Crate squib_net 

squib-net — host-side networking for virtio-net.

Per 30-networking.md, squib offers four host-side attachment modes:

Mode	Backend	Entitlement
VmnetMode::Shared (default)	vmnet.framework VMNET_SHARED_MODE (NAT)	none beyond com.apple.security.hypervisor
VmnetMode::Host	vmnet.framework VMNET_HOST_MODE (host-only)	none beyond com.apple.security.hypervisor
VmnetMode::Bridged (cargo feature)	vmnet.framework VMNET_BRIDGED_MODE	com.apple.vm.networking (restricted) — gated by the bridged cargo feature
NetMode::Userspace	bundled gvproxy over a socketpair(2) carrying length-prefixed L2 frames	none

Layout

• sys — the second of two unsafe boundaries in the workspace (the first is squib-hv). Hand-rolled FFI to vmnet.framework, libdispatch, and XPC. Per 99-key-decisions.md § D13.
• iface — safe VmnetIface wrapper.
• backend — NetBackend impls feeding the virtio-net frontend.
• gvproxy — gvproxy child-process management for --network=userspace.

Outside the sys module, #![forbid(unsafe_code)] holds for the rest of the crate (I-NET-1). I-NET-4 (pre-allocated bytes::BytesMut pool, no per-packet Vec<u8> alloc in the hot path) lands with the Phase 7 perf-tuning sweep — see specs/93-improvements-review.md for the deferred backlog entry.

Re-exports

pub use backend::LoopbackHostBackend;

pub use backend::NetHostBackend;

pub use backend::VmnetHostBackend;

pub use gvproxy::GvproxyBackend;

pub use gvproxy::GvproxyError;

pub use gvproxy::GvproxyParams;

pub use iface::IfaceError;

pub use iface::IfaceStats;

pub use iface::InterfaceParams;

pub use iface::VmnetIface;

pub use mode::NetMode;

pub use mode::VmnetMode;

Modules

backend

NetBackend glue between the virtio-net frontend and the host networking plumbing in squib-net.

gvproxy

gvproxy bundled-binary userspace mode.

iface

Safe wrapper over the vmnet FFI: VmnetIface.

mode

Host-network mode selectors.

sys

Unsafe boundary for vmnet/dispatch/XPC FFI.