Add network policy filtering for user-v2 networking

  Implements egress traffic filtering with:
  - Protocol, port, IP/CIDR, and domain-based rules
  - DNS packet snooping for domain-to-IP tracking
  - ICMP support (ICMPv4/ICMPv6) - partial - awaiting gvisor fix
  - Policy validation with strict error checking
  - DNS tracker with 10k domain limit and TTL expiration

  Usage: limactl network create NAME --policy policy.yaml

Signed-off-by: Simon Kaegi <simon.kaegi@gmail.com>

Author: skaegi

cmd/limactl/network.go

@@ -10,6 +10,7 @@ import (
 	"maps"
 	"net"
 	"os"
+	"path/filepath"
 	"slices"
 	"strings"
 	"text/tabwriter"
@@ -18,12 +19,17 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/lima-vm/lima/v2/pkg/networks"
+	"github.com/lima-vm/lima/v2/pkg/networks/usernet"
+	"github.com/lima-vm/lima/v2/pkg/networks/usernet/filter"
 	"github.com/lima-vm/lima/v2/pkg/yqutil"
 )
 
 const networkCreateExample = `  Create a network:
   $ limactl network create foo --gateway 192.168.42.1/24
 
+  Create a network with policy filtering:
+  $ limactl network create secure --gateway 192.168.42.1/24 --policy ~/policy.yaml
+
   Connect VM instances to the newly created network:
   $ limactl create --network lima:foo --name vm1
   $ limactl create --network lima:foo --name vm2
@@ -144,6 +150,7 @@ func newNetworkCreateCommand() *cobra.Command {
 	flags.String("gateway", "", "gateway, e.g., \"192.168.42.1/24\"")
 	flags.String("interface", "", "interface for bridged mode")
 	_ = cmd.RegisterFlagCompletionFunc("interface", bashFlagCompleteNetworkInterfaceNames)
+	flags.String("policy", "", "path to policy file (YAML or JSON, user-v2 mode only)")
 	return cmd
 }
 
@@ -174,6 +181,38 @@ func networkCreateAction(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	policyPath, err := flags.GetString("policy")
+	if err != nil {
+		return err
+	}
+
+	// Handle policy file if provided
+	if policyPath != "" {
+		// Only user-v2 mode supports filtering
+		if mode != networks.ModeUserV2 {
+			logrus.Warnf("Policy filtering is only supported for mode 'user-v2', ignoring --policy flag")
+		} else {
+			// Load the policy to validate it
+			pol, err := filter.LoadPolicy(policyPath)
+			if err != nil {
+				return fmt.Errorf("failed to load policy: %w", err)
+			}
+
+			// Save as JSON in the network directory (~/.lima/_networks/<name>/policy.json)
+			policyJSONPath, err := usernet.PolicyFile(name)
+			if err != nil {
+				return fmt.Errorf("failed to get policy path: %w", err)
+			}
+			// Ensure network directory exists (follows usernet convention)
+			if err := os.MkdirAll(filepath.Dir(policyJSONPath), 0o755); err != nil {
+				return fmt.Errorf("failed to create network directory: %w", err)
+			}
+			if err := filter.SavePolicyJSON(pol, policyJSONPath); err != nil {
+				return fmt.Errorf("failed to save policy: %w", err)
+			}
+		}
+	}
+
 	switch mode {
 	case networks.ModeBridged:
 		if gateway != "" {

cmd/limactl/usernet.go

@@ -11,9 +11,11 @@ import (
 	"strconv"
 	"syscall"
 
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
 	"github.com/lima-vm/lima/v2/pkg/networks/usernet"
+	"github.com/lima-vm/lima/v2/pkg/networks/usernet/filter"
 )
 
 func newUsernetCommand() *cobra.Command {
@@ -31,6 +33,7 @@ func newUsernetCommand() *cobra.Command {
 	hostagentCommand.Flags().String("subnet", "192.168.5.0/24", "Sets subnet value for the usernet network")
 	hostagentCommand.Flags().Int("mtu", 1500, "mtu")
 	hostagentCommand.Flags().StringToString("leases", nil, "Pass default static leases for startup. Eg: '192.168.104.1=52:55:55:b3:bc:d9,192.168.104.2=5a:94:ef:e4:0c:df' ")
+	hostagentCommand.Flags().String("policy", "", "Path to policy JSON file")
 	return hostagentCommand
 }
 
@@ -75,6 +78,22 @@ func usernetAction(cmd *cobra.Command, _ []string) error {
 		return err
 	}
 
+	policyPath, err := cmd.Flags().GetString("policy")
+	if err != nil {
+		return err
+	}
+
+	// Parse the policy at the CLI boundary (fail fast on invalid policy)
+	var policy *filter.Policy
+	if policyPath != "" {
+		logrus.Debugf("Loading policy from: %s", policyPath)
+		policy, err = filter.LoadPolicy(policyPath)
+		if err != nil {
+			return fmt.Errorf("failed to load policy: %w", err)
+		}
+		logrus.Debugf("Loaded policy with %d rules", len(policy.Rules))
+	}
+
 	os.RemoveAll(endpoint)
 	os.RemoveAll(qemuSocket)
 	os.RemoveAll(fdSocket)
@@ -92,5 +111,6 @@ func usernetAction(cmd *cobra.Command, _ []string) error {
 		FdSocket:      fdSocket,
 		Subnet:        subnet,
 		DefaultLeases: leases,
+		Policy:        policy,
 	})
 }

pkg/networks/usernet/config.go

@@ -112,6 +112,16 @@ func Leases(name string) (string, error) {
 	return sockPath, nil
 }
 
+// PolicyFile returns the path to the policy JSON file for the given network name.
+// For usernet, this is stored in ~/.lima/_networks/<name>/policy.json (not VarRun).
+func PolicyFile(name string) (string, error) {
+	dir, err := dirnames.LimaNetworksDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(dir, name, "policy.json"), nil
+}
+
 func netmaskToCidr(baseIP, netMask net.IP) (net.IP, *net.IPNet, error) {
 	size, _ := net.IPMask(netMask.To4()).Size()
 	return net.ParseCIDR(fmt.Sprintf("%s/%d", baseIP.String(), size))

pkg/networks/usernet/filter/dns.go

@@ -0,0 +1,236 @@
+// SPDX-FileCopyrightText: Copyright The Lima Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package filter
+
+import (
+	"net"
+	"strings"
+	"sync"
+	"time"
+)
+
+const (
+	// MaxDNSRecords is the maximum number of DNS records to track.
+	// This prevents unbounded memory growth in long-running processes.
+	MaxDNSRecords = 10000
+)
+
+// DNSRecord represents a DNS query result with TTL.
+type DNSRecord struct {
+	Domain   string
+	IPs      []net.IP
+	ExpireAt time.Time
+}
+
+// Tracker tracks domain to IP mappings from DNS queries.
+type Tracker struct {
+	mu      sync.RWMutex
+	records map[string]*DNSRecord // domain -> record
+}
+
+// NewTracker creates a new DNS tracker.
+func NewTracker() *Tracker {
+	return &Tracker{
+		records: make(map[string]*DNSRecord),
+	}
+}
+
+// SeedLimaInternalDomains pre-populates the tracker with Lima internal domains
+// These are special domains that map to Lima network infrastructure:
+//   - subnet.lima.internal -> the entire Lima subnet (e.g., 192.168.100.0/24)
+//   - host.lima.internal -> the Lima gateway (e.g., 192.168.100.2)
+func (t *Tracker) SeedLimaInternalDomains(subnet, gatewayIP string) error {
+	if subnet == "" {
+		return nil
+	}
+
+	_, subnetNet, err := net.ParseCIDR(subnet)
+	if err != nil {
+		return err
+	}
+
+	// Get all IPs in the subnet for subnet.lima.internal
+	var subnetIPs []net.IP
+	// For now, just add the network address
+	// We could enumerate all IPs but that's expensive for large subnets
+	subnetIPs = append(subnetIPs, subnetNet.IP)
+
+	// Add subnet.lima.internal -> subnet IPs
+	// Use a very long TTL (24 hours) since these are static mappings
+	t.AddRecord("subnet.lima.internal", subnetIPs, 24*time.Hour)
+
+	// Add host.lima.internal -> Lima gateway
+	// This must be seeded because gvisor's internal DNS server resolves *.lima.internal
+	// domains internally, so the DNS snooper never sees the responses
+	if gatewayIP != "" {
+		gateway := net.ParseIP(gatewayIP)
+		if gateway != nil {
+			t.AddRecord("host.lima.internal", []net.IP{gateway}, 24*time.Hour)
+		}
+	}
+
+	return nil
+}
+
+// AddRecord adds or updates a DNS record.
+func (t *Tracker) AddRecord(domain string, ips []net.IP, ttl time.Duration) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	domain = strings.ToLower(domain)
+
+	// If at capacity and this is a new domain, clean up expired entries first
+	if _, exists := t.records[domain]; !exists && len(t.records) >= MaxDNSRecords {
+		t.cleanExpiredLocked()
+
+		// If still at capacity after cleanup, remove oldest entry
+		if len(t.records) >= MaxDNSRecords {
+			t.removeOldestLocked()
+		}
+	}
+
+	t.records[domain] = &DNSRecord{
+		Domain:   domain,
+		IPs:      ips,
+		ExpireAt: time.Now().Add(ttl),
+	}
+}
+
+// GetIPs returns all IPs for a domain, or nil if not found/expired.
+func (t *Tracker) GetIPs(domain string) []net.IP {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	domain = strings.ToLower(domain)
+	record, ok := t.records[domain]
+	if !ok || time.Now().After(record.ExpireAt) {
+		return nil
+	}
+	return record.IPs
+}
+
+// GetIPsForPattern returns all IPs matching a domain pattern (supports wildcards).
+// Example: "*.example.com" matches "api.example.com", "cdn.example.com".
+func (t *Tracker) GetIPsForPattern(pattern string) []net.IP {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	pattern = strings.ToLower(pattern)
+	var allIPs []net.IP
+	seenIPs := make(map[string]bool)
+
+	for domain, record := range t.records {
+		// Skip expired records
+		if time.Now().After(record.ExpireAt) {
+			continue
+		}
+
+		// Check if domain matches pattern
+		if matchesPattern(domain, pattern) {
+			for _, ip := range record.IPs {
+				ipStr := ip.String()
+				if !seenIPs[ipStr] {
+					seenIPs[ipStr] = true
+					allIPs = append(allIPs, ip)
+				}
+			}
+		}
+	}
+
+	return allIPs
+}
+
+// GetDomainsForIP returns all domains that resolve to the given IP (reverse lookup).
+func (t *Tracker) GetDomainsForIP(ip net.IP) []string {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	var domains []string
+	now := time.Now()
+
+	for domain, record := range t.records {
+		// Skip expired records
+		if now.After(record.ExpireAt) {
+			continue
+		}
+
+		// Check if this domain resolves to the given IP
+		for _, recordIP := range record.IPs {
+			if recordIP.Equal(ip) {
+				domains = append(domains, domain)
+				break
+			}
+		}
+	}
+
+	return domains
+}
+
+// CleanExpired removes expired DNS records.
+func (t *Tracker) CleanExpired() {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+	t.cleanExpiredLocked()
+}
+
+// cleanExpiredLocked removes expired DNS records (must hold lock).
+func (t *Tracker) cleanExpiredLocked() {
+	now := time.Now()
+	for domain, record := range t.records {
+		if now.After(record.ExpireAt) {
+			delete(t.records, domain)
+		}
+	}
+}
+
+// removeOldestLocked removes the record with the earliest expiration time (must hold lock).
+func (t *Tracker) removeOldestLocked() {
+	if len(t.records) == 0 {
+		return
+	}
+
+	var oldestDomain string
+	var oldestExpireAt time.Time
+	first := true
+
+	for domain, record := range t.records {
+		if first || record.ExpireAt.Before(oldestExpireAt) {
+			oldestDomain = domain
+			oldestExpireAt = record.ExpireAt
+			first = false
+		}
+	}
+
+	if oldestDomain != "" {
+		delete(t.records, oldestDomain)
+	}
+}
+
+// matchesPattern checks if a domain matches a pattern with wildcard support.
+// Pattern examples:
+//   - "example.com" matches exactly "example.com"
+//   - "*.example.com" matches "api.example.com", "cdn.example.com", but NOT "example.com"
+//   - "*" matches everything
+func matchesPattern(domain, pattern string) bool {
+	// Exact match
+	if domain == pattern {
+		return true
+	}
+
+	// Match all
+	if pattern == "*" {
+		return true
+	}
+
+	// Wildcard pattern
+	if strings.HasPrefix(pattern, "*.") {
+		suffix := pattern[2:] // Remove "*."
+		// Domain must end with the suffix and have at least one more label
+		if strings.HasSuffix(domain, "."+suffix) {
+			return true
+		}
+	}
+
+	return false
+}