index=0,media=disk 959@end example 960 961You can connect a CDROM to the slave of ide0: 962@example 963qemu-system-i386 -drive file=file,if=ide,index=1,media=cdrom 964@end example 965 966If you don't specify the "file=" argument, you define an empty drive: 967@example 968qemu-system-i386 -drive if=ide,index=1,media=cdrom 969@end example 970 971Instead of @option{-fda}, @option{-fdb}, you can use: 972@example 973qemu-system-i386 -drive file=file,index=0,if=floppy 974qemu-system-i386 -drive file=file,index=1,if=floppy 975@end example 976 977By default, @var{interface} is "ide" and @var{index} is automatically 978incremented: 979@example 980qemu-system-i386 -drive file=a -drive file=b" 981@end example 982is interpreted like: 983@example 984qemu-system-i386 -hda a -hdb b 985@end example 986ETEXI 987 988DEF("mtdblock", HAS_ARG, QEMU_OPTION_mtdblock, 989 "-mtdblock file use 'file' as on-board Flash memory image\n", 990 QEMU_ARCH_ALL) 991STEXI 992@item -mtdblock @var{file} 993@findex -mtdblock 994Use @var{file} as on-board Flash memory image. 995ETEXI 996 997DEF("sd", HAS_ARG, QEMU_OPTION_sd, 998 "-sd file use 'file' as SecureDigital card image\n", QEMU_ARCH_ALL) 999STEXI 1000@item -sd @var{file} 1001@findex -sd 1002Use @var{file} as SecureDigital card image. 1003ETEXI 1004 1005DEF("pflash", HAS_ARG, QEMU_OPTION_pflash, 1006 "-pflash file use 'file' as a parallel flash image\n", QEMU_ARCH_ALL) 1007STEXI 1008@item -pflash @var{file} 1009@findex -pflash 1010Use @var{file} as a parallel flash image. 1011ETEXI 1012 1013DEF("snapshot", 0, QEMU_OPTION_snapshot, 1014 "-snapshot write to temporary files instead of disk image files\n", 1015 QEMU_ARCH_ALL) 1016STEXI 1017@item -snapshot 1018@findex -snapshot 1019Write to temporary files instead of disk image files. In this case, 1020the raw disk image you use is not written back. You can however force 1021the write back by pressing @key{C-a s} (@pxref{disk_images}). 1022ETEXI 1023 1024DEF("hdachs", HAS_ARG, QEMU_OPTION_hdachs, \ 1025 "-hdachs c,h,s[,t]\n" \ 1026 " force hard disk 0 physical geometry and the optional BIOS\n" \ 1027 " translation (t=none or lba) (usually QEMU can guess them)\n", 1028 QEMU_ARCH_ALL) 1029STEXI 1030@item -hdachs @var{c},@var{h},@var{s},[,@var{t}] 1031@findex -hdachs 1032Force hard disk 0 physical geometry (1 <= @var{c} <= 16383, 1 <= 1033@var{h} <= 16, 1 <= @var{s} <= 63) and optionally force the BIOS 1034translation mode (@var{t}=none, lba or auto). Usually QEMU can guess 1035all those parameters. This option is deprecated, please use 1036@code{-device ide-hd,cyls=c,heads=h,secs=s,...} instead. 1037ETEXI 1038 1039DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, 1040 "-fsdev fsdriver,id=id[,path=path,][security_model={mapped-xattr|mapped-file|passthrough|none}]\n" 1041 " [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd][,fmode=fmode][,dmode=dmode]\n" 1042 " [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n" 1043 " [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n" 1044 " [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n" 1045 " [[,throttling.iops-total-max=im]|[[,throttling.iops-read-max=irm][,throttling.iops-write-max=iwm]]]\n" 1046 " [[,throttling.iops-size=is]]\n", 1047 QEMU_ARCH_ALL) 1048 1049STEXI 1050 1051@item -fsdev @var{fsdriver},id=@var{id},path=@var{path},[security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}][,fmode=@var{fmode}][,dmode=@var{dmode}] 1052@findex -fsdev 1053Define a new file system device. Valid options are: 1054@table @option 1055@item @var{fsdriver} 1056This option specifies the fs driver backend to use. 1057Currently "local", "handle" and "proxy" file system drivers are supported. 1058@item id=@var{id} 1059Specifies identifier for this device 1060@item path=@var{path} 1061Specifies the export path for the file system device. Files under 1062this path will be available to the 9p client on the guest. 1063@item security_model=@var{security_model} 1064Specifies the security model to be used for this export path. 1065Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". 1066In "passthrough" security model, files are stored using the same 1067credentials as they are created on the guest. This requires QEMU 1068to run as root. In "mapped-xattr" security model, some of the file 1069attributes like uid, gid, mode bits and link target are stored as 1070file attributes. For "mapped-file" these attributes are stored in the 1071hidden .virtfs_metadata directory. Directories exported by this security model cannot 1072interact with other unix tools. "none" security model is same as 1073passthrough except the sever won't report failures if it fails to 1074set file attributes like ownership. Security model is mandatory 1075only for local fsdriver. Other fsdrivers (like handle, proxy) don't take 1076security model as a parameter. 1077@item writeout=@var{writeout} 1078This is an optional argument. The only supported value is "immediate". 1079This means that host page cache will be used to read and write data but 1080write notification will be sent to the guest only when the data has been 1081reported as written by the storage subsystem. 1082@item readonly 1083Enables exporting 9p share as a readonly mount for guests. By default 1084read-write access is given. 1085@item socket=@var{socket} 1086Enables proxy filesystem driver to use passed socket file for communicating 1087with virtfs-proxy-helper 1088@item sock_fd=@var{sock_fd} 1089Enables proxy filesystem driver to use passed socket descriptor for 1090communicating with virtfs-proxy-helper. Usually a helper like libvirt 1091will create socketpair and pass one of the fds as sock_fd 1092@item fmode=@var{fmode} 1093Specifies the default mode for newly created files on the host. Works only 1094with security models "mapped-xattr" and "mapped-file". 1095@item dmode=@var{dmode} 1096Specifies the default mode for newly created directories on the host. Works 1097only with security models "mapped-xattr" and "mapped-file". 1098@end table 1099 1100-fsdev option is used along with -device driver "virtio-9p-pci". 1101@item -device virtio-9p-pci,fsdev=@var{id},mount_tag=@var{mount_tag} 1102Options for virtio-9p-pci driver are: 1103@table @option 1104@item fsdev=@var{id} 1105Specifies the id value specified along with -fsdev option 1106@item mount_tag=@var{mount_tag} 1107Specifies the tag name to be used by the guest to mount this export point 1108@end table 1109 1110ETEXI 1111 1112DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, 1113 "-virtfs local,path=path,mount_tag=tag,security_model=[mapped-xattr|mapped-file|passthrough|none]\n" 1114 " [,id=id][,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd][,fmode=fmode][,dmode=dmode]\n", 1115 QEMU_ARCH_ALL) 1116 1117STEXI 1118 1119@item -virtfs @var{fsdriver}[,path=@var{path}],mount_tag=@var{mount_tag}[,security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}][,fmode=@var{fmode}][,dmode=@var{dmode}] 1120@findex -virtfs 1121 1122The general form of a Virtual File system pass-through options are: 1123@table @option 1124@item @var{fsdriver} 1125This option specifies the fs driver backend to use. 1126Currently "local", "handle" and "proxy" file system drivers are supported. 1127@item id=@var{id} 1128Specifies identifier for this device 1129@item path=@var{path} 1130Specifies the export path for the file system device. Files under 1131this path will be available to the 9p client on the guest. 1132@item security_model=@var{security_model} 1133Specifies the security model to be used for this export path. 1134Supported security models are "passthrough", "mapped-xattr", "mapped-file" and "none". 1135In "passthrough" security model, files are stored using the same 1136credentials as they are created on the guest. This requires QEMU 1137to run as root. In "mapped-xattr" security model, some of the file 1138attributes like uid, gid, mode bits and link target are stored as 1139file attributes. For "mapped-file" these attributes are stored in the 1140hidden .virtfs_metadata directory. Directories exported by this security model cannot 1141interact with other unix tools. "none" security model is same as 1142passthrough except the sever won't report failures if it fails to 1143set file attributes like ownership. Security model is mandatory only 1144for local fsdriver. Other fsdrivers (like handle, proxy) don't take security 1145model as a parameter. 1146@item writeout=@var{writeout} 1147This is an optional argument. The only supported value is "immediate". 1148This means that host page cache will be used to read and write data but 1149write notification will be sent to the guest only when the data has been 1150reported as written by the storage subsystem. 1151@item readonly 1152Enables exporting 9p share as a readonly mount for guests. By default 1153read-write access is given. 1154@item socket=@var{socket} 1155Enables proxy filesystem driver to use passed socket file for 1156communicating with virtfs-proxy-helper. Usually a helper like libvirt 1157will create socketpair and pass one of the fds as sock_fd 1158@item sock_fd 1159Enables proxy filesystem driver to use passed 'sock_fd' as the socket 1160descriptor for interfacing with virtfs-proxy-helper 1161@item fmode=@var{fmode} 1162Specifies the default mode for newly created files on the host. Works only 1163with security models "mapped-xattr" and "mapped-file". 1164@item dmode=@var{dmode} 1165Specifies the default mode for newly created directories on the host. Works 1166only with security models "mapped-xattr" and "mapped-file". 1167@end table 1168ETEXI 1169 1170DEF("virtfs_synth", 0, QEMU_OPTION_virtfs_synth, 1171 "-virtfs_synth Create synthetic file system image\n", 1172 QEMU_ARCH_ALL) 1173STEXI 1174@item -virtfs_synth 1175@findex -virtfs_synth 1176Create synthetic file system image 1177ETEXI 1178 1179STEXI 1180@end table 1181ETEXI 1182DEFHEADING() 1183 1184DEFHEADING(USB options) 1185STEXI 1186@table @option 1187ETEXI 1188 1189DEF("usb", 0, QEMU_OPTION_usb, 1190 "-usb enable the USB driver (if it is not used by default yet)\n", 1191 QEMU_ARCH_ALL) 1192STEXI 1193@item -usb 1194@findex -usb 1195Enable the USB driver (if it is not used by default yet). 1196ETEXI 1197 1198DEF("usbdevice", HAS_ARG, QEMU_OPTION_usbdevice, 1199 "-usbdevice name add the host or guest USB device 'name'\n", 1200 QEMU_ARCH_ALL) 1201STEXI 1202 1203@item -usbdevice @var{devname} 1204@findex -usbdevice 1205Add the USB device @var{devname}. Note that this option is deprecated, 1206please use @code{-device usb-...} instead. @xref{usb_devices}. 1207 1208@table @option 1209 1210@item mouse 1211Virtual Mouse. This will override the PS/2 mouse emulation when activated. 1212 1213@item tablet 1214Pointer device that uses absolute coordinates (like a touchscreen). This 1215means QEMU is able to report the mouse position without having to grab the 1216mouse. Also overrides the PS/2 mouse emulation when activated. 1217 1218@item disk:[format=@var{format}]:@var{file} 1219Mass storage device based on file. The optional @var{format} argument 1220will be used rather than detecting the format. Can be used to specify 1221@code{format=raw} to avoid interpreting an untrusted format header. 1222 1223@item host:@var{bus}.@var{addr} 1224Pass through the host device identified by @var{bus}.@var{addr} (Linux only). 1225 1226@item host:@var{vendor_id}:@var{product_id} 1227Pass through the host device identified by @var{vendor_id}:@var{product_id} 1228(Linux only). 1229 1230@item serial:[vendorid=@var{vendor_id}][,productid=@var{product_id}]:@var{dev} 1231Serial converter to host character device @var{dev}, see @code{-serial} for the 1232available devices. 1233 1234@item braille 1235Braille device. This will use BrlAPI to display the braille output on a real 1236or fake device. 1237 1238@item net:@var{options} 1239Network adapter that supports CDC ethernet and RNDIS protocols. 1240 1241@end table 1242ETEXI 1243 1244STEXI 1245@end table 1246ETEXI 1247DEFHEADING() 1248 1249DEFHEADING(Display options) 1250STEXI 1251@table @option 1252ETEXI 1253 1254DEF("display", HAS_ARG, QEMU_OPTION_display, 1255 "-display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]\n" 1256 " [,window_close=on|off][,gl=on|off]\n" 1257 "-display gtk[,grab_on_hover=on|off][,gl=on|off]|\n" 1258 "-display vnc=<display>[,<optargs>]\n" 1259 "-display curses\n" 1260 "-display none" 1261 " select display type\n" 1262 "The default display is equivalent to\n" 1263#if defined(CONFIG_GTK) 1264 "\t\"-display gtk\"\n" 1265#elif defined(CONFIG_SDL) 1266 "\t\"-display sdl\"\n" 1267#elif defined(CONFIG_COCOA) 1268 "\t\"-display cocoa\"\n" 1269#elif defined(CONFIG_VNC) 1270 "\t\"-vnc localhost:0,to=99,id=default\"\n" 1271#else 1272 "\t\"-display none\"\n" 1273#endif 1274 , QEMU_ARCH_ALL) 1275STEXI 1276@item -display @var{type} 1277@findex -display 1278Select type of display to use. This option is a replacement for the 1279old style -sdl/-curses/... options. Valid values for @var{type} are 1280@table @option 1281@item sdl 1282Display video output via SDL (usually in a separate graphics 1283window; see the SDL documentation for other possibilities). 1284@item curses 1285Display video output via curses. For graphics device models which 1286support a text mode, QEMU can display this output using a 1287curses/ncurses interface. Nothing is displayed when the graphics 1288device is in graphical mode or if the graphics device does not support 1289a text mode. Generally only the VGA device models support text mode. 1290@item none 1291Do not display video output. The guest will still see an emulated 1292graphics card, but its output will not be displayed to the QEMU 1293user. This option differs from the -nographic option in that it 1294only affects what is done with video output; -nographic also changes 1295the destination of the serial and parallel port data. 1296@item gtk 1297Display video output in a GTK window. This interface provides drop-down 1298menus and other UI elements to configure and control the VM during 1299runtime. 1300@item vnc 1301Start a VNC server on display <arg> 1302@end table 1303ETEXI 1304 1305DEF("nographic", 0, QEMU_OPTION_nographic, 1306 "-nographic disable graphical output and redirect serial I/Os to console\n", 1307 QEMU_ARCH_ALL) 1308STEXI 1309@item -nographic 1310@findex -nographic 1311Normally, if QEMU is compiled with graphical window support, it displays 1312output such as guest graphics, guest console, and the QEMU monitor in a 1313window. With this option, you can totally disable graphical output so 1314that QEMU is a simple command line application. The emulated serial port 1315is redirected on the console and muxed with the monitor (unless 1316redirected elsewhere explicitly). Therefore, you can still use QEMU to 1317debug a Linux kernel with a serial console. Use @key{C-a h} for help on 1318switching between the console and monitor. 1319ETEXI 1320 1321DEF("curses", 0, QEMU_OPTION_curses, 1322 "-curses shorthand for -display curses\n", 1323 QEMU_ARCH_ALL) 1324STEXI 1325@item -curses 1326@findex -curses 1327Normally, if QEMU is compiled with graphical window support, it displays 1328output such as guest graphics, guest console, and the QEMU monitor in a 1329window. With this option, QEMU can display the VGA output when in text 1330mode using a curses/ncurses interface. Nothing is displayed in graphical 1331mode. 1332ETEXI 1333 1334DEF("no-frame", 0, QEMU_OPTION_no_frame, 1335 "-no-frame open SDL window without a frame and window decorations\n", 1336 QEMU_ARCH_ALL) 1337STEXI 1338@item -no-frame 1339@findex -no-frame 1340Do not use decorations for SDL windows and start them using the whole 1341available screen space. This makes the using QEMU in a dedicated desktop 1342workspace more convenient. 1343ETEXI 1344 1345DEF("alt-grab", 0, QEMU_OPTION_alt_grab, 1346 "-alt-grab use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt)\n", 1347 QEMU_ARCH_ALL) 1348STEXI 1349@item -alt-grab 1350@findex -alt-grab 1351Use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt). Note that this also 1352affects the special keys (for fullscreen, monitor-mode switching, etc). 1353ETEXI 1354 1355DEF("ctrl-grab", 0, QEMU_OPTION_ctrl_grab, 1356 "-ctrl-grab use Right-Ctrl to grab mouse (instead of Ctrl-Alt)\n", 1357 QEMU_ARCH_ALL) 1358STEXI 1359@item -ctrl-grab 1360@findex -ctrl-grab 1361Use Right-Ctrl to grab mouse (instead of Ctrl-Alt). Note that this also 1362affects the special keys (for fullscreen, monitor-mode switching, etc). 1363ETEXI 1364 1365DEF("no-quit", 0, QEMU_OPTION_no_quit, 1366 "-no-quit disable SDL window close capability\n", QEMU_ARCH_ALL) 1367STEXI 1368@item -no-quit 1369@findex -no-quit 1370Disable SDL window close capability. 1371ETEXI 1372 1373DEF("sdl", 0, QEMU_OPTION_sdl, 1374 "-sdl shorthand for -display sdl\n", QEMU_ARCH_ALL) 1375STEXI 1376@item -sdl 1377@findex -sdl 1378Enable SDL. 1379ETEXI 1380 1381DEF("spice", HAS_ARG, QEMU_OPTION_spice, 1382 "-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]\n" 1383 " [,x509-key-file=<file>][,x509-key-password=<file>]\n" 1384 " [,x509-cert-file=<file>][,x509-cacert-file=<file>]\n" 1385 " [,x509-dh-key-file=<file>][,addr=addr][,ipv4|ipv6|unix]\n" 1386 " [,tls-ciphers=<list>]\n" 1387 " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" 1388 " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" 1389 " [,sasl][,password=<secret>][,disable-ticketing]\n" 1390 " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" 1391 " [,jpeg-wan-compression=[auto|never|always]]\n" 1392 " [,zlib-glz-wan-compression=[auto|never|always]]\n" 1393 " [,streaming-video=[off|all|filter]][,disable-copy-paste]\n" 1394 " [,disable-agent-file-xfer][,agent-mouse=[on|off]]\n" 1395 " [,playback-compression=[on|off]][,seamless-migration=[on|off]]\n" 1396 " [,gl=[on|off]][,rendernode=<file>]\n" 1397 " enable spice\n" 1398 " at least one of {port, tls-port} is mandatory\n", 1399 QEMU_ARCH_ALL) 1400STEXI 1401@item -spice @var{option}[,@var{option}[,...]] 1402@findex -spice 1403Enable the spice remote desktop protocol. Valid options are 1404 1405@table @option 1406 1407@item port=<nr> 1408Set the TCP port spice is listening on for plaintext channels. 1409 1410@item addr=<addr> 1411Set the IP address spice is listening on. Default is any address. 1412 1413@item ipv4 1414@itemx ipv6 1415@itemx unix 1416Force using the specified IP version. 1417 1418@item password=<secret> 1419Set the password you need to authenticate. 1420 1421@item sasl 1422Require that the client use SASL to authenticate with the spice. 1423The exact choice of authentication method used is controlled from the 1424system / user's SASL configuration file for the 'qemu' service. This 1425is typically found in /etc/sasl2/qemu.conf. If running QEMU as an 1426unprivileged user, an environment variable SASL_CONF_PATH can be used 1427to make it search alternate locations for the service config. 1428While some SASL auth methods can also provide data encryption (eg GSSAPI), 1429it is recommended that SASL always be combined with the 'tls' and 1430'x509' settings to enable use of SSL and server certificates. This 1431ensures a data encryption preventing compromise of authentication 1432credentials. 1433 1434@item disable-ticketing 1435Allow client connects without authentication. 1436 1437@item disable-copy-paste 1438Disable copy paste between the client and the guest. 1439 1440@item disable-agent-file-xfer 1441Disable spice-vdagent based file-xfer between the client and the guest. 1442 1443@item tls-port=<nr> 1444Set the TCP port spice is listening on for encrypted channels. 1445 1446@item x509-dir=<dir> 1447Set the x509 file directory. Expects same filenames as -vnc $display,x509=$dir 1448 1449@item x509-key-file=<file> 1450@itemx x509-key-password=<file> 1451@itemx x509-cert-file=<file> 1452@itemx x509-cacert-file=<file> 1453@itemx x509-dh-key-file=<file> 1454The x509 file names can also be configured individually. 1455 1456@item tls-ciphers=<list> 1457Specify which ciphers to use. 1458 1459@item tls-channel=[main|display|cursor|inputs|record|playback] 1460@itemx plaintext-channel=[main|display|cursor|inputs|record|playback] 1461Force specific channel to be used with or without TLS encryption. The 1462options can be specified multiple times to configure multiple 1463channels. The special name "default" can be used to set the default 1464mode. For channels which are not explicitly forced into one mode the 1465spice client is allowed to pick tls/plaintext as he pleases. 1466 1467@item image-compression=[auto_glz|auto_lz|quic|glz|lz|off] 1468Configure image compression (lossless). 1469Default is auto_glz. 1470 1471@item jpeg-wan-compression=[auto|never|always] 1472@itemx zlib-glz-wan-compression=[auto|never|always] 1473Configure wan image compression (lossy for slow links). 1474Default is auto. 1475 1476@item streaming-video=[off|all|filter] 1477Configure video stream detection. Default is off. 1478 1479@item agent-mouse=[on|off] 1480Enable/disable passing mouse events via vdagent. Default is on. 1481 1482@item playback-compression=[on|off] 1483Enable/disable audio stream compression (using celt 0.5.1). Default is on. 1484 1485@item seamless-migration=[on|off] 1486Enable/disable spice seamless migration. Default is off. 1487 1488@item gl=[on|off] 1489Enable/disable OpenGL context. Default is off. 1490 1491@item rendernode=<file> 1492DRM render node for OpenGL rendering. If not specified, it will pick 1493the first available. (Since 2.9) 1494 1495@end table 1496ETEXI 1497 1498DEF("portrait", 0, QEMU_OPTION_portrait, 1499 "-portrait rotate graphical output 90 deg left (only PXA LCD)\n", 1500 QEMU_ARCH_ALL) 1501STEXI 1502@item -portrait 1503@findex -portrait 1504Rotate graphical output 90 deg left (only PXA LCD). 1505ETEXI 1506 1507DEF("rotate", HAS_ARG, QEMU_OPTION_rotate, 1508 "-rotate <deg> rotate graphical output some deg left (only PXA LCD)\n", 1509 QEMU_ARCH_ALL) 1510STEXI 1511@item -rotate @var{deg} 1512@findex -rotate 1513Rotate graphical output some deg left (only PXA LCD). 1514ETEXI 1515 1516DEF("vga", HAS_ARG, QEMU_OPTION_vga, 1517 "-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]\n" 1518 " select video card type\n", QEMU_ARCH_ALL) 1519STEXI 1520@item -vga @var{type} 1521@findex -vga 1522Select type of VGA card to emulate. Valid values for @var{type} are 1523@table @option 1524@item cirrus 1525Cirrus Logic GD5446 Video card. All Windows versions starting from 1526Windows 95 should recognize and use this graphic card. For optimal 1527performances, use 16 bit color depth in the guest and the host OS. 1528(This card was the default before QEMU 2.2) 1529@item std 1530Standard VGA card with Bochs VBE extensions. If your guest OS 1531supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if you want 1532to use high resolution modes (>= 1280x1024x16) then you should use 1533this option. (This card is the default since QEMU 2.2) 1534@item vmware 1535VMWare SVGA-II compatible adapter. Use it if you have sufficiently 1536recent XFree86/XOrg server or Windows guest with a driver for this 1537card. 1538@item qxl 1539QXL paravirtual graphic card. It is VGA compatible (including VESA 15402.0 VBE support). Works best with qxl guest drivers installed though. 1541Recommended choice when using the spice protocol. 1542@item tcx 1543(sun4m only) Sun TCX framebuffer. This is the default framebuffer for 1544sun4m machines and offers both 8-bit and 24-bit colour depths at a 1545fixed resolution of 1024x768. 1546@item cg3 1547(sun4m only) Sun cgthree framebuffer. This is a simple 8-bit framebuffer 1548for sun4m machines available in both 1024x768 (OpenBIOS) and 1152x900 (OBP) 1549resolutions aimed at people wishing to run older Solaris versions. 1550@item virtio 1551Virtio VGA card. 1552@item none 1553Disable VGA card. 1554@end table 1555ETEXI 1556 1557DEF("full-screen", 0, QEMU_OPTION_full_screen, 1558 "-full-screen start in full screen\n", QEMU_ARCH_ALL) 1559STEXI 1560@item -full-screen 1561@findex -full-screen 1562Start in full screen. 1563ETEXI 1564 1565DEF("g", 1, QEMU_OPTION_g , 1566 "-g WxH[xDEPTH] Set the initial graphical resolution and depth\n", 1567 QEMU_ARCH_PPC | QEMU_ARCH_SPARC) 1568STEXI 1569@item -g @var{width}x@var{height}[x@var{depth}] 1570@findex -g 1571Set the initial graphical resolution and depth (PPC, SPARC only). 1572ETEXI 1573 1574DEF("vnc", HAS_ARG, QEMU_OPTION_vnc , 1575 "-vnc <display> shorthand for -display vnc=<display>\n", QEMU_ARCH_ALL) 1576STEXI 1577@item -vnc @var{display}[,@var{option}[,@var{option}[,...]]] 1578@findex -vnc 1579Normally, if QEMU is compiled with graphical window support, it displays 1580output such as guest graphics, guest console, and the QEMU monitor in a 1581window. With this option, you can have QEMU listen on VNC display 1582@var{display} and redirect the VGA display over the VNC session. It is 1583very useful to enable the usb tablet device when using this option 1584(option @option{-device usb-tablet}). When using the VNC display, you 1585must use the @option{-k} parameter to set the keyboard layout if you are 1586not using en-us. Valid syntax for the @var{display} is 1587 1588@table @option 1589 1590@item to=@var{L} 1591 1592With this option, QEMU will try next available VNC @var{display}s, until the 1593number @var{L}, if the origianlly defined "-vnc @var{display}" is not 1594available, e.g. port 5900+@var{display} is already used by another 1595application. By default, to=0. 1596 1597@item @var{host}:@var{d} 1598 1599TCP connections will only be allowed from @var{host} on display @var{d}. 1600By convention the TCP port is 5900+@var{d}. Optionally, @var{host} can 1601be omitted in which case the server will accept connections from any host. 1602 1603@item unix:@var{path} 1604 1605Connections will be allowed over UNIX domain sockets where @var{path} is the 1606location of a unix socket to listen for connections on. 1607 1608@item none 1609 1610VNC is initialized but not started. The monitor @code{change} command 1611can be used to later start the VNC server. 1612 1613@end table 1614 1615Following the @var{display} value there may be one or more @var{option} flags 1616separated by commas. Valid options are 1617 1618@table @option 1619 1620@item reverse 1621 1622Connect to a listening VNC client via a ``reverse'' connection. The 1623client is specified by the @var{display}. For reverse network 1624connections (@var{host}:@var{d},@code{reverse}), the @var{d} argument 1625is a TCP port number, not a display number. 1626 1627@item websocket 1628 1629Opens an additional TCP listening port dedicated to VNC Websocket connections. 1630If a bare @var{websocket} option is given, the Websocket port is 16315700+@var{display}. An alternative port can be specified with the 1632syntax @code{websocket}=@var{port}. 1633 1634If @var{host} is specified connections will only be allowed from this host. 1635It is possible to control the websocket listen address independently, using 1636the syntax @code{websocket}=@var{host}:@var{port}. 1637 1638If no TLS credentials are provided, the websocket connection runs in 1639unencrypted mode. If TLS credentials are provided, the websocket connection 1640requires encrypted client connections. 1641 1642@item password 1643 1644Require that password based authentication is used for client connections. 1645 1646The password must be set separately using the @code{set_password} command in 1647the @ref{pcsys_monitor}. The syntax to change your password is: 1648@code{set_password <protocol> <password>} where <protocol> could be either 1649"vnc" or "spice". 1650 1651If you would like to change <protocol> password expiration, you should use 1652@code{expire_password <protocol> <expiration-time>} where expiration time could 1653be one of the following options: now, never, +seconds or UNIX time of 1654expiration, e.g. +60 to make password expire in 60 seconds, or 1335196800 1655to make password expire on "Mon Apr 23 12:00:00 EDT 2012" (UNIX time for this 1656date and time). 1657 1658You can also use keywords "now" or "never" for the expiration time to 1659allow <protocol> password to expire immediately or never expire. 1660 1661@item tls-creds=@var{ID} 1662 1663Provides the ID of a set of TLS credentials to use to secure the 1664VNC server. They will apply to both the normal VNC server socket 1665and the websocket socket (if enabled). Setting TLS credentials 1666will cause the VNC server socket to enable the VeNCrypt auth 1667mechanism. The credentials should have been previously created 1668using the @option{-object tls-creds} argument. 1669 1670The @option{tls-creds} parameter obsoletes the @option{tls}, 1671@option{x509}, and @option{x509verify} options, and as such 1672it is not permitted to set both new and old type options at 1673the same time. 1674 1675@item tls 1676 1677Require that client use TLS when communicating with the VNC server. This 1678uses anonymous TLS credentials so is susceptible to a man-in-the-middle 1679attack. It is recommended that this option be combined with either the 1680@option{x509} or @option{x509verify} options. 1681 1682This option is now deprecated in favor of using the @option{tls-creds} 1683argument. 1684 1685@item x509=@var{/path/to/certificate/dir} 1686 1687Valid if @option{tls} is specified. Require that x509 credentials are used 1688for negotiating the TLS session. The server will send its x509 certificate 1689to the client. It is recommended that a password be set on the VNC server 1690to provide authentication of the client when this is used. The path following 1691this option specifies where the x509 certificates are to be loaded from. 1692See the @ref{vnc_security} section for details on generating certificates. 1693 1694This option is now deprecated in favour of using the @option{tls-creds} 1695argument. 1696 1697@item x509verify=@var{/path/to/certificate/dir} 1698 1699Valid if @option{tls} is specified. Require that x509 credentials are used 1700for negotiating the TLS session. The server will send its x509 certificate 1701to the client, and request that the client send its own x509 certificate. 1702The server will validate the client's certificate against the CA certificate, 1703and reject clients when validation fails. If the certificate authority is 1704trusted, this is a sufficient authentication mechanism. You may still wish 1705to set a password on the VNC server as a second authentication layer. The 1706path following this option specifies where the x509 certificates are to 1707be loaded from. See the @ref{vnc_security} section for details on generating 1708certificates. 1709 1710This option is now deprecated in favour of using the @option{tls-creds} 1711argument. 1712 1713@item sasl 1714 1715Require that the client use SASL to authenticate with the VNC server. 1716The exact choice of authentication method used is controlled from the 1717system / user's SASL configuration file for the 'qemu' service. This 1718is typically found in /etc/sasl2/qemu.conf. If running QEMU as an 1719unprivileged user, an environment variable SASL_CONF_PATH can be used 1720to make it search alternate locations for the service config. 1721While some SASL auth methods can also provide data encryption (eg GSSAPI), 1722it is recommended that SASL always be combined with the 'tls' and 1723'x509' settings to enable use of SSL and server certificates. This 1724ensures a data encryption preventing compromise of authentication 1725credentials. See the @ref{vnc_security} section for details on using 1726SASL authentication. 1727 1728@item acl 1729 1730Turn on access control lists for checking of the x509 client certificate 1731and SASL party. For x509 certs, the ACL check is made against the 1732certificate's distinguished name. This is something that looks like 1733@code{C=GB,O=ACME,L=Boston,CN=bob}. For SASL party, the ACL check is 1734made against the username, which depending on the SASL plugin, may 1735include a realm component, eg @code{bob} or @code{bob@@EXAMPLE.COM}. 1736When the @option{acl} flag is set, the initial access list will be 1737empty, with a @code{deny} policy. Thus no one will be allowed to 1738use the VNC server until the ACLs have been loaded. This can be 1739achieved using the @code{acl} monitor command. 1740 1741@item lossy 1742 1743Enable lossy compression methods (gradient, JPEG, ...). If this 1744option is set, VNC client may receive lossy framebuffer updates 1745depending on its encoding settings. Enabling this option can save 1746a lot of bandwidth at the expense of quality. 1747 1748@item non-adaptive 1749 1750Disable adaptive encodings. Adaptive encodings are enabled by default. 1751An adaptive encoding will try to detect frequently updated screen regions, 1752and send updates in these regions using a lossy encoding (like JPEG). 1753This can be really helpful to save bandwidth when playing videos. Disabling 1754adaptive encodings restores the original static behavior of encodings 1755like Tight. 1756 1757@item share=[allow-exclusive|force-shared|ignore] 1758 1759Set display sharing policy. 'allow-exclusive' allows clients to ask 1760for exclusive access. As suggested by the rfb spec this is 1761implemented by dropping other connections. Connecting multiple 1762clients in parallel requires all clients asking for a shared session 1763(vncviewer: -shared switch). This is the default. 'force-shared' 1764disables exclusive client access. Useful for shared desktop sessions, 1765where you don't want someone forgetting specify -shared disconnect 1766everybody else. 'ignore' completely ignores the shared flag and 1767allows everybody connect unconditionally. Doesn't conform to the rfb 1768spec but is traditional QEMU behavior. 1769 1770@item key-delay-ms 1771 1772Set keyboard delay, for key down and key up events, in milliseconds. 1773Default is 10. Keyboards are low-bandwidth devices, so this slowdown 1774can help the device and guest to keep up and not lose events in case 1775events are arriving in bulk. Possible causes for the latter are flaky 1776network connections, or scripts for automated testing. 1777 1778@end table 1779ETEXI 1780 1781STEXI 1782@end table 1783ETEXI 1784ARCHHEADING(, QEMU_ARCH_I386) 1785 1786ARCHHEADING(i386 target only, QEMU_ARCH_I386) 1787STEXI 1788@table @option 1789ETEXI 1790 1791DEF("win2k-hack", 0, QEMU_OPTION_win2k_hack, 1792 "-win2k-hack use it when installing Windows 2000 to avoid a disk full bug\n", 1793 QEMU_ARCH_I386) 1794STEXI 1795@item -win2k-hack 1796@findex -win2k-hack 1797Use it when installing Windows 2000 to avoid a disk full bug. After 1798Windows 2000 is installed, you no longer need this option (this option 1799slows down the IDE transfers). 1800ETEXI 1801 1802HXCOMM Deprecated by -rtc 1803DEF("rtc-td-hack", 0, QEMU_OPTION_rtc_td_hack, "", QEMU_ARCH_I386) 1804 1805DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk, 1806 "-no-fd-bootchk disable boot signature checking for floppy disks\n", 1807 QEMU_ARCH_I386) 1808STEXI 1809@item -no-fd-bootchk 1810@findex -no-fd-bootchk 1811Disable boot signature checking for floppy disks in BIOS. May 1812be needed to boot from old floppy disks. 1813ETEXI 1814 1815DEF("no-acpi", 0, QEMU_OPTION_no_acpi, 1816 "-no-acpi disable ACPI\n", QEMU_ARCH_I386 | QEMU_ARCH_ARM) 1817STEXI 1818@item -no-acpi 1819@findex -no-acpi 1820Disable ACPI (Advanced Configuration and Power Interface) support. Use 1821it if your guest OS complains about ACPI problems (PC target machine 1822only). 1823ETEXI 1824 1825DEF("no-hpet", 0, QEMU_OPTION_no_hpet, 1826 "-no-hpet disable HPET\n", QEMU_ARCH_I386) 1827STEXI 1828@item -no-hpet 1829@findex -no-hpet 1830Disable HPET support. 1831ETEXI 1832 1833DEF("acpitable", HAS_ARG, QEMU_OPTION_acpitable, 1834 "-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]\n" 1835 " ACPI table description\n", QEMU_ARCH_I386) 1836STEXI 1837@item -acpitable [sig=@var{str}][,rev=@var{n}][,oem_id=@var{str}][,oem_table_id=@var{str}][,oem_rev=@var{n}] [,asl_compiler_id=@var{str}][,asl_compiler_rev=@var{n}][,data=@var{file1}[:@var{file2}]...] 1838@findex -acpitable 1839Add ACPI table with specified header fields and context from specified files. 1840For file=, take whole ACPI table from the specified files, including all 1841ACPI headers (possible overridden by other options). 1842For data=, only data 1843portion of the table is used, all header information is specified in the 1844command line. 1845If a SLIC table is supplied to QEMU, then the SLIC's oem_id and oem_table_id 1846fields will override the same in the RSDT and the FADT (a.k.a. FACP), in order 1847to ensure the field matches required by the Microsoft SLIC spec and the ACPI 1848spec. 1849ETEXI 1850 1851DEF("smbios", HAS_ARG, QEMU_OPTION_smbios, 1852 "-smbios file=binary\n" 1853 " load SMBIOS entry from binary file\n" 1854 "-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d]\n" 1855 " [,uefi=on|off]\n" 1856 " specify SMBIOS type 0 fields\n" 1857 "-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]\n" 1858 " [,uuid=uuid][,sku=str][,family=str]\n" 1859 " specify SMBIOS type 1 fields\n" 1860 "-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str]\n" 1861 " [,asset=str][,location=str]\n" 1862 " specify SMBIOS type 2 fields\n" 1863 "-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str]\n" 1864 " [,sku=str]\n" 1865 " specify SMBIOS type 3 fields\n" 1866 "-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str]\n" 1867 " [,asset=str][,part=str]\n" 1868 " specify SMBIOS type 4 fields\n" 1869 "-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n" 1870 " [,asset=str][,part=str][,speed=%d]\n" 1871 " specify SMBIOS type 17 fields\n", 1872 QEMU_ARCH_I386 | QEMU_ARCH_ARM) 1873STEXI 1874@item -smbios file=@var{binary} 1875@findex -smbios 1876Load SMBIOS entry from binary file. 1877 1878@item -smbios type=0[,vendor=@var{str}][,version=@var{str}][,date=@var{str}][,release=@var{%d.%d}][,uefi=on|off] 1879Specify SMBIOS type 0 fields 1880 1881@item -smbios type=1[,manufacturer=@var{str}][,product=@var{str}][,version=@var{str}][,serial=@var{str}][,uuid=@var{uuid}][,sku=@var{str}][,family=@var{str}] 1882Specify SMBIOS type 1 fields 1883 1884@item -smbios type=2[,manufacturer=@var{str}][,product=@var{str}][,version=@var{str}][,serial=@var{str}][,asset=@var{str}][,location=@var{str}][,family=@var{str}] 1885Specify SMBIOS type 2 fields 1886 1887@item -smbios type=3[,manufacturer=@var{str}][,version=@var{str}][,serial=@var{str}][,asset=@var{str}][,sku=@var{str}] 1888Specify SMBIOS type 3 fields 1889 1890@item -smbios type=4[,sock_pfx=@var{str}][,manufacturer=@var{str}][,version=@var{str}][,serial=@var{str}][,asset=@var{str}][,part=@var{str}] 1891Specify SMBIOS type 4 fields 1892 1893@item -smbios type=17[,loc_pfx=@var{str}][,bank=@var{str}][,manufacturer=@var{str}][,serial=@var{str}][,asset=@var{str}][,part=@var{str}][,speed=@var{%d}] 1894Specify SMBIOS type 17 fields 1895ETEXI 1896 1897STEXI 1898@end table 1899ETEXI 1900DEFHEADING() 1901 1902DEFHEADING(Network options) 1903STEXI 1904@table @option 1905ETEXI 1906 1907HXCOMM Legacy slirp options (now moved to -net user): 1908#ifdef CONFIG_SLIRP 1909DEF("tftp", HAS_ARG, QEMU_OPTION_tftp, "", QEMU_ARCH_ALL) 1910DEF("bootp", HAS_ARG, QEMU_OPTION_bootp, "", QEMU_ARCH_ALL) 1911DEF("redir", HAS_ARG, QEMU_OPTION_redir, "", QEMU_ARCH_ALL) 1912#ifndef _WIN32 1913DEF("smb", HAS_ARG, QEMU_OPTION_smb, "", QEMU_ARCH_ALL) 1914#endif 1915#endif 1916 1917DEF("netdev", HAS_ARG, QEMU_OPTION_netdev, 1918#ifdef CONFIG_SLIRP 1919 "-netdev user,id=str[,ipv4[=on|off]][,net=addr[/mask]][,host=addr]\n" 1920 " [,ipv6[=on|off]][,ipv6-net=addr[/int]][,ipv6-host=addr]\n" 1921 " [,restrict=on|off][,hostname=host][,dhcpstart=addr]\n" 1922 " [,dns=addr][,ipv6-dns=addr][,dnssearch=domain][,tftp=dir]\n" 1923 " [,bootfile=f][,hostfwd=rule][,guestfwd=rule]" 1924#ifndef _WIN32 1925 "[,smb=dir[,smbserver=addr]]\n" 1926#endif 1927 " configure a user mode network backend with ID 'str',\n" 1928 " its DHCP server and optional services\n" 1929#endif 1930#ifdef _WIN32 1931 "-netdev tap,id=str,ifname=name\n" 1932 " configure a host TAP network backend with ID 'str'\n" 1933#else 1934 "-netdev tap,id=str[,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile]\n" 1935 " [,br=bridge][,helper=helper][,sndbuf=nbytes][,vnet_hdr=on|off][,vhost=on|off]\n" 1936 " [,vhostfd=h][,vhostfds=x:y:...:z][,vhostforce=on|off][,queues=n]\n" 1937 " [,poll-us=n]\n" 1938 " configure a host TAP network backend with ID 'str'\n" 1939 " connected to a bridge (default=" DEFAULT_BRIDGE_INTERFACE ")\n" 1940 " use network scripts 'file' (default=" DEFAULT_NETWORK_SCRIPT ")\n" 1941 " to configure it and 'dfile' (default=" DEFAULT_NETWORK_DOWN_SCRIPT ")\n" 1942 " to deconfigure it\n" 1943 " use '[down]script=no' to disable script execution\n" 1944 " use network helper 'helper' (default=" DEFAULT_BRIDGE_HELPER ") to\n" 1945 " configure it\n" 1946 " use 'fd=h' to connect to an already opened TAP interface\n" 1947 " use 'fds=x:y:...:z' to connect to already opened multiqueue capable TAP interfaces\n" 1948 " use 'sndbuf=nbytes' to limit the size of the send buffer (the\n" 1949 " default is disabled 'sndbuf=0' to enable flow control set 'sndbuf=1048576')\n" 1950 " use vnet_hdr=off to avoid enabling the IFF_VNET_HDR tap flag\n" 1951 " use vnet_hdr=on to make the lack of IFF_VNET_HDR support an error condition\n" 1952 " use vhost=on to enable experimental in kernel accelerator\n" 1953 " (only has effect for virtio guests which use MSIX)\n" 1954 " use vhostforce=on to force vhost on for non-MSIX virtio guests\n" 1955 " use 'vhostfd=h' to connect to an already opened vhost net device\n" 1956 " use 'vhostfds=x:y:...:z to connect to multiple already opened vhost net devices\n" 1957 " use 'queues=n' to specify the number of queues to be created for multiqueue TAP\n" 1958 " use 'poll-us=n' to speciy the maximum number of microseconds that could be\n" 1959 " spent on busy polling for vhost net\n" 1960 "-netdev bridge,id=str[,br=bridge][,helper=helper]\n" 1961 " configure a host TAP network backend with ID 'str' that is\n" 1962 " connected to a bridge (default=" DEFAULT_BRIDGE_INTERFACE ")\n" 1963 " using the program 'helper (default=" DEFAULT_BRIDGE_HELPER ")\n" 1964#endif 1965#ifdef __linux__ 1966 "-netdev l2tpv3,id=str,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport]\n" 1967 " [,rxsession=rxsession],txsession=txsession[,ipv6=on/off][,udp=on/off]\n" 1968 " [,cookie64=on/off][,counter][,pincounter][,txcookie=txcookie]\n" 1969 " [,rxcookie=rxcookie][,offset=offset]\n" 1970 " configure a network backend with ID 'str' connected to\n" 1971 " an Ethernet over L2TPv3 pseudowire.\n" 1972 " Linux kernel 3.3+ as well as most routers can talk\n" 1973 " L2TPv3. This transport allows connecting a VM to a VM,\n" 1974 " VM to a router and even VM to Host. It is a nearly-universal\n" 1975 " standard (RFC3391). Note - this implementation uses static\n" 1976 " pre-configured tunnels (same as the Linux kernel).\n" 1977 " use 'src=' to specify source address\n" 1978 " use 'dst=' to specify destination address\n" 1979 " use 'udp=on' to specify udp encapsulation\n" 1980 " use 'srcport=' to specify source udp port\n" 1981 " use 'dstport=' to specify destination udp port\n" 1982 " use 'ipv6=on' to force v6\n" 1983 " L2TPv3 uses cookies to prevent misconfiguration as\n" 1984 " well as a weak security measure\n" 1985 " use 'rxcookie=0x012345678' to specify a rxcookie\n" 1986 " use 'txcookie=0x012345678' to specify a txcookie\n" 1987 " use 'cookie64=on' to set cookie size to 64 bit, otherwise 32\n" 1988 " use 'counter=off' to force a 'cut-down' L2TPv3 with no counter\n" 1989 " use 'pincounter=on' to work around broken counter handling in peer\n" 1990 " use 'offset=X' to add an extra offset between header and data\n" 1991#endif 1992 "-netdev socket,id=str[,fd=h][,listen=[host]:port][,connect=host:port]\n" 1993 " configure a network backend to connect to another network\n" 1994 " using a socket connection\n" 1995 "-netdev socket,id=str[,fd=h][,mcast=maddr:port[,localaddr=addr]]\n" 1996 " configure a network backend to connect to a multicast maddr and port\n" 1997 " use 'localaddr=addr' to specify the host address to send packets from\n" 1998 "-netdev socket,id=str[,fd=h][,udp=host:port][,localaddr=host:port]\n" 1999 " configure a network backend to connect to another network\n" 2000 " using an UDP tunnel\n" 2001#ifdef CONFIG_VDE 2002 "-netdev vde,id=str[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]\n" 2003 " configure a network backend to connect to port 'n' of a vde switch\n" 2004 " running on host and listening for incoming connections on 'socketpath'.\n" 2005 " Use group 'groupname' and mode 'octalmode' to change default\n" 2006 " ownership and permissions for communication port.\n" 2007#endif 2008#ifdef CONFIG_NETMAP 2009 "-netdev netmap,id=str,ifname=name[,devname=nmname]\n" 2010 " attach to the existing netmap-enabled network interface 'name', or to a\n" 2011 " VALE port (created on the fly) called 'name' ('nmname' is name of the \n" 2012 " netmap device, defaults to '/dev/netmap')\n" 2013#endif 2014 "-netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off]\n" 2015 " configure a vhost-user network, backed by a chardev 'dev'\n" 2016 "-netdev hubport,id=str,hubid=n\n" 2017 " configure a hub port on QEMU VLAN 'n'\n", QEMU_ARCH_ALL) 2018DEF("net", HAS_ARG, QEMU_OPTION_net, 2019 "-net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n" 2020 " old way to create a new NIC and connect it to VLAN 'n'\n" 2021 " (use the '-device devtype,netdev=str' option if possible instead)\n" 2022 "-net dump[,vlan=n][,file=f][,len=n]\n" 2023 " dump traffic on vlan 'n' to file 'f' (max n bytes per packet)\n" 2024 "-net none use it alone to have zero network devices. If no -net option\n" 2025 " is provided, the default is '-net nic -net user'\n" 2026 "-net [" 2027#ifdef CONFIG_SLIRP 2028 "user|" 2029#endif 2030 "tap|" 2031 "bridge|" 2032#ifdef CONFIG_VDE 2033 "vde|" 2034#endif 2035#ifdef CONFIG_NETMAP 2036 "netmap|" 2037#endif 2038 "socket][,vlan=n][,option][,option][,...]\n" 2039 " old way to initialize a host network interface\n" 2040 " (use the -netdev option if possible instead)\n", QEMU_ARCH_ALL) 2041STEXI 2042@item -net nic[,vlan=@var{n}][,macaddr=@var{mac}][,model=@var{type}] [,name=@var{name}][,addr=@var{addr}][,vectors=@var{v}] 2043@findex -net 2044Create a new Network Interface Card and connect it to VLAN @var{n} (@var{n} 2045= 0 is the default). The NIC is an e1000 by default on the PC 2046target. Optionally, the MAC address can be changed to @var{mac}, the 2047device address set to @var{addr} (PCI cards only), 2048and a @var{name} can be assigned for use in monitor commands. 2049Optionally, for PCI cards, you can specify the number @var{v} of MSI-X vectors 2050that the card should have; this option currently only affects virtio cards; set 2051@var{v} = 0 to disable MSI-X. If no @option{-net} option is specified, a single 2052NIC is created. QEMU can emulate several different models of network card. 2053Valid values for @var{type} are 2054@code{virtio}, @code{i82551}, @code{i82557b}, @code{i82559er}, 2055@code{ne2k_pci}, @code{ne2k_isa}, @code{pcnet}, @code{rtl8139}, 2056@code{e1000}, @code{smc91c111}, @code{lance} and @code{mcf_fec}. 2057Not all devices are supported on all targets. Use @code{-net nic,model=help} 2058for a list of available devices for your target. 2059 2060@item -netdev user,id=@var{id}[,@var{option}][,@var{option}][,...] 2061@findex -netdev 2062@item -net user[,@var{option}][,@var{option}][,...] 2063Use the user mode network stack which requires no administrator 2064privilege to run. Valid options are: 2065 2066@table @option 2067@item vlan=@var{n} 2068Connect user mode stack to VLAN @var{n} (@var{n} = 0 is the default). 2069 2070@item id=@var{id} 2071@itemx name=@var{name} 2072Assign symbolic name for use in monitor commands. 2073 2074@option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must 2075be enabled. If neither is specified both protocols are enabled. 2076 2077@item net=@var{addr}[/@var{mask}] 2078Set IP network address the guest will see. Optionally specify the netmask, 2079either in the form a.b.c.d or as number of valid top-most bits. Default is 208010.0.2.0/24. 2081 2082@item host=@var{addr} 2083Specify the guest-visible address of the host. Default is the 2nd IP in the 2084guest network, i.e. x.x.x.2. 2085 2086@item ipv6-net=@var{addr}[/@var{int}] 2087Set IPv6 network address the guest will see (default is fec0::/64). The 2088network prefix is given in the usual hexadecimal IPv6 address 2089notation. The prefix size is optional, and is given as the number of 2090valid top-most bits (default is 64). 2091 2092@item ipv6-host=@var{addr} 2093Specify the guest-visible IPv6 address of the host. Default is the 2nd IPv6 in 2094the guest network, i.e. xxxx::2. 2095 2096@item restrict=on|off 2097If this option is enabled, the guest will be isolated, i.e. it will not be 2098able to contact the host and no guest IP packets will be routed over the host 2099to the outside. This option does not affect any explicitly set forwarding rules. 2100 2101@item hostname=@var{name} 2102Specifies the client hostname reported by the built-in DHCP server. 2103 2104@item dhcpstart=@var{addr} 2105Specify the first of the 16 IPs the built-in DHCP server can assign. Default 2106is the 15th to 31st IP in the guest network, i.e. x.x.x.15 to x.x.x.31. 2107 2108@item dns=@var{addr} 2109Specify the guest-visible address of the virtual nameserver. The address must 2110be different from the host address. Default is the 3rd IP in the guest network, 2111i.e. x.x.x.3. 2112 2113@item ipv6-dns=@var{addr} 2114Specify the guest-visible address of the IPv6 virtual nameserver. The address 2115must be different from the host address. Default is the 3rd IP in the guest 2116network, i.e. xxxx::3. 2117 2118@item dnssearch=@var{domain} 2119Provides an entry for the domain-search list sent by the built-in 2120DHCP server. More than one domain suffix can be transmitted by specifying 2121this option multiple times. If supported, this will cause the guest to 2122automatically try to append the given domain suffix(es) in case a domain name 2123can not be resolved. 2124 2125Example: 2126@example 2127qemu -net user,dnssearch=mgmt.example.org,dnssearch=example.org [...] 2128@end example 2129 2130@item tftp=@var{dir} 2131When using the user mode network stack, activate a built-in TFTP 2132server. The files in @var{dir} will be exposed as the root of a TFTP server. 2133The TFTP client on the guest must be configured in binary mode (use the command 2134@code{bin} of the Unix TFTP client). 2135 2136@item bootfile=@var{file} 2137When using the user mode network stack, broadcast @var{file} as the BOOTP 2138filename. In conjunction with @option{tftp}, this can be used to network boot 2139a guest from a local directory. 2140 2141Example (using pxelinux): 2142@example 2143qemu-system-i386 -hda linux.img -boot n -net user,tftp=/path/to/tftp/files,bootfile=/pxelinux.0 2144@end example 2145 2146@item smb=@var{dir}[,smbserver=@var{addr}] 2147When using the user mode network stack, activate a built-in SMB 2148server so that Windows OSes can access to the host files in @file{@var{dir}} 2149transparently. The IP address of the SMB server can be set to @var{addr}. By 2150default the 4th IP in the guest network is used, i.e. x.x.x.4. 2151 2152In the guest Windows OS, the line: 2153@example 215410.0.2.4 smbserver 2155@end example 2156must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me) 2157or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000). 2158 2159Then @file{@var{dir}} can be accessed in @file{\\smbserver\qemu}. 2160 2161Note that a SAMBA server must be installed on the host OS. 2162QEMU was tested successfully with smbd versions from Red Hat 9, 2163Fedora Core 3 and OpenSUSE 11.x. 2164 2165@item hostfwd=[tcp|udp]:[@var{hostaddr}]:@var{hostport}-[@var{guestaddr}]:@var{guestport} 2166Redirect incoming TCP or UDP connections to the host port @var{hostport} to 2167the guest IP address @var{guestaddr} on guest port @var{guestport}. If 2168@var{guestaddr} is not specified, its value is x.x.x.15 (default first address 2169given by the built-in DHCP server). By specifying @var{hostaddr}, the rule can 2170be bound to a specific host interface. If no connection type is set, TCP is 2171used. This option can be given multiple times. 2172 2173For example, to redirect host X11 connection from screen 1 to guest 2174screen 0, use the following: 2175 2176@example 2177# on the host 2178qemu-system-i386 -net user,hostfwd=tcp:127.0.0.1:6001-:6000 [...] 2179# this host xterm should open in the guest X11 server 2180xterm -display :1 2181@end example 2182 2183To redirect telnet connections from host port 5555 to telnet port on 2184the guest, use the following: 2185 2186@example 2187# on the host 2188qemu-system-i386 -net user,hostfwd=tcp::5555-:23 [...] 2189telnet localhost 5555 2190@end example 2191 2192Then when you use on the host @code{telnet localhost 5555}, you 2193connect to the guest telnet server. 2194 2195@item guestfwd=[tcp]:@var{server}:@var{port}-@var{dev} 2196@itemx guestfwd=[tcp]:@var{server}:@var{port}-@var{cmd:command} 2197Forward guest TCP connections to the IP address @var{server} on port @var{port} 2198to the character device @var{dev} or to a program executed by @var{cmd:command} 2199which gets spawned for each connection. This option can be given multiple times. 2200 2201You can either use a chardev directly and have that one used throughout QEMU's 2202lifetime, like in the following example: 2203 2204@example 2205# open 10.10.1.1:4321 on bootup, connect 10.0.2.100:1234 to it whenever 2206# the guest accesses it 2207qemu -net user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321 [...] 2208@end example 2209 2210Or you can execute a command on every TCP connection established by the guest, 2211so that QEMU behaves similar to an inetd process for that virtual server: 2212 2213@example 2214# call "netcat 10.10.1.1 4321" on every TCP connection to 10.0.2.100:1234 2215# and connect the TCP stream to its stdin/stdout 2216qemu -net 'user,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321' 2217@end example 2218 2219@end table 2220 2221Note: Legacy stand-alone options -tftp, -bootp, -smb and -redir are still 2222processed and applied to -net user. Mixing them with the new configuration 2223syntax gives undefined results. Their use for new applications is discouraged 2224as they will be removed from future versions. 2225 2226@item -netdev tap,id=@var{id}[,fd=@var{h}][,ifname=@var{name}][,script=@var{file}][,downscript=@var{dfile}][,br=@var{bridge}][,helper=@var{helper}] 2227@itemx -net tap[,vlan=@var{n}][,name=@var{name}][,fd=@var{h}][,ifname=@var{name}][,script=@var{file}][,downscript=@var{dfile}][,br=@var{bridge}][,helper=@var{helper}] 2228Connect the host TAP network interface @var{name} to VLAN @var{n}. 2229 2230Use the network script @var{file} to configure it and the network script 2231@var{dfile} to deconfigure it. If @var{name} is not provided, the OS 2232automatically provides one. The default network configure script is 2233@file{/etc/qemu-ifup} and the default network deconfigure script is 2234@file{/etc/qemu-ifdown}. Use @option{script=no} or @option{downscript=no} 2235to disable script execution. 2236 2237If running QEMU as an unprivileged user, use the network helper 2238@var{helper} to configure the TAP interface and attach it to the bridge. 2239The default network helper executable is @file{/path/to/qemu-bridge-helper} 2240and the default bridge device is @file{br0}. 2241 2242@option{fd}=@var{h} can be used to specify the handle of an already 2243opened host TAP interface. 2244 2245Examples: 2246 2247@example 2248#launch a QEMU instance with the default network script 2249qemu-system-i386 linux.img -net nic -net tap 2250@end example 2251 2252@example 2253#launch a QEMU instance with two NICs, each one connected 2254#to a TAP device 2255qemu-system-i386 linux.img \ 2256 -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \ 2257 -net nic,vlan=1 -net tap,vlan=1,ifname=tap1 2258@end example 2259 2260@example 2261#launch a QEMU instance with the default network helper to 2262#connect a TAP device to bridge br0 2263qemu-system-i386 linux.img \ 2264 -net nic -net tap,"helper=/path/to/qemu-bridge-helper" 2265@end example 2266 2267@item -netdev bridge,id=@var{id}[,br=@var{bridge}][,helper=@var{helper}] 2268@itemx -net bridge[,vlan=@var{n}][,name=@var{name}][,br=@var{bridge}][,helper=@var{helper}] 2269Connect a host TAP network interface to a host bridge device. 2270 2271Use the network helper @var{helper} to configure the TAP interface and 2272attach it to the bridge. The default network helper executable is 2273@file{/path/to/qemu-bridge-helper} and the default bridge 2274device is @file{br0}. 2275 2276Examples: 2277 2278@example 2279#launch a QEMU instance with the default network helper to 2280#connect a TAP device to bridge br0 2281qemu-system-i386 linux.img -net bridge -net nic,model=virtio 2282@end example 2283 2284@example 2285#launch a QEMU instance with the default network helper to 2286#connect a TAP device to bridge qemubr0 2287qemu-system-i386 linux.img -net bridge,br=qemubr0 -net nic,model=virtio 2288@end example 2289 2290@item -netdev socket,id=@var{id}[,fd=@var{h}][,listen=[@var{host}]:@var{port}][,connect=@var{host}:@var{port}] 2291@itemx -net socket[,vlan=@var{n}][,name=@var{name}][,fd=@var{h}] [,listen=[@var{host}]:@var{port}][,connect=@var{host}:@var{port}] 2292 2293Connect the VLAN @var{n} to a remote VLAN in another QEMU virtual 2294machine using a TCP socket connection. If @option{listen} is 2295specified, QEMU waits for incoming connections on @var{port} 2296(@var{host} is optional). @option{connect} is used to connect to 2297another QEMU instance using the @option{listen} option. @option{fd}=@var{h} 2298specifies an already opened TCP socket. 2299 2300Example: 2301@example 2302# launch a first QEMU instance 2303qemu-system-i386 linux.img \ 2304 -net nic,macaddr=52:54:00:12:34:56 \ 2305 -net socket,listen=:1234 2306# connect the VLAN 0 of this instance to the VLAN 0 2307# of the first instance 2308qemu-system-i386 linux.img \ 2309 -net nic,macaddr=52:54:00:12:34:57 \ 2310 -net socket,connect=127.0.0.1:1234 2311@end example 2312 2313@item -netdev socket,id=@var{id}[,fd=@var{h}][,mcast=@var{maddr}:@var{port}[,localaddr=@var{addr}]] 2314@itemx -net socket[,vlan=@var{n}][,name=@var{name}][,fd=@var{h}][,mcast=@var{maddr}:@var{port}[,localaddr=@var{addr}]] 2315 2316Create a VLAN @var{n} shared with another QEMU virtual 2317machines using a UDP multicast socket, effectively making a bus for 2318every QEMU with same multicast address @var{maddr} and @var{port}. 2319NOTES: 2320@enumerate 2321@item 2322Several QEMU can be running on different hosts and share same bus (assuming 2323correct multicast setup for these hosts). 2324@item 2325mcast support is compatible with User Mode Linux (argument @option{eth@var{N}=mcast}), see 2326@url{http://user-mode-linux.sf.net}. 2327@item 2328Use @option{fd=h} to specify an already opened UDP multicast socket. 2329@end enumerate 2330 2331Example: 2332@example 2333# launch one QEMU instance 2334qemu-system-i386 linux.img \ 2335 -net nic,macaddr=52:54:00:12:34:56 \ 2336 -net socket,mcast=230.0.0.1:1234 2337# launch another QEMU instance on same "bus" 2338qemu-system-i386 linux.img \ 2339 -net nic,macaddr=52:54:00:12:34:57 \ 2340 -net socket,mcast=230.0.0.1:1234 2341# launch yet another QEMU instance on same "bus" 2342qemu-system-i386 linux.img \ 2343 -net nic,macaddr=52:54:00:12:34:58 \ 2344 -net socket,mcast=230.0.0.1:1234 2345@end example 2346 2347Example (User Mode Linux compat.): 2348@example 2349# launch QEMU instance (note mcast address selected 2350# is UML's default) 2351qemu-system-i386 linux.img \ 2352 -net nic,macaddr=52:54:00:12:34:56 \ 2353 -net socket,mcast=239.192.168.1:1102 2354# launch UML 2355/path/to/linux ubd0=/path/to/root_fs eth0=mcast 2356@end example 2357 2358Example (send packets from host's 1.2.3.4): 2359@example 2360qemu-system-i386 linux.img \ 2361 -net nic,macaddr=52:54:00:12:34:56 \ 2362 -net socket,mcast=239.192.168.1:1102,localaddr=1.2.3.4 2363@end example 2364 2365@item -netdev l2tpv3,id=@var{id},src=@var{srcaddr},dst=@var{dstaddr}[,srcport=@var{srcport}][,dstport=@var{dstport}],txsession=@var{txsession}[,rxsession=@var{rxsession}][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=@var{txcookie}][,rxcookie=@var{rxcookie}][,offset=@var{offset}] 2366@itemx -net l2tpv3[,vlan=@var{n}][,name=@var{name}],src=@var{srcaddr},dst=@var{dstaddr}[,srcport=@var{srcport}][,dstport=@var{dstport}],txsession=@var{txsession}[,rxsession=@var{rxsession}][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=@var{txcookie}][,rxcookie=@var{rxcookie}][,offset=@var{offset}] 2367Connect VLAN @var{n} to L2TPv3 pseudowire. L2TPv3 (RFC3391) is a popular 2368protocol to transport Ethernet (and other Layer 2) data frames between 2369two systems. It is present in routers, firewalls and the Linux kernel 2370(from version 3.3 onwards). 2371 2372This transport allows a VM to communicate to another VM, router or firewall directly. 2373 2374@item src=@var{srcaddr} 2375 source address (mandatory) 2376@item dst=@var{dstaddr} 2377 destination address (mandatory) 2378@item udp 2379 select udp encapsulation (default is ip). 2380@item srcport=@var{srcport} 2381 source udp port. 2382@item dstport=@var{dstport} 2383 destination udp port. 2384@item ipv6 2385 force v6, otherwise defaults to v4. 2386@item rxcookie=@var{rxcookie} 2387@itemx txcookie=@var{txcookie} 2388 Cookies are a weak form of security in the l2tpv3 specification. 2389Their function is mostly to prevent misconfiguration. By default they are 32 2390bit. 2391@item cookie64 2392 Set cookie size to 64 bit instead of the default 32 2393@item counter=off 2394 Force a 'cut-down' L2TPv3 with no counter as in 2395draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00 2396@item pincounter=on 2397 Work around broken counter handling in peer. This may also help on 2398networks which have packet reorder. 2399@item offset=@var{offset} 2400 Add an extra offset between header and data 2401 2402For example, to attach a VM running on host 4.3.2.1 via L2TPv3 to the bridge br-lan 2403on the remote Linux host 1.2.3.4: 2404@example 2405# Setup tunnel on linux host using raw ip as encapsulation 2406# on 1.2.3.4 2407ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \ 2408 encap udp udp_sport 16384 udp_dport 16384 2409ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \ 2410 0xFFFFFFFF peer_session_id 0xFFFFFFFF 2411ifconfig vmtunnel0 mtu 1500 2412ifconfig vmtunnel0 up 2413brctl addif br-lan vmtunnel0 2414 2415 2416# on 4.3.2.1 2417# launch QEMU instance - if your network has reorder or is very lossy add ,pincounter 2418 2419qemu-system-i386 linux.img -net nic -net l2tpv3,src=4.2.3.1,dst=1.2.3.4,udp,srcport=16384,dstport=16384,rxsession=0xffffffff,txsession=0xffffffff,counter 2420 2421 2422@end example 2423 2424@item -netdev vde,id=@var{id}[,sock=@var{socketpath}][,port=@var{n}][,group=@var{groupname}][,mode=@var{octalmode}] 2425@itemx -net vde[,vlan=@var{n}][,name=@var{name}][,sock=@var{socketpath}] [,port=@var{n}][,group=@var{groupname}][,mode=@var{octalmode}] 2426Connect VLAN @var{n} to PORT @var{n} of a vde switch running on host and 2427listening for incoming connections on @var{socketpath}. Use GROUP @var{groupname} 2428and MODE @var{octalmode} to change default ownership and permissions for 2429communication port. This option is only available if QEMU has been compiled 2430with vde support enabled. 2431 2432Example: 2433@example 2434# launch vde switch 2435vde_switch -F -sock /tmp/myswitch 2436# launch QEMU instance 2437qemu-system-i386 linux.img -net nic -net vde,sock=/tmp/myswitch 2438@end example 2439 2440@item -netdev hubport,id=@var{id},hubid=@var{hubid} 2441 2442Create a hub port on QEMU "vlan" @var{hubid}. 2443 2444The hubport netdev lets you connect a NIC to a QEMU "vlan" instead of a single 2445netdev. @code{-net} and @code{-device} with parameter @option{vlan} create the 2446required hub automatically. 2447 2448@item -netdev vhost-user,chardev=@var{id}[,vhostforce=on|off][,queues=n] 2449 2450Establish a vhost-user netdev, backed by a chardev @var{id}. The chardev should 2451be a unix domain socket backed one. The vhost-user uses a specifically defined 2452protocol to pass vhost ioctl replacement messages to an application on the other 2453end of the socket. On non-MSIX guests, the feature can be forced with 2454@var{vhostforce}. Use 'queues=@var{n}' to specify the number of queues to 2455be created for multiqueue vhost-user. 2456 2457Example: 2458@example 2459qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \ 2460 -numa node,memdev=mem \ 2461 -chardev socket,id=chr0,path=/path/to/socket \ 2462 -netdev type=vhost-user,id=net0,chardev=chr0 \ 2463 -device virtio-net-pci,netdev=net0 2464@end example 2465 2466@item -net dump[,vlan=@var{n}][,file=@var{file}][,len=@var{len}] 2467Dump network traffic on VLAN @var{n} to file @var{file} (@file{qemu-vlan0.pcap} by default). 2468At most @var{len} bytes (64k by default) per packet are stored. The file format is 2469libpcap, so it can be analyzed with tools such as tcpdump or Wireshark. 2470Note: For devices created with '-netdev', use '-object filter-dump,...' instead. 2471 2472@item -net none 2473Indicate that no network devices should be configured. It is used to 2474override the default configuration (@option{-net nic -net user}) which 2475is activated if no @option{-net} options are provided. 2476ETEXI 2477 2478STEXI 2479@end table 2480ETEXI 2481DEFHEADING() 2482 2483DEFHEADING(Character device options) 2484STEXI 2485 2486The general form of a character device option is: 2487@table @option 2488ETEXI 2489 2490DEF("chardev", HAS_ARG, QEMU_OPTION_chardev, 2491 "-chardev help\n" 2492 "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2493 "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4][,ipv6][,nodelay][,reconnect=seconds]\n" 2494 " [,server][,nowait][,telnet][,reconnect=seconds][,mux=on|off]\n" 2495 " [,logfile=PATH][,logappend=on|off][,tls-creds=ID] (tcp)\n" 2496 "-chardev socket,id=id,path=path[,server][,nowait][,telnet][,reconnect=seconds]\n" 2497 " [,mux=on|off][,logfile=PATH][,logappend=on|off] (unix)\n" 2498 "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n" 2499 " [,localport=localport][,ipv4][,ipv6][,mux=on|off]\n" 2500 " [,logfile=PATH][,logappend=on|off]\n" 2501 "-chardev msmouse,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2502 "-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]\n" 2503 " [,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2504 "-chardev ringbuf,id=id[,size=size][,logfile=PATH][,logappend=on|off]\n" 2505 "-chardev file,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2506 "-chardev pipe,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2507#ifdef _WIN32 2508 "-chardev console,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2509 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2510#else 2511 "-chardev pty,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2512 "-chardev stdio,id=id[,mux=on|off][,signal=on|off][,logfile=PATH][,logappend=on|off]\n" 2513#endif 2514#ifdef CONFIG_BRLAPI 2515 "-chardev braille,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2516#endif 2517#if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \ 2518 || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) 2519 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2520 "-chardev tty,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2521#endif 2522#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) 2523 "-chardev parallel,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2524 "-chardev parport,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 2525#endif 2526#if defined(CONFIG_SPICE) 2527 "-chardev spicevmc,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n" 2528 "-chardev spiceport,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n" 2529#endif 2530 , QEMU_ARCH_ALL 2531) 2532 2533STEXI 2534@item -chardev @var{backend} ,id=@var{id} [,mux=on|off] [,@var{options}] 2535@findex -chardev 2536Backend is one of: 2537@option{null}, 2538@option{socket}, 2539@option{udp}, 2540@option{msmouse}, 2541@option{vc}, 2542@option{ringbuf}, 2543@option{file}, 2544@option{pipe}, 2545@option{console}, 2546@option{serial}, 2547@option{pty}, 2548@option{stdio}, 2549@option{braille}, 2550@option{tty}, 2551@option{parallel}, 2552@option{parport}, 2553@option{spicevmc}. 2554@option{spiceport}. 2555The specific backend will determine the applicable options. 2556 2557Use "-chardev help" to print all available chardev backend types. 2558 2559All devices must have an id, which can be any string up to 127 characters long. 2560It is used to uniquely identify this device in other command line directives. 2561 2562A character device may be used in multiplexing mode by multiple front-ends. 2563Specify @option{mux=on} to enable this mode. 2564A multiplexer is a "1:N" device, and here the "1" end is your specified chardev 2565backend, and the "N" end is the various parts of QEMU that can talk to a chardev. 2566If you create a chardev with @option{id=myid} and @option{mux=on}, QEMU will 2567create a multiplexer with your specified ID, and you can then configure multiple 2568front ends to use that chardev ID for their input/output. Up to four different 2569front ends can be connected to a single multiplexed chardev. (Without 2570multiplexing enabled, a chardev can only be used by a single front end.) 2571For instance you could use this to allow a single stdio chardev to be used by 2572two serial ports and the QEMU monitor: 2573 2574@example 2575-chardev stdio,mux=on,id=char0 \ 2576-mon chardev=char0,mode=readline \ 2577-serial chardev:char0 \ 2578-serial chardev:char0 2579@end example 2580 2581You can have more than one multiplexer in a system configuration; for instance 2582you could have a TCP port multiplexed between UART 0 and UART 1, and stdio 2583multiplexed between the QEMU monitor and a parallel port: 2584 2585@example 2586-chardev stdio,mux=on,id=char0 \ 2587-mon chardev=char0,mode=readline \ 2588-parallel chardev:char0 \ 2589-chardev tcp,...,mux=on,id=char1 \ 2590-serial chardev:char1 \ 2591-serial chardev:char1 2592@end example 2593 2594When you're using a multiplexed character device, some escape sequences are 2595interpreted in the input. @xref{mux_keys, Keys in the character backend 2596multiplexer}. 2597 2598Note that some other command line options may implicitly create multiplexed 2599character backends; for instance @option{-serial mon:stdio} creates a 2600multiplexed stdio backend connected to the serial port and the QEMU monitor, 2601and @option{-nographic} also multiplexes the console and the monitor to 2602stdio. 2603 2604There is currently no support for multiplexing in the other direction 2605(where a single QEMU front end takes input and output from multiple chardevs). 2606 2607Every backend supports the @option{logfile} option, which supplies the path 2608to a file to record all data transmitted via the backend. The @option{logappend} 2609option controls whether the log file will be truncated or appended to when 2610opened. 2611 2612Further options to each backend are described below. 2613 2614@item -chardev null ,id=@var{id} 2615A void device. This device will not emit any data, and will drop any data it 2616receives. The null backend does not take any options. 2617 2618@item -chardev socket ,id=@var{id} [@var{TCP options} or @var{unix options}] [,server] [,nowait] [,telnet] [,reconnect=@var{seconds}] [,tls-creds=@var{id}] 2619 2620Create a two-way stream socket, which can be either a TCP or a unix socket. A 2621unix socket will be created if @option{path} is specified. Behaviour is 2622undefined if TCP options are specified for a unix socket. 2623 2624@option{server} specifies that the socket shall be a listening socket. 2625 2626@option{nowait} specifies that QEMU should not block waiting for a client to 2627connect to a listening socket. 2628 2629@option{telnet} specifies that traffic on the socket should interpret telnet 2630escape sequences. 2631 2632@option{reconnect} sets the timeout for reconnecting on non-server sockets when 2633the remote end goes away. qemu will delay this many seconds and then attempt 2634to reconnect. Zero disables reconnecting, and is the default. 2635 2636@option{tls-creds} requests enablement of the TLS protocol for encryption, 2637and specifies the id of the TLS credentials to use for the handshake. The 2638credentials must be previously created with the @option{-object tls-creds} 2639argument. 2640 2641TCP and unix socket options are given below: 2642 2643@table @option 2644 2645@item TCP options: port=@var{port} [,host=@var{host}] [,to=@var{to}] [,ipv4] [,ipv6] [,nodelay] 2646 2647@option{host} for a listening socket specifies the local address to be bound. 2648For a connecting socket species the remote host to connect to. @option{host} is 2649optional for listening sockets. If not specified it defaults to @code{0.0.0.0}. 2650 2651@option{port} for a listening socket specifies the local port to be bound. For a 2652connecting socket specifies the port on the remote host to connect to. 2653@option{port} can be given as either a port number or a service name. 2654@option{port} is required. 2655 2656@option{to} is only relevant to listening sockets. If it is specified, and 2657@option{port} cannot be bound, QEMU will attempt to bind to subsequent ports up 2658to and including @option{to} until it succeeds. @option{to} must be specified 2659as a port number. 2660 2661@option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must be used. 2662If neither is specified the socket may use either protocol. 2663 2664@option{nodelay} disables the Nagle algorithm. 2665 2666@item unix options: path=@var{path} 2667 2668@option{path} specifies the local path of the unix socket. @option{path} is 2669required. 2670 2671@end table 2672 2673@item -chardev udp ,id=@var{id} [,host=@var{host}] ,port=@var{port} [,localaddr=@var{localaddr}] [,localport=@var{localport}] [,ipv4] [,ipv6] 2674 2675Sends all traffic from the guest to a remote host over UDP. 2676 2677@option{host} specifies the remote host to connect to. If not specified it 2678defaults to @code{localhost}. 2679 2680@option{port} specifies the port on the remote host to connect to. @option{port} 2681is required. 2682 2683@option{localaddr} specifies the local address to bind to. If not specified it 2684defaults to @code{0.0.0.0}. 2685 2686@option{localport} specifies the local port to bind to. If not specified any 2687available local port will be used. 2688 2689@option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must be used. 2690If neither is specified the device may use either protocol. 2691 2692@item -chardev msmouse ,id=@var{id} 2693 2694Forward QEMU's emulated msmouse events to the guest. @option{msmouse} does not 2695take any options. 2696 2697@item -chardev vc ,id=@var{id} [[,width=@var{width}] [,height=@var{height}]] [[,cols=@var{cols}] [,rows=@var{rows}]] 2698 2699Connect to a QEMU text console. @option{vc} may optionally be given a specific 2700size. 2701 2702@option{width} and @option{height} specify the width and height respectively of 2703the console, in pixels. 2704 2705@option{cols} and @option{rows} specify that the console be sized to fit a text 2706console with the given dimensions. 2707 2708@item -chardev ringbuf ,id=@var{id} [,size=@var{size}] 2709 2710Create a ring buffer with fixed size @option{size}. 2711@var{size} must be a power of two and defaults to @code{64K}. 2712 2713@item -chardev file ,id=@var{id} ,path=@var{path} 2714 2715Log all traffic received from the guest to a file. 2716 2717@option{path} specifies the path of the file to be opened. This file will be 2718created if it does not already exist, and overwritten if it does. @option{path} 2719is required. 2720 2721@item -chardev pipe ,id=@var{id} ,path=@var{path} 2722 2723Create a two-way connection to the guest. The behaviour differs slightly between 2724Windows hosts and other hosts: 2725 2726On Windows, a single duplex pipe will be created at 2727@file{\\.pipe\@option{path}}. 2728 2729On other hosts, 2 pipes will be created called @file{@option{path}.in} and 2730@file{@option{path}.out}. Data written to @file{@option{path}.in} will be 2731received by the guest. Data written by the guest can be read from 2732@file{@option{path}.out}. QEMU will not create these fifos, and requires them to 2733be present. 2734 2735@option{path} forms part of the pipe path as described above. @option{path} is 2736required. 2737 2738@item -chardev console ,id=@var{id} 2739 2740Send traffic from the guest to QEMU's standard output. @option{console} does not 2741take any options. 2742 2743@option{console} is only available on Windows hosts. 2744 2745@item -chardev serial ,id=@var{id} ,path=@option{path} 2746 2747Send traffic from the guest to a serial device on the host. 2748 2749On Unix hosts serial will actually accept any tty device, 2750not only serial lines. 2751 2752@option{path} specifies the name of the serial device to open. 2753 2754@item -chardev pty ,id=@var{id} 2755 2756Create a new pseudo-terminal on the host and connect to it. @option{pty} does 2757not take any options. 2758 2759@option{pty} is not available on Windows hosts. 2760 2761@item -chardev stdio ,id=@var{id} [,signal=on|off] 2762Connect to standard input and standard output of the QEMU process. 2763 2764@option{signal} controls if signals are enabled on the terminal, that includes 2765exiting QEMU with the key sequence @key{Control-c}. This option is enabled by 2766default, use @option{signal=off} to disable it. 2767 2768@item -chardev braille ,id=@var{id} 2769 2770Connect to a local BrlAPI server. @option{braille} does not take any options. 2771 2772@item -chardev tty ,id=@var{id} ,path=@var{path} 2773 2774@option{tty} is only available on Linux, Sun, FreeBSD, NetBSD, OpenBSD and 2775DragonFlyBSD hosts. It is an alias for @option{serial}. 2776 2777@option{path} specifies the path to the tty. @option{path} is required. 2778 2779@item -chardev parallel ,id=@var{id} ,path=@var{path} 2780@itemx -chardev parport ,id=@var{id} ,path=@var{path} 2781 2782@option{parallel} is only available on Linux, FreeBSD and DragonFlyBSD hosts. 2783 2784Connect to a local parallel port. 2785 2786@option{path} specifies the path to the parallel port device. @option{path} is 2787required. 2788 2789@item -chardev spicevmc ,id=@var{id} ,debug=@var{debug}, name=@var{name} 2790 2791@option{spicevmc} is only available when spice support is built in. 2792 2793@option{debug} debug level for spicevmc 2794 2795@option{name} name of spice channel to connect to 2796 2797Connect to a spice virtual machine channel, such as vdiport. 2798 2799@item -chardev spiceport ,id=@var{id} ,debug=@var{debug}, name=@var{name} 2800 2801@option{spiceport} is only available when spice support is built in. 2802 2803@option{debug} debug level for spicevmc 2804 2805@option{name} name of spice port to connect to 2806 2807Connect to a spice port, allowing a Spice client to handle the traffic 2808identified by a name (preferably a fqdn). 2809ETEXI 2810 2811STEXI 2812@end table 2813ETEXI 2814DEFHEADING() 2815 2816DEFHEADING(Device URL Syntax) 2817STEXI 2818 2819In addition to using normal file images for the emulated storage devices, 2820QEMU can also use networked resources such as iSCSI devices. These are 2821specified using a special URL syntax. 2822 2823@table @option 2824@item iSCSI 2825iSCSI support allows QEMU to access iSCSI resources directly and use as 2826images for the guest storage. Both disk and cdrom images are supported. 2827 2828Syntax for specifying iSCSI LUNs is 2829``iscsi://<target-ip>[:<port>]/<target-iqn>/<lun>'' 2830 2831By default qemu will use the iSCSI initiator-name 2832'iqn.2008-11.org.linux-kvm[:<name>]' but this can also be set from the command 2833line or a configuration file. 2834 2835Since version Qemu 2.4 it is possible to specify a iSCSI request timeout to detect 2836stalled requests and force a reestablishment of the session. The timeout 2837is specified in seconds. The default is 0 which means no timeout. Libiscsi 28381.15.0 or greater is required for this feature. 2839 2840Example (without authentication): 2841@example 2842qemu-system-i386 -iscsi initiator-name=iqn.2001-04.com.example:my-initiator \ 2843 -cdrom iscsi://192.0.2.1/iqn.2001-04.com.example/2 \ 2844 -drive file=iscsi://192.0.2.1/iqn.2001-04.com.example/1 2845@end example 2846 2847Example (CHAP username/password via URL): 2848@example 2849qemu-system-i386 -drive file=iscsi://user%password@@192.0.2.1/iqn.2001-04.com.example/1 2850@end example 2851 2852Example (CHAP username/password via environment variables): 2853@example 2854LIBISCSI_CHAP_USERNAME="user" \ 2855LIBISCSI_CHAP_PASSWORD="password" \ 2856qemu-system-i386 -drive file=iscsi://192.0.2.1/iqn.2001-04.com.example/1 2857@end example 2858 2859iSCSI support is an optional feature of QEMU and only available when 2860compiled and linked against libiscsi. 2861ETEXI 2862DEF("iscsi", HAS_ARG, QEMU_OPTION_iscsi, 2863 "-iscsi [user=user][,password=password]\n" 2864 " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE\n" 2865 " [,initiator-name=initiator-iqn][,id=target-iqn]\n" 2866 " [,timeout=timeout]\n" 2867 " iSCSI session parameters\n", QEMU_ARCH_ALL) 2868STEXI 2869 2870iSCSI parameters such as username and password can also be specified via 2871a configuration file. See qemu-doc for more information and examples. 2872 2873@item NBD 2874QEMU supports NBD (Network Block Devices) both using TCP protocol as well 2875as Unix Domain Sockets. 2876 2877Syntax for specifying a NBD device using TCP 2878``nbd:<server-ip>:<port>[:exportname=<export>]'' 2879 2880Syntax for specifying a NBD device using Unix Domain Sockets 2881``nbd:unix:<domain-socket>[:exportname=<export>]'' 2882 2883 2884Example for TCP 2885@example 2886qemu-system-i386 --drive file=nbd:192.0.2.1:30000 2887@end example 2888 2889Example for Unix Domain Sockets 2890@example 2891qemu-system-i386 --drive file=nbd:unix:/tmp/nbd-socket 2892@end example 2893 2894@item SSH 2895QEMU supports SSH (Secure Shell) access to remote disks. 2896 2897Examples: 2898@example 2899qemu-system-i386 -drive file=ssh://user@@host/path/to/disk.img 2900qemu-system-i386 -drive file.driver=ssh,file.user=user,file.host=host,file.port=22,file.path=/path/to/disk.img 2901@end example 2902 2903Currently authentication must be done using ssh-agent. Other 2904authentication methods may be supported in future. 2905 2906@item Sheepdog 2907Sheepdog is a distributed storage system for QEMU. 2908QEMU supports using either local sheepdog devices or remote networked 2909devices. 2910 2911Syntax for specifying a sheepdog device 2912@example 2913sheepdog[+tcp|+unix]://[host:port]/vdiname[?socket=path][#snapid|#tag] 2914@end example 2915 2916Example 2917@example 2918qemu-system-i386 --drive file=sheepdog://192.0.2.1:30000/MyVirtualMachine 2919@end example 2920 2921See also @url{https://sheepdog.github.io/sheepdog/}. 2922 2923@item GlusterFS 2924GlusterFS is a user space distributed file system. 2925QEMU supports the use of GlusterFS volumes for hosting VM disk images using 2926TCP, Unix Domain Sockets and RDMA transport protocols. 2927 2928Syntax for specifying a VM disk image on GlusterFS volume is 2929@example 2930 2931URI: 2932gluster[+type]://[host[:port]]/volume/path[?socket=...][,debug=N][,logfile=...] 2933 2934JSON: 2935'json:@{"driver":"qcow2","file":@{"driver":"gluster","volume":"testvol","path":"a.img","debug":N,"logfile":"...", 2936@ "server":[@{"type":"tcp","host":"...","port":"..."@}, 2937@ @{"type":"unix","socket":"..."@}]@}@}' 2938@end example 2939 2940 2941Example 2942@example 2943URI: 2944qemu-system-x86_64 --drive file=gluster://192.0.2.1/testvol/a.img, 2945@ file.debug=9,file.logfile=/var/log/qemu-gluster.log 2946 2947JSON: 2948qemu-system-x86_64 'json:@{"driver":"qcow2", 2949@ "file":@{"driver":"gluster", 2950@ "volume":"testvol","path":"a.img", 2951@ "debug":9,"logfile":"/var/log/qemu-gluster.log", 2952@ "server":[@{"type":"tcp","host":"1.2.3.4","port":24007@}, 2953@ @{"type":"unix","socket":"/var/run/glusterd.socket"@}]@}@}' 2954qemu-system-x86_64 -drive driver=qcow2,file.driver=gluster,file.volume=testvol,file.path=/path/a.img, 2955@ file.debug=9,file.logfile=/var/log/qemu-gluster.log, 2956@ file.server.0.type=tcp,file.server.0.host=1.2.3.4,file.server.0.port=24007, 2957@ file.server.1.type=unix,file.server.1.socket=/var/run/glusterd.socket 2958@end example 2959 2960See also @url{http://www.gluster.org}. 2961 2962@item HTTP/HTTPS/FTP/FTPS 2963QEMU supports read-only access to files accessed over http(s) and ftp(s). 2964 2965Syntax using a single filename: 2966@example 2967<protocol>://[<username>[:<password>]@@]<host>/<path> 2968@end example 2969 2970where: 2971@table @option 2972@item protocol 2973'http', 'https', 'ftp', or 'ftps'. 2974 2975@item username 2976Optional username for authentication to the remote server. 2977 2978@item password 2979Optional password for authentication to the remote server. 2980 2981@item host 2982Address of the remote server. 2983 2984@item path 2985Path on the remote server, including any query string. 2986@end table 2987 2988The following options are also supported: 2989@table @option 2990@item url 2991The full URL when passing options to the driver explicitly. 2992 2993@item readahead 2994The amount of data to read ahead with each range request to the remote server. 2995This value may optionally have the suffix 'T', 'G', 'M', 'K', 'k' or 'b'. If it 2996does not have a suffix, it will be assumed to be in bytes. The value must be a 2997multiple of 512 bytes. It defaults to 256k. 2998 2999@item sslverify 3000Whether to verify the remote server's certificate when connecting over SSL. It 3001can have the value 'on' or 'off'. It defaults to 'on'. 3002 3003@item cookie 3004Send this cookie (it can also be a list of cookies separated by ';') with 3005each outgoing request. Only supported when using protocols such as HTTP 3006which support cookies, otherwise ignored. 3007 3008@item timeout 3009Set the timeout in seconds of the CURL connection. This timeout is the time 3010that CURL waits for a response from the remote server to get the size of the 3011image to be downloaded. If not set, the default timeout of 5 seconds is used. 3012@end table 3013 3014Note that when passing options to qemu explicitly, @option{driver} is the value 3015of <protocol>. 3016 3017Example: boot from a remote Fedora 20 live ISO image 3018@example 3019qemu-system-x86_64 --drive media=cdrom,file=http://dl.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso,readonly 3020 3021qemu-system-x86_64 --drive media=cdrom,file.driver=http,file.url=http://dl.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso,readonly 3022@end example 3023 3024Example: boot from a remote Fedora 20 cloud image using a local overlay for 3025writes, copy-on-read, and a readahead of 64k 3026@example 3027qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"http",, "file.url":"https://dl.fedoraproject.org/pub/fedora/linux/releases/20/Images/x86_64/Fedora-x86_64-20-20131211.1-sda.qcow2",, "file.readahead":"64k"@}' /tmp/Fedora-x86_64-20-20131211.1-sda.qcow2 3028 3029qemu-system-x86_64 -drive file=/tmp/Fedora-x86_64-20-20131211.1-sda.qcow2,copy-on-read=on 3030@end example 3031 3032Example: boot from an image stored on a VMware vSphere server with a self-signed 3033certificate using a local overlay for writes, a readahead of 64k and a timeout 3034of 10 seconds. 3035@example 3036qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k",, "file.timeout":10@}' /tmp/test.qcow2 3037 3038qemu-system-x86_64 -drive file=/tmp/test.qcow2 3039@end example 3040ETEXI 3041 3042STEXI 3043@end table 3044ETEXI 3045 3046DEFHEADING(Bluetooth(R) options) 3047STEXI 3048@table @option 3049ETEXI 3050 3051DEF("bt", HAS_ARG, QEMU_OPTION_bt, \ 3052 "-bt hci,null dumb bluetooth HCI - doesn't respond to commands\n" \ 3053 "-bt hci,host[:id]\n" \ 3054 " use host's HCI with the given name\n" \ 3055 "-bt hci[,vlan=n]\n" \ 3056 " emulate a standard HCI in virtual scatternet 'n'\n" \ 3057 "-bt vhci[,vlan=n]\n" \ 3058 " add host computer to virtual scatternet 'n' using VHCI\n" \ 3059 "-bt device:dev[,vlan=n]\n" \ 3060 " emulate a bluetooth device 'dev' in scatternet 'n'\n", 3061 QEMU_ARCH_ALL) 3062STEXI 3063@item -bt hci[...] 3064@findex -bt 3065Defines the function of the corresponding Bluetooth HCI. -bt options 3066are matched with the HCIs present in the chosen machine type. For 3067example when emulating a machine with only one HCI built into it, only 3068the first @code{-bt hci[...]} option is valid and defines the HCI's 3069logic. The Transport Layer is decided by the machine type. Currently 3070the machines @code{n800} and @code{n810} have one HCI and all other 3071machines have none. 3072 3073@anchor{bt-hcis} 3074The following three types are recognized: 3075 3076@table @option 3077@item -bt hci,null 3078(default) The corresponding Bluetooth HCI assumes no internal logic 3079and will not respond to any HCI commands or emit events. 3080 3081@item -bt hci,host[:@var{id}] 3082(@code{bluez} only) The corresponding HCI passes commands / events 3083to / from the physical HCI identified by the name @var{id} (default: 3084@code{hci0}) on the computer running QEMU. Only available on @code{bluez} 3085capable systems like Linux. 3086 3087@item -bt hci[,vlan=@var{n}] 3088Add a virtual, standard HCI that will participate in the Bluetooth 3089scatternet @var{n} (default @code{0}). Similarly to @option{-net} 3090VLANs, devices inside a bluetooth network @var{n} can only communicate 3091with other devices in the same network (scatternet). 3092@end table 3093 3094@item -bt vhci[,vlan=@var{n}] 3095(Linux-host only) Create a HCI in scatternet @var{n} (default 0) attached 3096to the host bluetooth stack instead of to the emulated target. This 3097allows the host and target machines to participate in a common scatternet 3098and communicate. Requires the Linux @code{vhci} driver installed. Can 3099be used as following: 3100 3101@example 3102qemu-system-i386 [...OPTIONS...] -bt hci,vlan=5 -bt vhci,vlan=5 3103@end example 3104 3105@item -bt device:@var{dev}[,vlan=@var{n}] 3106Emulate a bluetooth device @var{dev} and place it in network @var{n} 3107(default @code{0}). QEMU can only emulate one type of bluetooth devices 3108currently: 3109 3110@table @option 3111@item keyboard 3112Virtual wireless keyboard implementing the HIDP bluetooth profile. 3113@end table 3114ETEXI 3115 3116STEXI 3117@end table 3118ETEXI 3119DEFHEADING() 3120 3121#ifdef CONFIG_TPM 3122DEFHEADING(TPM device options) 3123 3124DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \ 3125 "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n" 3126 " use path to provide path to a character device; default is /dev/tpm0\n" 3127 " use cancel-path to provide path to TPM's cancel sysfs entry; if\n" 3128 " not provided it will be searched for in /sys/class/misc/tpm?/device\n" 3129 "-tpmdev emulator,id=id,chardev=dev\n" 3130 " configure the TPM device using chardev backend\n", 3131 QEMU_ARCH_ALL) 3132STEXI 3133 3134The general form of a TPM device option is: 3135@table @option 3136 3137@item -tpmdev @var{backend} ,id=@var{id} [,@var{options}] 3138@findex -tpmdev 3139Backend type must be either one of the following: 3140@option{passthrough}, @option{emulator}. 3141 3142The specific backend type will determine the applicable options. 3143The @code{-tpmdev} option creates the TPM backend and requires a 3144@code{-device} option that specifies the TPM frontend interface model. 3145 3146Options to each backend are described below. 3147 3148Use 'help' to print all available TPM backend types. 3149@example 3150qemu -tpmdev help 3151@end example 3152 3153@item -tpmdev passthrough, id=@var{id}, path=@var{path}, cancel-path=@var{cancel-path} 3154 3155(Linux-host only) Enable access to the host's TPM using the passthrough 3156driver. 3157 3158@option{path} specifies the path to the host's TPM device, i.e., on 3159a Linux host this would be @code{/dev/tpm0}. 3160@option{path} is optional and by default @code{/dev/tpm0} is used. 3161 3162@option{cancel-path} specifies the path to the host TPM device's sysfs 3163entry allowing for cancellation of an ongoing TPM command. 3164@option{cancel-path} is optional and by default QEMU will search for the 3165sysfs entry to use. 3166 3167Some notes about using the host's TPM with the passthrough driver: 3168 3169The TPM device accessed by the passthrough driver must not be 3170used by any other application on the host. 3171 3172Since the host's firmware (BIOS/UEFI) has already initialized the TPM, 3173the VM's firmware (BIOS/UEFI) will not be able to initialize the 3174TPM again and may therefore not show a TPM-specific menu that would 3175otherwise allow the user to configure the TPM, e.g., allow the user to 3176enable/disable or activate/deactivate the TPM. 3177Further, if TPM ownership is released from within a VM then the host's TPM 3178will get disabled and deactivated. To enable and activate the 3179TPM again afterwards, the host has to be rebooted and the user is 3180required to enter the firmware's menu to enable and activate the TPM. 3181If the TPM is left disabled and/or deactivated most TPM commands will fail. 3182 3183To create a passthrough TPM use the following two options: 3184@example 3185-tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0 3186@end example 3187Note that the @code{-tpmdev} id is @code{tpm0} and is referenced by 3188@code{tpmdev=tpm0} in the device option. 3189 3190@item -tpmdev emulator, id=@var{id}, chardev=@var{dev} 3191 3192(Linux-host only) Enable access to a TPM emulator using Unix domain socket based 3193chardev backend. 3194 3195@option{chardev} specifies the unique ID of a character device backend that provides connection to the software TPM server. 3196 3197To create a TPM emulator backend device with chardev socket backend: 3198@example 3199 3200-chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 3201 3202@end example 3203 3204@end table 3205 3206ETEXI 3207 3208DEFHEADING() 3209 3210#endif 3211 3212DEFHEADING(Linux/Multiboot boot specific) 3213STEXI 3214 3215When using these options, you can use a given Linux or Multiboot 3216kernel without installing it in the disk image. It can be useful 3217for easier testing of various kernels. 3218 3219@table @option 3220ETEXI 3221 3222DEF("kernel", HAS_ARG, QEMU_OPTION_kernel, \ 3223 "-kernel bzImage use 'bzImage' as kernel image\n", QEMU_ARCH_ALL) 3224STEXI 3225@item -kernel @var{bzImage} 3226@findex -kernel 3227Use @var{bzImage} as kernel image. The kernel can be either a Linux kernel 3228or in multiboot format. 3229ETEXI 3230 3231DEF("append", HAS_ARG, QEMU_OPTION_append, \ 3232 "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL) 3233STEXI 3234@item -append @var{cmdline} 3235@findex -append 3236Use @var{cmdline} as kernel command line 3237ETEXI 3238 3239DEF("initrd", HAS_ARG, QEMU_OPTION_initrd, \ 3240 "-initrd file use 'file' as initial ram disk\n", QEMU_ARCH_ALL) 3241STEXI 3242@item -initrd @var{file} 3243@findex -initrd 3244Use @var{file} as initial ram disk. 3245 3246@item -initrd "@var{file1} arg=foo,@var{file2}" 3247 3248This syntax is only available with multiboot. 3249 3250Use @var{file1} and @var{file2} as modules and pass arg=foo as parameter to the 3251first module. 3252ETEXI 3253 3254DEF("dtb", HAS_ARG, QEMU_OPTION_dtb, \ 3255 "-dtb file use 'file' as device tree image\n", QEMU_ARCH_ALL) 3256STEXI 3257@item -dtb @var{file} 3258@findex -dtb 3259Use @var{file} as a device tree binary (dtb) image and pass it to the kernel 3260on boot. 3261ETEXI 3262 3263STEXI 3264@end table 3265ETEXI 3266DEFHEADING() 3267 3268DEFHEADING(Debug/Expert options) 3269STEXI 3270@table @option 3271ETEXI 3272 3273DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg, 3274 "-fw_cfg [name=]<name>,file=<file>\n" 3275 " add named fw_cfg entry with contents from file\n" 3276 "-fw_cfg [name=]<name>,string=<str>\n" 3277 " add named fw_cfg entry with contents from string\n", 3278 QEMU_ARCH_ALL) 3279STEXI 3280 3281@item -fw_cfg [name=]@var{name},file=@var{file} 3282@findex -fw_cfg 3283Add named fw_cfg entry with contents from file @var{file}. 3284 3285@item -fw_cfg [name=]@var{name},string=@var{str} 3286Add named fw_cfg entry with contents from string @var{str}. 3287 3288The terminating NUL character of the contents of @var{str} will not be 3289included as part of the fw_cfg item data. To insert contents with 3290embedded NUL characters, you have to use the @var{file} parameter. 3291 3292The fw_cfg entries are passed by QEMU through to the guest. 3293 3294Example: 3295@example 3296 -fw_cfg name=opt/com.mycompany/blob,file=./my_blob.bin 3297@end example 3298creates an fw_cfg entry named opt/com.mycompany/blob with contents 3299from ./my_blob.bin. 3300 3301ETEXI 3302 3303DEF("serial", HAS_ARG, QEMU_OPTION_serial, \ 3304 "-serial dev redirect the serial port to char device 'dev'\n", 3305 QEMU_ARCH_ALL) 3306STEXI 3307@item -serial @var{dev} 3308@findex -serial 3309Redirect the virtual serial port to host character device 3310@var{dev}. The default device is @code{vc} in graphical mode and 3311@code{stdio} in non graphical mode. 3312 3313This option can be used several times to simulate up to 4 serial 3314ports. 3315 3316Use @code{-serial none} to disable all serial ports. 3317 3318Available character devices are: 3319@table @option 3320@item vc[:@var{W}x@var{H}] 3321Virtual console. Optionally, a width and height can be given in pixel with 3322@example 3323vc:800x600 3324@end example 3325It is also possible to specify width or height in characters: 3326@example 3327vc:80Cx24C 3328@end example 3329@item pty 3330[Linux only] Pseudo TTY (a new PTY is automatically allocated) 3331@item none 3332No device is allocated. 3333@item null 3334void device 3335@item chardev:@var{id} 3336Use a named character device defined with the @code{-chardev} option. 3337@item /dev/XXX 3338[Linux only] Use host tty, e.g. @file{/dev/ttyS0}. The host serial port 3339parameters are set according to the emulated ones. 3340@item /dev/parport@var{N} 3341[Linux only, parallel port only] Use host parallel port 3342@var{N}. Currently SPP and EPP parallel port features can be used. 3343@item file:@var{filename} 3344Write output to @var{filename}. No character can be read. 3345@item stdio 3346[Unix only] standard input/output 3347@item pipe:@var{filename} 3348name pipe @var{filename} 3349@item COM@var{n} 3350[Windows only] Use host serial port @var{n} 3351@item udp:[@var{remote_host}]:@var{remote_port}[@@[@var{src_ip}]:@var{src_port}] 3352This implements UDP Net Console. 3353When @var{remote_host} or @var{src_ip} are not specified 3354they default to @code{0.0.0.0}. 3355When not using a specified @var{src_port} a random port is automatically chosen. 3356 3357If you just want a simple readonly console you can use @code{netcat} or 3358@code{nc}, by starting QEMU with: @code{-serial udp::4555} and nc as: 3359@code{nc -u -l -p 4555}. Any time QEMU writes something to that port it 3360will appear in the netconsole session. 3361 3362If you plan to send characters back via netconsole or you want to stop 3363and start QEMU a lot of times, you should have QEMU use the same 3364source port each time by using something like @code{-serial 3365udp::4555@@:4556} to QEMU. Another approach is to use a patched 3366version of netcat which can listen to a TCP port and send and receive 3367characters via udp. If you have a patched version of netcat which 3368activates telnet remote echo and single char transfer, then you can 3369use the following options to set up a netcat redirector to allow 3370telnet on port 5555 to access the QEMU port. 3371@table @code 3372@item QEMU Options: 3373-serial udp::4555@@:4556 3374@item netcat options: 3375-u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T 3376@item telnet options: 3377localhost 5555 3378@end table 3379 3380@item tcp:[@var{host}]:@var{port}[,@var{server}][,nowait][,nodelay][,reconnect=@var{seconds}] 3381The TCP Net Console has two modes of operation. It can send the serial 3382I/O to a location or wait for a connection from a location. By default 3383the TCP Net Console is sent to @var{host} at the @var{port}. If you use 3384the @var{server} option QEMU will wait for a client socket application 3385to connect to the port before continuing, unless the @code{nowait} 3386option was specified. The @code{nodelay} option disables the Nagle buffering 3387algorithm. The @code{reconnect} option only applies if @var{noserver} is 3388set, if the connection goes down it will attempt to reconnect at the 3389given interval. If @var{host} is omitted, 0.0.0.0 is assumed. Only 3390one TCP connection at a time is accepted. You can use @code{telnet} to 3391connect to the corresponding character device. 3392@table @code 3393@item Example to send tcp console to 192.168.0.2 port 4444 3394-serial tcp:192.168.0.2:4444 3395@item Example to listen and wait on port 4444 for connection 3396-serial tcp::4444,server 3397@item Example to not wait and listen on ip 192.168.0.100 port 4444 3398-serial tcp:192.168.0.100:4444,server,nowait 3399@end table 3400 3401@item telnet:@var{host}:@var{port}[,server][,nowait][,nodelay] 3402The telnet protocol is used instead of raw tcp sockets. The options 3403work the same as if you had specified @code{-serial tcp}. The 3404difference is that the port acts like a telnet server or client using 3405telnet option negotiation. This will also allow you to send the 3406MAGIC_SYSRQ sequence if you use a telnet that supports sending the break 3407sequence. Typically in unix telnet you do it with Control-] and then 3408type "send break" followed by pressing the enter key. 3409 3410@item unix:@var{path}[,server][,nowait][,reconnect=@var{seconds}] 3411A unix domain socket is used instead of a tcp socket. The option works the 3412same as if you had specified @code{-serial tcp} except the unix domain socket 3413@var{path} is used for connections. 3414 3415@item mon:@var{dev_string} 3416This is a special option to allow the monitor to be multiplexed onto 3417another serial port. The monitor is accessed with key sequence of 3418@key{Control-a} and then pressing @key{c}. 3419@var{dev_string} should be any one of the serial devices specified 3420above. An example to multiplex the monitor onto a telnet server 3421listening on port 4444 would be: 3422@table @code 3423@item -serial mon:telnet::4444,server,nowait 3424@end table 3425When the monitor is multiplexed to stdio in this way, Ctrl+C will not terminate 3426QEMU any more but will be passed to the guest instead. 3427 3428@item braille 3429Braille device. This will use BrlAPI to display the braille output on a real 3430or fake device. 3431 3432@item msmouse 3433Three button serial mouse. Configure the guest to use Microsoft protocol. 3434@end table 3435ETEXI 3436 3437DEF("parallel", HAS_ARG, QEMU_OPTION_parallel, \ 3438 "-parallel dev redirect the parallel port to char device 'dev'\n", 3439 QEMU_ARCH_ALL) 3440STEXI 3441@item -parallel @var{dev} 3442@findex -parallel 3443Redirect the virtual parallel port to host device @var{dev} (same 3444devices as the serial port). On Linux hosts, @file{/dev/parportN} can 3445be used to use hardware devices connected on the corresponding host 3446parallel port. 3447 3448This option can be used several times to simulate up to 3 parallel 3449ports. 3450 3451Use @code{-parallel none} to disable all parallel ports. 3452ETEXI 3453 3454DEF("monitor", HAS_ARG, QEMU_OPTION_monitor, \ 3455 "-monitor dev redirect the monitor to char device 'dev'\n", 3456 QEMU_ARCH_ALL) 3457STEXI 3458@item -monitor @var{dev} 3459@findex -monitor 3460Redirect the monitor to host device @var{dev} (same devices as the 3461serial port). 3462The default device is @code{vc} in graphical mode and @code{stdio} in 3463non graphical mode. 3464Use @code{-monitor none} to disable the default monitor. 3465ETEXI 3466DEF("qmp", HAS_ARG, QEMU_OPTION_qmp, \ 3467 "-qmp dev like -monitor but opens in 'control' mode\n", 3468 QEMU_ARCH_ALL) 3469STEXI 3470@item -qmp @var{dev} 3471@findex -qmp 3472Like -monitor but opens in 'control' mode. 3473ETEXI 3474DEF("qmp-pretty", HAS_ARG, QEMU_OPTION_qmp_pretty, \ 3475 "-qmp-pretty dev like -qmp but uses pretty JSON formatting\n", 3476 QEMU_ARCH_ALL) 3477STEXI 3478@item -qmp-pretty @var{dev} 3479@findex -qmp-pretty 3480Like -qmp but uses pretty JSON formatting. 3481ETEXI 3482 3483DEF("mon", HAS_ARG, QEMU_OPTION_mon, \ 3484 "-mon [chardev=]name[,mode=readline|control]\n", QEMU_ARCH_ALL) 3485STEXI 3486@item -mon [chardev=]name[,mode=readline|control] 3487@findex -mon 3488Setup monitor on chardev @var{name}. 3489ETEXI 3490 3491DEF("debugcon", HAS_ARG, QEMU_OPTION_debugcon, \ 3492 "-debugcon dev redirect the debug console to char device 'dev'\n", 3493 QEMU_ARCH_ALL) 3494STEXI 3495@item -debugcon @var{dev} 3496@findex -debugcon 3497Redirect the debug console to host device @var{dev} (same devices as the 3498serial port). The debug console is an I/O port which is typically port 34990xe9; writing to that I/O port sends output to this device. 3500The default device is @code{vc} in graphical mode and @code{stdio} in 3501non graphical mode. 3502ETEXI 3503 3504DEF("pidfile", HAS_ARG, QEMU_OPTION_pidfile, \ 3505 "-pidfile file write PID to 'file'\n", QEMU_ARCH_ALL) 3506STEXI 3507@item -pidfile @var{file} 3508@findex -pidfile 3509Store the QEMU process PID in @var{file}. It is useful if you launch QEMU 3510from a script. 3511ETEXI 3512 3513DEF("singlestep", 0, QEMU_OPTION_singlestep, \ 3514 "-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL) 3515STEXI 3516@item -singlestep 3517@findex -singlestep 3518Run the emulation in single step mode. 3519ETEXI 3520 3521DEF("S", 0, QEMU_OPTION_S, \ 3522 "-S freeze CPU at startup (use 'c' to start execution)\n", 3523 QEMU_ARCH_ALL) 3524STEXI 3525@item -S 3526@findex -S 3527Do not start CPU at startup (you must type 'c' in the monitor). 3528ETEXI 3529 3530DEF("realtime", HAS_ARG, QEMU_OPTION_realtime, 3531 "-realtime [mlock=on|off]\n" 3532 " run qemu with realtime features\n" 3533 " mlock=on|off controls mlock support (default: on)\n", 3534 QEMU_ARCH_ALL) 3535STEXI 3536@item -realtime mlock=on|off 3537@findex -realtime 3538Run qemu with realtime features. 3539mlocking qemu and guest memory can be enabled via @option{mlock=on} 3540(enabled by default). 3541ETEXI 3542 3543DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \ 3544 "-gdb dev wait for gdb connection on 'dev'\n", QEMU_ARCH_ALL) 3545STEXI 3546@item -gdb @var{dev} 3547@findex -gdb 3548Wait for gdb connection on device @var{dev} (@pxref{gdb_usage}). Typical 3549connections will likely be TCP-based, but also UDP, pseudo TTY, or even 3550stdio are reasonable use case. The latter is allowing to start QEMU from 3551within gdb and establish the connection via a pipe: 3552@example 3553(gdb) target remote | exec qemu-system-i386 -gdb stdio ... 3554@end example 3555ETEXI 3556 3557DEF("s", 0, QEMU_OPTION_s, \ 3558 "-s shorthand for -gdb tcp::" DEFAULT_GDBSTUB_PORT "\n", 3559 QEMU_ARCH_ALL) 3560STEXI 3561@item -s 3562@findex -s 3563Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234 3564(@pxref{gdb_usage}). 3565ETEXI 3566 3567DEF("d", HAS_ARG, QEMU_OPTION_d, \ 3568 "-d item1,... enable logging of specified items (use '-d help' for a list of log items)\n", 3569 QEMU_ARCH_ALL) 3570STEXI 3571@item -d @var{item1}[,...] 3572@findex -d 3573Enable logging of specified items. Use '-d help' for a list of log items. 3574ETEXI 3575 3576DEF("D", HAS_ARG, QEMU_OPTION_D, \ 3577 "-D logfile output log to logfile (default stderr)\n", 3578 QEMU_ARCH_ALL) 3579STEXI 3580@item -D @var{logfile} 3581@findex -D 3582Output log in @var{logfile} instead of to stderr 3583ETEXI 3584 3585DEF("dfilter", HAS_ARG, QEMU_OPTION_DFILTER, \ 3586 "-dfilter range,.. filter debug output to range of addresses (useful for -d cpu,exec,etc..)\n", 3587 QEMU_ARCH_ALL) 3588STEXI 3589@item -dfilter @var{range1}[,...] 3590@findex -dfilter 3591Filter debug output to that relevant to a range of target addresses. The filter 3592spec can be either @var{start}+@var{size}, @var{start}-@var{size} or 3593@var{start}..@var{end} where @var{start} @var{end} and @var{size} are the 3594addresses and sizes required. For example: 3595@example 3596 -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,0xffffffc000060000-0x1000 3597@end example 3598Will dump output for any code in the 0x1000 sized block starting at 0x8000 and 3599the 0x200 sized block starting at 0xffffffc000080000 and another 0x1000 sized 3600block starting at 0xffffffc00005f000. 3601ETEXI 3602 3603DEF("L", HAS_ARG, QEMU_OPTION_L, \ 3604 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n", 3605 QEMU_ARCH_ALL) 3606STEXI 3607@item -L @var{path} 3608@findex -L 3609Set the directory for the BIOS, VGA BIOS and keymaps. 3610 3611To list all the data directories, use @code{-L help}. 3612ETEXI 3613 3614DEF("bios", HAS_ARG, QEMU_OPTION_bios, \ 3615 "-bios file set the filename for the BIOS\n", QEMU_ARCH_ALL) 3616STEXI 3617@item -bios @var{file} 3618@findex -bios 3619Set the filename for the BIOS. 3620ETEXI 3621 3622DEF("enable-kvm", 0, QEMU_OPTION_enable_kvm, \ 3623 "-enable-kvm enable KVM full virtualization support\n", QEMU_ARCH_ALL) 3624STEXI 3625@item -enable-kvm 3626@findex -enable-kvm 3627Enable KVM full virtualization support. This option is only available 3628if KVM support is enabled when compiling. 3629ETEXI 3630 3631DEF("enable-hax", 0, QEMU_OPTION_enable_hax, \ 3632 "-enable-hax enable HAX virtualization support\n", QEMU_ARCH_I386) 3633STEXI 3634@item -enable-hax 3635@findex -enable-hax 3636Enable HAX (Hardware-based Acceleration eXecution) support. This option 3637is only available if HAX support is enabled when compiling. HAX is only 3638applicable to MAC and Windows platform, and thus does not conflict with 3639KVM. 3640ETEXI 3641 3642DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid, 3643 "-xen-domid id specify xen guest domain id\n", QEMU_ARCH_ALL) 3644DEF("xen-create", 0, QEMU_OPTION_xen_create, 3645 "-xen-create create domain using xen hypercalls, bypassing xend\n" 3646 " warning: should not be used when xend is in use\n", 3647 QEMU_ARCH_ALL) 3648DEF("xen-attach", 0, QEMU_OPTION_xen_attach, 3649 "-xen-attach attach to existing xen domain\n" 3650 " xend will use this when starting QEMU\n", 3651 QEMU_ARCH_ALL) 3652DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict, 3653 "-xen-domid-restrict restrict set of available xen operations\n" 3654 " to specified domain id. (Does not affect\n" 3655 " xenpv machine type).\n", 3656 QEMU_ARCH_ALL) 3657STEXI 3658@item -xen-domid @var{id} 3659@findex -xen-domid 3660Specify xen guest domain @var{id} (XEN only). 3661@item -xen-create 3662@findex -xen-create 3663Create domain using xen hypercalls, bypassing xend. 3664Warning: should not be used when xend is in use (XEN only). 3665@item -xen-attach 3666@findex -xen-attach 3667Attach to existing xen domain. 3668xend will use this when starting QEMU (XEN only). 3669@findex -xen-domid-restrict 3670Restrict set of available xen operations to specified domain id (XEN only). 3671ETEXI 3672 3673DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \ 3674 "-no-reboot exit instead of rebooting\n", QEMU_ARCH_ALL) 3675STEXI 3676@item -no-reboot 3677@findex -no-reboot 3678Exit instead of rebooting. 3679ETEXI 3680 3681DEF("no-shutdown", 0, QEMU_OPTION_no_shutdown, \ 3682 "-no-shutdown stop before shutdown\n", QEMU_ARCH_ALL) 3683STEXI 3684@item -no-shutdown 3685@findex -no-shutdown 3686Don't exit QEMU on guest shutdown, but instead only stop the emulation. 3687This allows for instance switching to monitor to commit changes to the 3688disk image. 3689ETEXI 3690 3691DEF("loadvm", HAS_ARG, QEMU_OPTION_loadvm, \ 3692 "-loadvm [tag|id]\n" \ 3693 " start right away with a saved state (loadvm in monitor)\n", 3694 QEMU_ARCH_ALL) 3695STEXI 3696@item -loadvm @var{file} 3697@findex -loadvm 3698Start right away with a saved state (@code{loadvm} in monitor) 3699ETEXI 3700 3701#ifndef _WIN32 3702DEF("daemonize", 0, QEMU_OPTION_daemonize, \ 3703 "-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL) 3704#endif 3705STEXI 3706@item -daemonize 3707@findex -daemonize 3708Daemonize the QEMU process after initialization. QEMU will not detach from 3709standard IO until it is ready to receive connections on any of its devices. 3710This option is a useful way for external programs to launch QEMU without having 3711to cope with initialization race conditions. 3712ETEXI 3713 3714DEF("option-rom", HAS_ARG, QEMU_OPTION_option_rom, \ 3715 "-option-rom rom load a file, rom, into the option ROM space\n", 3716 QEMU_ARCH_ALL) 3717STEXI 3718@item -option-rom @var{file} 3719@findex -option-rom 3720Load the contents of @var{file} as an option ROM. 3721This option is useful to load things like EtherBoot. 3722ETEXI 3723 3724HXCOMM Silently ignored for compatibility 3725DEF("clock", HAS_ARG, QEMU_OPTION_clock, "", QEMU_ARCH_ALL) 3726 3727HXCOMM Options deprecated by -rtc 3728DEF("localtime", 0, QEMU_OPTION_localtime, "", QEMU_ARCH_ALL) 3729DEF("startdate", HAS_ARG, QEMU_OPTION_startdate, "", QEMU_ARCH_ALL) 3730 3731DEF("rtc", HAS_ARG, QEMU_OPTION_rtc, \ 3732 "-rtc [base=utc|localtime|date][,clock=host|rt|vm][,driftfix=none|slew]\n" \ 3733 " set the RTC base and clock, enable drift fix for clock ticks (x86 only)\n", 3734 QEMU_ARCH_ALL) 3735 3736STEXI 3737 3738@item -rtc [base=utc|localtime|@var{date}][,clock=host|vm][,driftfix=none|slew] 3739@findex -rtc 3740Specify @option{base} as @code{utc} or @code{localtime} to let the RTC start at the current 3741UTC or local time, respectively. @code{localtime} is required for correct date in 3742MS-DOS or Windows. To start at a specific point in time, provide @var{date} in the 3743format @code{2006-06-17T16:01:21} or @code{2006-06-17}. The default base is UTC. 3744 3745By default the RTC is driven by the host system time. This allows using of the 3746RTC as accurate reference clock inside the guest, specifically if the host 3747time is smoothly following an accurate external reference clock, e.g. via NTP. 3748If you want to isolate the guest time from the host, you can set @option{clock} 3749to @code{rt} instead. To even prevent it from progressing during suspension, 3750you can set it to @code{vm}. 3751 3752Enable @option{driftfix} (i386 targets only) if you experience time drift problems, 3753specifically with Windows' ACPI HAL. This option will try to figure out how 3754many timer interrupts were not processed by the Windows guest and will 3755re-inject them. 3756ETEXI 3757 3758DEF("icount", HAS_ARG, QEMU_OPTION_icount, \ 3759 "-icount [shift=N|auto][,align=on|off][,sleep=on|off,rr=record|replay,rrfile=<filename>,rrsnapshot=<snapshot>]\n" \ 3760 " enable virtual instruction counter with 2^N clock ticks per\n" \ 3761 " instruction, enable aligning the host and virtual clocks\n" \ 3762 " or disable real time cpu sleeping\n", QEMU_ARCH_ALL) 3763STEXI 3764@item -icount [shift=@var{N}|auto][,rr=record|replay,rrfile=@var{filename},rrsnapshot=@var{snapshot}] 3765@findex -icount 3766Enable virtual instruction counter. The virtual cpu will execute one 3767instruction every 2^@var{N} ns of virtual time. If @code{auto} is specified 3768then the virtual cpu speed will be automatically adjusted to keep virtual 3769time within a few seconds of real time. 3770 3771When the virtual cpu is sleeping, the virtual time will advance at default 3772speed unless @option{sleep=on|off} is specified. 3773With @option{sleep=on|off}, the virtual time will jump to the next timer deadline 3774instantly whenever the virtual cpu goes to sleep mode and will not advance 3775if no timer is enabled. This behavior give deterministic execution times from 3776the guest point of view. 3777 3778Note that while this option can give deterministic behavior, it does not 3779provide cycle accurate emulation. Modern CPUs contain superscalar out of 3780order cores with complex cache hierarchies. The number of instructions 3781executed often has little or no correlation with actual performance. 3782 3783@option{align=on} will activate the delay algorithm which will try 3784to synchronise the host clock and the virtual clock. The goal is to 3785have a guest running at the real frequency imposed by the shift option. 3786Whenever the guest clock is behind the host clock and if 3787@option{align=on} is specified then we print a message to the user 3788to inform about the delay. 3789Currently this option does not work when @option{shift} is @code{auto}. 3790Note: The sync algorithm will work for those shift values for which 3791the guest clock runs ahead of the host clock. Typically this happens 3792when the shift value is high (how high depends on the host machine). 3793 3794When @option{rr} option is specified deterministic record/replay is enabled. 3795Replay log is written into @var{filename} file in record mode and 3796read from this file in replay mode. 3797 3798Option rrsnapshot is used to create new vm snapshot named @var{snapshot} 3799at the start of execution recording. In replay mode this option is used 3800to load the initial VM state. 3801ETEXI 3802 3803DEF("watchdog", HAS_ARG, QEMU_OPTION_watchdog, \ 3804 "-watchdog model\n" \ 3805 " enable virtual hardware watchdog [default=none]\n", 3806 QEMU_ARCH_ALL) 3807STEXI 3808@item -watchdog @var{model} 3809@findex -watchdog 3810Create a virtual hardware watchdog device. Once enabled (by a guest 3811action), the watchdog must be periodically polled by an agent inside 3812the guest or else the guest will be restarted. Choose a model for 3813which your guest has drivers. 3814 3815The @var{model} is the model of hardware watchdog to emulate. Use 3816@code{-watchdog help} to list available hardware models. Only one 3817watchdog can be enabled for a guest. 3818 3819The following models may be available: 3820@table @option 3821@item ib700 3822iBASE 700 is a very simple ISA watchdog with a single timer. 3823@item i6300esb 3824Intel 6300ESB I/O controller hub is a much more featureful PCI-based 3825dual-timer watchdog. 3826@item diag288 3827A virtual watchdog for s390x backed by the diagnose 288 hypercall 3828(currently KVM only). 3829@end table 3830ETEXI 3831 3832DEF("watchdog-action", HAS_ARG, QEMU_OPTION_watchdog_action, \ 3833 "-watchdog-action reset|shutdown|poweroff|pause|debug|none\n" \ 3834 " action when watchdog fires [default=reset]\n", 3835 QEMU_ARCH_ALL) 3836STEXI 3837@item -watchdog-action @var{action} 3838@findex -watchdog-action 3839 3840The @var{action} controls what QEMU will do when the watchdog timer 3841expires. 3842The default is 3843@code{reset} (forcefully reset the guest). 3844Other possible actions are: 3845@code{shutdown} (attempt to gracefully shutdown the guest), 3846@code{poweroff} (forcefully poweroff the guest), 3847@code{pause} (pause the guest), 3848@code{debug} (print a debug message and continue), or 3849@code{none} (do nothing). 3850 3851Note that the @code{shutdown} action requires that the guest responds 3852to ACPI signals, which it may not be able to do in the sort of 3853situations where the watchdog would have expired, and thus 3854@code{-watchdog-action shutdown} is not recommended for production use. 3855 3856Examples: 3857 3858@table @code 3859@item -watchdog i6300esb -watchdog-action pause 3860@itemx -watchdog ib700 3861@end table 3862ETEXI 3863 3864DEF("echr", HAS_ARG, QEMU_OPTION_echr, \ 3865 "-echr chr set terminal escape character instead of ctrl-a\n", 3866 QEMU_ARCH_ALL) 3867STEXI 3868 3869@item -echr @var{numeric_ascii_value} 3870@findex -echr 3871Change the escape character used for switching to the monitor when using 3872monitor and serial sharing. The default is @code{0x01} when using the 3873@code{-nographic} option. @code{0x01} is equal to pressing 3874@code{Control-a}. You can select a different character from the ascii 3875control keys where 1 through 26 map to Control-a through Control-z. For 3876instance you could use the either of the following to change the escape 3877character to Control-t. 3878@table @code 3879@item -echr 0x14 3880@itemx -echr 20 3881@end table 3882ETEXI 3883 3884DEF("virtioconsole", HAS_ARG, QEMU_OPTION_virtiocon, \ 3885 "-virtioconsole c\n" \ 3886 " set virtio console\n", QEMU_ARCH_ALL) 3887STEXI 3888@item -virtioconsole @var{c} 3889@findex -virtioconsole 3890Set virtio console. 3891 3892This option is maintained for backward compatibility. 3893 3894Please use @code{-device virtconsole} for the new way of invocation. 3895ETEXI 3896 3897DEF("show-cursor", 0, QEMU_OPTION_show_cursor, \ 3898 "-show-cursor show cursor\n", QEMU_ARCH_ALL) 3899STEXI 3900@item -show-cursor 3901@findex -show-cursor 3902Show cursor. 3903ETEXI 3904 3905DEF("tb-size", HAS_ARG, QEMU_OPTION_tb_size, \ 3906 "-tb-size n set TB size\n", QEMU_ARCH_ALL) 3907STEXI 3908@item -tb-size @var{n} 3909@findex -tb-size 3910Set TB size. 3911ETEXI 3912 3913DEF("incoming", HAS_ARG, QEMU_OPTION_incoming, \ 3914 "-incoming tcp:[host]:port[,to=maxport][,ipv4][,ipv6]\n" \ 3915 "-incoming rdma:host:port[,ipv4][,ipv6]\n" \ 3916 "-incoming unix:socketpath\n" \ 3917 " prepare for incoming migration, listen on\n" \ 3918 " specified protocol and socket address\n" \ 3919 "-incoming fd:fd\n" \ 3920 "-incoming exec:cmdline\n" \ 3921 " accept incoming migration on given file descriptor\n" \ 3922 " or from given external command\n" \ 3923 "-incoming defer\n" \ 3924 " wait for the URI to be specified via migrate_incoming\n", 3925 QEMU_ARCH_ALL) 3926STEXI 3927@item -incoming tcp:[@var{host}]:@var{port}[,to=@var{maxport}][,ipv4][,ipv6] 3928@itemx -incoming rdma:@var{host}:@var{port}[,ipv4][,ipv6] 3929@findex -incoming 3930Prepare for incoming migration, listen on a given tcp port. 3931 3932@item -incoming unix:@var{socketpath} 3933Prepare for incoming migration, listen on a given unix socket. 3934 3935@item -incoming fd:@var{fd} 3936Accept incoming migration from a given filedescriptor. 3937 3938@item -incoming exec:@var{cmdline} 3939Accept incoming migration as an output from specified external command. 3940 3941@item -incoming defer 3942Wait for the URI to be specified via migrate_incoming. The monitor can 3943be used to change settings (such as migration parameters) prior to issuing 3944the migrate_incoming to allow the migration to begin. 3945ETEXI 3946 3947DEF("only-migratable", 0, QEMU_OPTION_only_migratable, \ 3948 "-only-migratable allow only migratable devices\n", QEMU_ARCH_ALL) 3949STEXI 3950@item -only-migratable 3951@findex -only-migratable 3952Only allow migratable devices. Devices will not be allowed to enter an 3953unmigratable state. 3954ETEXI 3955 3956DEF("nodefaults", 0, QEMU_OPTION_nodefaults, \ 3957 "-nodefaults don't create default devices\n", QEMU_ARCH_ALL) 3958STEXI 3959@item -nodefaults 3960@findex -nodefaults 3961Don't create default devices. Normally, QEMU sets the default devices like serial 3962port, parallel port, virtual console, monitor device, VGA adapter, floppy and 3963CD-ROM drive and others. The @code{-nodefaults} option will disable all those 3964default devices. 3965ETEXI 3966 3967#ifndef _WIN32 3968DEF("chroot", HAS_ARG, QEMU_OPTION_chroot, \ 3969 "-chroot dir chroot to dir just before starting the VM\n", 3970 QEMU_ARCH_ALL) 3971#endif 3972STEXI 3973@item -chroot @var{dir} 3974@findex -chroot 3975Immediately before starting guest execution, chroot to the specified 3976directory. Especially useful in combination with -runas. 3977ETEXI 3978 3979#ifndef _WIN32 3980DEF("runas", HAS_ARG, QEMU_OPTION_runas, \ 3981 "-runas user change to user id user just before starting the VM\n", 3982 QEMU_ARCH_ALL) 3983#endif 3984STEXI 3985@item -runas @var{user} 3986@findex -runas 3987Immediately before starting guest execution, drop root privileges, switching 3988to the specified user. 3989ETEXI 3990 3991DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env, 3992 "-prom-env variable=value\n" 3993 " set OpenBIOS nvram variables\n", 3994 QEMU_ARCH_PPC | QEMU_ARCH_SPARC) 3995STEXI 3996@item -prom-env @var{variable}=@var{value} 3997@findex -prom-env 3998Set OpenBIOS nvram @var{variable} to given @var{value} (PPC, SPARC only). 3999ETEXI 4000DEF("semihosting", 0, QEMU_OPTION_semihosting, 4001 "-semihosting semihosting mode\n", 4002 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 | 4003 QEMU_ARCH_MIPS) 4004STEXI 4005@item -semihosting 4006@findex -semihosting 4007Enable semihosting mode (ARM, M68K, Xtensa, MIPS only). 4008ETEXI 4009DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config, 4010 "-semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]]\n" \ 4011 " semihosting configuration\n", 4012QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 | 4013QEMU_ARCH_MIPS) 4014STEXI 4015@item -semihosting-config [enable=on|off][,target=native|gdb|auto][,arg=str[,...]] 4016@findex -semihosting-config 4017Enable and configure semihosting (ARM, M68K, Xtensa, MIPS only). 4018@table @option 4019@item target=@code{native|gdb|auto} 4020Defines where the semihosting calls will be addressed, to QEMU (@code{native}) 4021or to GDB (@code{gdb}). The default is @code{auto}, which means @code{gdb} 4022during debug sessions and @code{native} otherwise. 4023@item arg=@var{str1},arg=@var{str2},... 4024Allows the user to pass input arguments, and can be used multiple times to build 4025up a list. The old-style @code{-kernel}/@code{-append} method of passing a 4026command line is still supported for backward compatibility. If both the 4027@code{--semihosting-config arg} and the @code{-kernel}/@code{-append} are 4028specified, the former is passed to semihosting as it always takes precedence. 4029@end table 4030ETEXI 4031DEF("old-param", 0, QEMU_OPTION_old_param, 4032 "-old-param old param mode\n", QEMU_ARCH_ARM) 4033STEXI 4034@item -old-param 4035@findex -old-param (ARM) 4036Old param mode (ARM only). 4037ETEXI 4038 4039DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \ 4040 "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \ 4041 " [,spawn=allow|deny][,resourcecontrol=allow|deny]\n" \ 4042 " Enable seccomp mode 2 system call filter (default 'off').\n" \ 4043 " use 'obsolete' to allow obsolete system calls that are provided\n" \ 4044 " by the kernel, but typically no longer used by modern\n" \ 4045 " C library implementations.\n" \ 4046 " use 'elevateprivileges' to allow or deny QEMU process to elevate\n" \ 4047 " its privileges by blacklisting all set*uid|gid system calls.\n" \ 4048 " The value 'children' will deny set*uid|gid system calls for\n" \ 4049 " main QEMU process but will allow forks and execves to run unprivileged\n" \ 4050 " use 'spawn' to avoid QEMU to spawn new threads or processes by\n" \ 4051 " blacklisting *fork and execve\n" \ 4052 " use 'resourcecontrol' to disable process affinity and schedular priority\n", 4053 QEMU_ARCH_ALL) 4054STEXI 4055@item -sandbox @var{arg}[,obsolete=@var{string}][,elevateprivileges=@var{string}][,spawn=@var{string}][,resourcecontrol=@var{string}] 4056@findex -sandbox 4057Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering and 'off' will 4058disable it. The default is 'off'. 4059@table @option 4060@item obsolete=@var{string} 4061Enable Obsolete system calls 4062@item elevateprivileges=@var{string} 4063Disable set*uid|gid system calls 4064@item spawn=@var{string} 4065Disable *fork and execve 4066@item resourcecontrol=@var{string} 4067Disable process affinity and schedular priority 4068@end table 4069ETEXI 4070 4071DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig, 4072 "-readconfig <file>\n", QEMU_ARCH_ALL) 4073STEXI 4074@item -readconfig @var{file} 4075@findex -readconfig 4076Read device configuration from @var{file}. This approach is useful when you want to spawn 4077QEMU process with many command line options but you don't want to exceed the command line 4078character limit. 4079ETEXI 4080DEF("writeconfig", HAS_ARG, QEMU_OPTION_writeconfig, 4081 "-writeconfig <file>\n" 4082 " read/write config file\n", QEMU_ARCH_ALL) 4083STEXI 4084@item -writeconfig @var{file} 4085@findex -writeconfig 4086Write device configuration to @var{file}. The @var{file} can be either filename to save 4087command line and device configuration into file or dash @code{-}) character to print the 4088output to stdout. This can be later used as input file for @code{-readconfig} option. 4089ETEXI 4090HXCOMM Deprecated, same as -no-user-config 4091DEF("nodefconfig", 0, QEMU_OPTION_nodefconfig, "", QEMU_ARCH_ALL) 4092DEF("no-user-config", 0, QEMU_OPTION_nouserconfig, 4093 "-no-user-config\n" 4094 " do not load default user-provided config files at startup\n", 4095 QEMU_ARCH_ALL) 4096STEXI 4097@item -no-user-config 4098@findex -no-user-config 4099The @code{-no-user-config} option makes QEMU not load any of the user-provided 4100config files on @var{sysconfdir}. 4101ETEXI 4102DEF("trace", HAS_ARG, QEMU_OPTION_trace, 4103 "-trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n" 4104 " specify tracing options\n", 4105 QEMU_ARCH_ALL) 4106STEXI 4107HXCOMM This line is not accurate, as some sub-options are backend-specific but 4108HXCOMM HX does not support conditional compilation of text. 4109@item -trace [[enable=]@var{pattern}][,events=@var{file}][,file=@var{file}] 4110@findex -trace 4111@include qemu-option-trace.texi 4112ETEXI 4113 4114HXCOMM Internal use 4115DEF("qtest", HAS_ARG, QEMU_OPTION_qtest, "", QEMU_ARCH_ALL) 4116DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL) 4117 4118#ifdef __linux__ 4119DEF("enable-fips", 0, QEMU_OPTION_enablefips, 4120 "-enable-fips enable FIPS 140-2 compliance\n", 4121 QEMU_ARCH_ALL) 4122#endif 4123STEXI 4124@item -enable-fips 4125@findex -enable-fips 4126Enable FIPS 140-2 compliance mode. 4127ETEXI 4128 4129HXCOMM Deprecated by -machine accel=tcg property 4130DEF("no-kvm", 0, QEMU_OPTION_no_kvm, "", QEMU_ARCH_I386) 4131 4132HXCOMM Deprecated by kvm-pit driver properties 4133DEF("no-kvm-pit-reinjection", 0, QEMU_OPTION_no_kvm_pit_reinjection, 4134 "", QEMU_ARCH_I386) 4135 4136HXCOMM Deprecated (ignored) 4137DEF("no-kvm-pit", 0, QEMU_OPTION_no_kvm_pit, "", QEMU_ARCH_I386) 4138 4139HXCOMM Deprecated by -machine kernel_irqchip=on|off property 4140DEF("no-kvm-irqchip", 0, QEMU_OPTION_no_kvm_irqchip, "", QEMU_ARCH_I386) 4141 4142HXCOMM Deprecated (ignored) 4143DEF("tdf", 0, QEMU_OPTION_tdf,"", QEMU_ARCH_ALL) 4144 4145DEF("msg", HAS_ARG, QEMU_OPTION_msg, 4146 "-msg timestamp[=on|off]\n" 4147 " change the format of messages\n" 4148 " on|off controls leading timestamps (default:on)\n", 4149 QEMU_ARCH_ALL) 4150STEXI 4151@item -msg timestamp[=on|off] 4152@findex -msg 4153prepend a timestamp to each log message.(default:on) 4154ETEXI 4155 4156DEF("dump-vmstate", HAS_ARG, QEMU_OPTION_dump_vmstate, 4157 "-dump-vmstate <file>\n" 4158 " Output vmstate information in JSON format to file.\n" 4159 " Use the scripts/vmstate-static-checker.py file to\n" 4160 " check for possible regressions in migration code\n" 4161 " by comparing two such vmstate dumps.\n", 4162 QEMU_ARCH_ALL) 4163STEXI 4164@item -dump-vmstate @var{file} 4165@findex -dump-vmstate 4166Dump json-encoded vmstate information for current machine type to file 4167in @var{file} 4168ETEXI 4169 4170STEXI 4171@end table 4172ETEXI 4173DEFHEADING() 4174DEFHEADING(Generic object creation) 4175STEXI 4176@table @option 4177ETEXI 4178 4179DEF("object", HAS_ARG, QEMU_OPTION_object, 4180 "-object TYPENAME[,PROP1=VALUE1,...]\n" 4181 " create a new object of type TYPENAME setting properties\n" 4182 " in the order they are specified. Note that the 'id'\n" 4183 " property must be set. These objects are placed in the\n" 4184 " '/objects' path.\n", 4185 QEMU_ARCH_ALL) 4186STEXI 4187@item -object @var{typename}[,@var{prop1}=@var{value1},...] 4188@findex -object 4189Create a new object of type @var{typename} setting properties 4190in the order they are specified. Note that the 'id' 4191property must be set. These objects are placed in the 4192'/objects' path. 4193 4194@table @option 4195 4196@item -object memory-backend-file,id=@var{id},size=@var{size},mem-path=@var{dir},share=@var{on|off},discard-data=@var{on|off} 4197 4198Creates a memory file backend object, which can be used to back 4199the guest RAM with huge pages. The @option{id} parameter is a 4200unique ID that will be used to reference this memory region 4201when configuring the @option{-numa} argument. The @option{size} 4202option provides the size of the memory region, and accepts 4203common suffixes, eg @option{500M}. The @option{mem-path} provides 4204the path to either a shared memory or huge page filesystem mount. 4205The @option{share} boolean option determines whether the memory 4206region is marked as private to QEMU, or shared. The latter allows 4207a co-operating external process to access the QEMU memory region. 4208Setting the @option{discard-data} boolean option to @var{on} 4209indicates that file contents can be destroyed when QEMU exits, 4210to avoid unnecessarily flushing data to the backing file. Note 4211that @option{discard-data} is only an optimization, and QEMU 4212might not discard file contents if it aborts unexpectedly or is 4213terminated using SIGKILL. 4214 4215@item -object rng-random,id=@var{id},filename=@var{/dev/random} 4216 4217Creates a random number generator backend which obtains entropy from 4218a device on the host. The @option{id} parameter is a unique ID that 4219will be used to reference this entropy backend from the @option{virtio-rng} 4220device. The @option{filename} parameter specifies which file to obtain 4221entropy from and if omitted defaults to @option{/dev/random}. 4222 4223@item -object rng-egd,id=@var{id},chardev=@var{chardevid} 4224 4225Creates a random number generator backend which obtains entropy from 4226an external daemon running on the host. The @option{id} parameter is 4227a unique ID that will be used to reference this entropy backend from 4228the @option{virtio-rng} device. The @option{chardev} parameter is 4229the unique ID of a character device backend that provides the connection 4230to the RNG daemon. 4231 4232@item -object tls-creds-anon,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},verify-peer=@var{on|off} 4233 4234Creates a TLS anonymous credentials object, which can be used to provide 4235TLS support on network backends. The @option{id} parameter is a unique 4236ID which network backends will use to access the credentials. The 4237@option{endpoint} is either @option{server} or @option{client} depending 4238on whether the QEMU network backend that uses the credentials will be 4239acting as a client or as a server. If @option{verify-peer} is enabled 4240(the default) then once the handshake is completed, the peer credentials 4241will be verified, though this is a no-op for anonymous credentials. 4242 4243The @var{dir} parameter tells QEMU where to find the credential 4244files. For server endpoints, this directory may contain a file 4245@var{dh-params.pem} providing diffie-hellman parameters to use 4246for the TLS server. If the file is missing, QEMU will generate 4247a set of DH parameters at startup. This is a computationally 4248expensive operation that consumes random pool entropy, so it is 4249recommended that a persistent set of parameters be generated 4250upfront and saved. 4251 4252@item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},verify-peer=@var{on|off},passwordid=@var{id} 4253 4254Creates a TLS anonymous credentials object, which can be used to provide 4255TLS support on network backends. The @option{id} parameter is a unique 4256ID which network backends will use to access the credentials. The 4257@option{endpoint} is either @option{server} or @option{client} depending 4258on whether the QEMU network backend that uses the credentials will be 4259acting as a client or as a server. If @option{verify-peer} is enabled 4260(the default) then once the handshake is completed, the peer credentials 4261will be verified. With x509 certificates, this implies that the clients 4262must be provided with valid client certificates too. 4263 4264The @var{dir} parameter tells QEMU where to find the credential 4265files. For server endpoints, this directory may contain a file 4266@var{dh-params.pem} providing diffie-hellman parameters to use 4267for the TLS server. If the file is missing, QEMU will generate 4268a set of DH parameters at startup. This is a computationally 4269expensive operation that consumes random pool entropy, so it is 4270recommended that a persistent set of parameters be generated 4271upfront and saved. 4272 4273For x509 certificate credentials the directory will contain further files 4274providing the x509 certificates. The certificates must be stored 4275in PEM format, in filenames @var{ca-cert.pem}, @var{ca-crl.pem} (optional), 4276@var{server-cert.pem} (only servers), @var{server-key.pem} (only servers), 4277@var{client-cert.pem} (only clients), and @var{client-key.pem} (only clients). 4278 4279For the @var{server-key.pem} and @var{client-key.pem} files which 4280contain sensitive private keys, it is possible to use an encrypted 4281version by providing the @var{passwordid} parameter. This provides 4282the ID of a previously created @code{secret} object containing the 4283password for decryption. 4284 4285@item -object filter-buffer,id=@var{id},netdev=@var{netdevid},interval=@var{t}[,queue=@var{all|rx|tx}][,status=@var{on|off}] 4286 4287Interval @var{t} can't be 0, this filter batches the packet delivery: all 4288packets arriving in a given interval on netdev @var{netdevid} are delayed 4289until the end of the interval. Interval is in microseconds. 4290@option{status} is optional that indicate whether the netfilter is 4291on (enabled) or off (disabled), the default status for netfilter will be 'on'. 4292 4293queue @var{all|rx|tx} is an option that can be applied to any netfilter. 4294 4295@option{all}: the filter is attached both to the receive and the transmit 4296 queue of the netdev (default). 4297 4298@option{rx}: the filter is attached to the receive queue of the netdev, 4299 where it will receive packets sent to the netdev. 4300 4301@option{tx}: the filter is attached to the transmit queue of the netdev, 4302 where it will receive packets sent by the netdev. 4303 4304@item -object filter-mirror,id=@var{id},netdev=@var{netdevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support] 4305 4306filter-mirror on netdev @var{netdevid},mirror net packet to chardev@var{chardevid}, if it has the vnet_hdr_support flag, filter-mirror will mirror packet with vnet_hdr_len. 4307 4308@item -object filter-redirector,id=@var{id},netdev=@var{netdevid},indev=@var{chardevid},outdev=@var{chardevid},queue=@var{all|rx|tx}[,vnet_hdr_support] 4309 4310filter-redirector on netdev @var{netdevid},redirect filter's net packet to chardev 4311@var{chardevid},and redirect indev's packet to filter.if it has the vnet_hdr_support flag, 4312filter-redirector will redirect packet with vnet_hdr_len. 4313Create a filter-redirector we need to differ outdev id from indev id, id can not 4314be the same. we can just use indev or outdev, but at least one of indev or outdev 4315need to be specified. 4316 4317@item -object filter-rewriter,id=@var{id},netdev=@var{netdevid},queue=@var{all|rx|tx},[vnet_hdr_support] 4318 4319Filter-rewriter is a part of COLO project.It will rewrite tcp packet to 4320secondary from primary to keep secondary tcp connection,and rewrite 4321tcp packet to primary from secondary make tcp packet can be handled by 4322client.if it has the vnet_hdr_support flag, we can parse packet with vnet header. 4323 4324usage: 4325colo secondary: 4326-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 4327-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 4328-object filter-rewriter,id=rew0,netdev=hn0,queue=all 4329 4330@item -object filter-dump,id=@var{id},netdev=@var{dev}[,file=@var{filename}][,maxlen=@var{len}] 4331 4332Dump the network traffic on netdev @var{dev} to the file specified by 4333@var{filename}. At most @var{len} bytes (64k by default) per packet are stored. 4334The file format is libpcap, so it can be analyzed with tools such as tcpdump 4335or Wireshark. 4336 4337@item -object colo-compare,id=@var{id},primary_in=@var{chardevid},secondary_in=@var{chardevid},outdev=@var{chardevid}[,vnet_hdr_support] 4338 4339Colo-compare gets packet from primary_in@var{chardevid} and secondary_in@var{chardevid}, than compare primary packet with 4340secondary packet. If the packets are same, we will output primary 4341packet to outdev@var{chardevid}, else we will notify colo-frame 4342do checkpoint and send primary packet to outdev@var{chardevid}. 4343if it has the vnet_hdr_support flag, colo compare will send/recv packet with vnet_hdr_len. 4344 4345we must use it with the help of filter-mirror and filter-redirector. 4346 4347@example 4348 4349primary: 4350-netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown 4351-device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66 4352-chardev socket,id=mirror0,host=3.3.3.3,port=9003,server,nowait 4353-chardev socket,id=compare1,host=3.3.3.3,port=9004,server,nowait 4354-chardev socket,id=compare0,host=3.3.3.3,port=9001,server,nowait 4355-chardev socket,id=compare0-0,host=3.3.3.3,port=9001 4356-chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait 4357-chardev socket,id=compare_out0,host=3.3.3.3,port=9005 4358-object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0 4359-object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out 4360-object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0 4361-object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0 4362 4363secondary: 4364-netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,down script=/etc/qemu-ifdown 4365-device e1000,netdev=hn0,mac=52:a4:00:12:78:66 4366-chardev socket,id=red0,host=3.3.3.3,port=9003 4367-chardev socket,id=red1,host=3.3.3.3,port=9004 4368-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 4369-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 4370 4371@end example 4372 4373If you want to know the detail of above command line, you can read 4374the colo-compare git log. 4375 4376@item -object cryptodev-backend-builtin,id=@var{id}[,queues=@var{queues}] 4377 4378Creates a cryptodev backend which executes crypto opreation from 4379the QEMU cipher APIS. The @var{id} parameter is 4380a unique ID that will be used to reference this cryptodev backend from 4381the @option{virtio-crypto} device. The @var{queues} parameter is optional, 4382which specify the queue number of cryptodev backend, the default of 4383@var{queues} is 1. 4384 4385@example 4386 4387 # qemu-system-x86_64 \ 4388 [...] \ 4389 -object cryptodev-backend-builtin,id=cryptodev0 \ 4390 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \ 4391 [...] 4392@end example 4393 4394@item -object secret,id=@var{id},data=@var{string},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] 4395@item -object secret,id=@var{id},file=@var{filename},format=@var{raw|base64}[,keyid=@var{secretid},iv=@var{string}] 4396 4397Defines a secret to store a password, encryption key, or some other sensitive 4398data. The sensitive data can either be passed directly via the @var{data} 4399parameter, or indirectly via the @var{file} parameter. Using the @var{data} 4400parameter is insecure unless the sensitive data is encrypted. 4401 4402The sensitive data can be provided in raw format (the default), or base64. 4403When encoded as JSON, the raw format only supports valid UTF-8 characters, 4404so base64 is recommended for sending binary data. QEMU will convert from 4405which ever format is provided to the format it needs internally. eg, an 4406RBD password can be provided in raw format, even though it will be base64 4407encoded when passed onto the RBD sever. 4408 4409For added protection, it is possible to encrypt the data associated with 4410a secret using the AES-256-CBC cipher. Use of encryption is indicated 4411by providing the @var{keyid} and @var{iv} parameters. The @var{keyid} 4412parameter provides the ID of a previously defined secret that contains 4413the AES-256 decryption key. This key should be 32-bytes long and be 4414base64 encoded. The @var{iv} parameter provides the random initialization 4415vector used for encryption of this particular secret and should be a 4416base64 encrypted string of the 16-byte IV. 4417 4418The simplest (insecure) usage is to provide the secret inline 4419 4420@example 4421 4422 # $QEMU -object secret,id=sec0,data=letmein,format=raw 4423 4424@end example 4425 4426The simplest secure usage is to provide the secret via a file 4427 4428 # printf "letmein" > mypasswd.txt 4429 # $QEMU -object secret,id=sec0,file=mypasswd.txt,format=raw 4430 4431For greater security, AES-256-CBC should be used. To illustrate usage, 4432consider the openssl command line tool which can encrypt the data. Note 4433that when encrypting, the plaintext must be padded to the cipher block 4434size (32 bytes) using the standard PKCS#5/6 compatible padding algorithm. 4435 4436First a master key needs to be created in base64 encoding: 4437 4438@example 4439 # openssl rand -base64 32 > key.b64 4440 # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"') 4441@end example 4442 4443Each secret to be encrypted needs to have a random initialization vector 4444generated. These do not need to be kept secret 4445 4446@example 4447 # openssl rand -base64 16 > iv.b64 4448 # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"') 4449@end example 4450 4451The secret to be defined can now be encrypted, in this case we're 4452telling openssl to base64 encode the result, but it could be left 4453as raw bytes if desired. 4454 4455@example 4456 # SECRET=$(printf "letmein" | 4457 openssl enc -aes-256-cbc -a -K $KEY -iv $IV) 4458@end example 4459 4460When launching QEMU, create a master secret pointing to @code{key.b64} 4461and specify that to be used to decrypt the user password. Pass the 4462contents of @code{iv.b64} to the second secret 4463 4464@example 4465 # $QEMU \ 4466 -object secret,id=secmaster0,format=base64,file=key.b64 \ 4467 -object secret,id=sec0,keyid=secmaster0,format=base64,\ 4468 data=$SECRET,iv=$(<iv.b64) 4469@end example 4470 4471@end table 4472 4473ETEXI 4474 4475 4476HXCOMM This is the last statement. Insert new options before this line! 4477STEXI 4478@end table 4479ETEXI 4480
