add user-mode networking option on hyperv

it adds a flag to enable user-mode networking on hyperv.

While on other OS/hypervisor user-mode is always enabled, on WSL podman
code supports both cases. For this reason, it adds a constraint check on
Win to prevent users from using the user-mode-networking flag when the
provider is not hyperv

Signed-off-by: lstocchi <[email protected]>

Author: lstocchi

cmd/macadam/init.go

@@ -32,8 +32,8 @@ var (
 		ValidArgsFunction: completion.AutocompleteNone,
 	}
 
-	initOptsFromFlags = define.InitOptions{}
-	// initOptionalFlags  = InitOptionalFlags{}
+	initOptsFromFlags  = define.InitOptions{}
+	initOptionalFlags  = InitOptionalFlags{}
 	defaultMachineName = "macadam"
 	// now                bool
 )
@@ -82,6 +82,10 @@ func init() {
 	flags.StringSliceVarP(&initOptsFromFlags.CloudInitPaths, CloudInitPathFlagName, "", []string{}, "Path to user-data, meta-data and network-config cloud-init configuration files")
 	_ = initCmd.RegisterFlagCompletionFunc(CloudInitPathFlagName, completion.AutocompleteDefault)
 
+	userModeNetFlagName := "user-mode-networking"
+	flags.BoolVar(&initOptionalFlags.UserModeNetworking, userModeNetFlagName, false,
+		"Whether this machine should use user-mode networking, routing traffic through a host user-space process (Hyperv-only, requires --provider=hyperv)")
+
 	/* flags := initCmd.Flags()
 	cfg := registry.PodmanConfig()
 
@@ -142,11 +146,7 @@ func init() {
 	_ = initCmd.RegisterFlagCompletionFunc(IgnitionPathFlagName, completion.AutocompleteDefault)
 
 	rootfulFlagName := "rootful"
-	flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution")
-
-	userModeNetFlagName := "user-mode-networking"
-	flags.BoolVar(&initOptionalFlags.UserModeNetworking, userModeNetFlagName, false,
-		"Whether this machine should use user-mode networking, routing traffic through a host user-space process") */
+	flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution") */
 }
 
 func initMachine(cmd *cobra.Command, args []string) error {
@@ -155,7 +155,7 @@ func initMachine(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	if err := preflights.RunPreflights(vmProvider); err != nil {
+	if err := preflights.RunPreflights(vmProvider, initOptionalFlags.UserModeNetworking); err != nil {
 		slog.Error(err.Error())
 		os.Exit(1)
 	}
@@ -215,6 +215,7 @@ func initMachine(cmd *cobra.Command, args []string) error {
 		HasReadyUnit:   false,
 		ForwardSockets: false,
 	}
+	initOpts.UserModeNetworking = &initOptionalFlags.UserModeNetworking
 	/*
 		_, _, err = shim.VMExists(machineName, []vmconfigs.VMProvider{provider})
 		if err == nil {

cmd/macadam/preflight.go

@@ -29,5 +29,5 @@ func preflight(_ *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	return preflights.RunPreflights(vmProvider)
+	return preflights.RunPreflights(vmProvider, false)
 }

go.mod

@@ -191,6 +191,6 @@ require (
 	tags.cncf.io/container-device-interface/specs-go v1.0.0 // indirect
 )
 
-replace github.com/containers/podman/v5 => github.com/cfergeau/podman/v5 v5.0.0-20250924155458-168a7bca9bee
+replace github.com/containers/podman/v5 => github.com/cfergeau/podman/v5 v5.0.0-20251015161310-92f0af92dc3e
 
 replace github.com/crc-org/machine => github.com/cfergeau/machine v0.0.0-20241127155529-1b8b9b8d1078

go.sum

@@ -33,8 +33,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cfergeau/machine v0.0.0-20241127155529-1b8b9b8d1078 h1:KpgRncgq6ZiWDnLe6R58dJjd6QSuU7RDqRrpl11Dxcg=
 github.com/cfergeau/machine v0.0.0-20241127155529-1b8b9b8d1078/go.mod h1:trWeQimjfE3dJ8qWOxI4ePtYm13aecK42bf01s6h/Nc=
-github.com/cfergeau/podman/v5 v5.0.0-20250924155458-168a7bca9bee h1:FZnjrAe2f40Y+lbGTzs48fwPI5q3zM4PyiTOlVLLtMM=
-github.com/cfergeau/podman/v5 v5.0.0-20250924155458-168a7bca9bee/go.mod h1:/M4sKOScoXIFFAfLURDYibSSBDcx67Q+Mi9tdT5guV0=
+github.com/cfergeau/podman/v5 v5.0.0-20251015161310-92f0af92dc3e h1:CVsF1j6brKiUWio1eN2lZ+75sZWoUX15eCogz0vkr04=
+github.com/cfergeau/podman/v5 v5.0.0-20251015161310-92f0af92dc3e/go.mod h1:/M4sKOScoXIFFAfLURDYibSSBDcx67Q+Mi9tdT5guV0=
 github.com/checkpoint-restore/checkpointctl v1.3.0 h1:bNz5b6s+lxFdG5ZGDba3qSkBtXDDTCG2494dfAbQJ4E=
 github.com/checkpoint-restore/checkpointctl v1.3.0/go.mod h1:dqZH4wDvbjnsqFGK2LdUDk21yFQ1dCAtzgRMlG44KDM=
 github.com/checkpoint-restore/go-criu/v7 v7.2.0 h1:qGiWA4App1gGlEfIJ68WR9jbezV9J7yZdjzglezcqKo=

pkg/preflights/preflights.go

@@ -12,8 +12,12 @@ import (
 	"github.com/containers/podman/v5/pkg/machine/vmconfigs"
 )
 
-func RunPreflights(provider vmconfigs.VMProvider) error {
-	if err := checkGvproxyVersion(provider); err != nil {
+func RunPreflights(provider vmconfigs.VMProvider, userModeNetworking bool) error {
+	if err := validateOptions(provider, userModeNetworking); err != nil {
+		return err
+	}
+
+	if err := checkGvproxyVersion(provider, userModeNetworking); err != nil {
 		return fmt.Errorf("invalid gvproxy binary: %w", err)
 	}
 
@@ -28,10 +32,17 @@ func RunPreflights(provider vmconfigs.VMProvider) error {
 	return nil
 }
 
+func validateOptions(provider vmconfigs.VMProvider, userModeNetworking bool) error {
+	if provider.VMType() == define.WSLVirt && userModeNetworking {
+		return fmt.Errorf("user-mode networking is not supported on WSL. Please run the command without the --user-mode-networking flag")
+	}
+	return nil
+}
+
 // macadam/podman needs a gvproxy version which supports the --services
 // argument
-func checkGvproxyVersion(provider vmconfigs.VMProvider) error {
-	if provider.VMType() == define.WSLVirt || provider.VMType() == define.HyperVVirt {
+func checkGvproxyVersion(provider vmconfigs.VMProvider, userModeNetworking bool) error {
+	if provider.VMType() == define.WSLVirt || (provider.VMType() == define.HyperVVirt && !userModeNetworking) {
 		return nil
 	}
 	if err := checkBinaryArg(machine.ForwarderBinaryName, "-services"); err != nil {