Secure way to communicate between virtualBox host and guest

[shivanik]

Hi All,
I'm new to VirtualBox and would like to know if there is a way to securely communicate between the guest and the host through a C program. I ideally want a server program running on a linux host and client on VirtualBox guest VM communicating via messages. Ideally the communication mechanism could be some hypercalls between the guest and the host. Is there some API I could use or simple utilities that help with this ?

Thanks
Shivani

[noteirak]

Moved to Virtualbox OSE since it fits better.

There are several ways indeed, but depends what you define by "secure"?
- In the API, guest properties - reference (more methods bellow)
- In the API, via guest processes - reference
- In the code, HGCM (host-guest Communication Manager) - reference
- In the code, HGSMI (Host-Guest Shared Memory Interface) - reference

[shivanik]

Thanks for the help.
I think I can utilize the guest property store to pass messages between the host and the guest. Are there any simple C code examples to read and write from the store ?

Regards
Shivani

[shivanik]

I would like to use the VBoxCAPI to write a userland server code running in host and client code running in guest communicating by reading and writing to the guest property store. Any code examples would be very helpful. I tried using the command line utils (VBoxManage guestproperty at the host end and VBoxControl guestproperty at the guest end) and they work well for me.
Also I found VBoxGuest-linux.c kernel module. It seems to be the driver VBoxManage/VBoxControl use for communication. Is my understanding correct. If so, I probably could write simple C utilty to make ioctl calls to the driver. Any info you can provide would be great.

Thanks

[noteirak]

Do you need to do it in C or can you do it in C++ ? I ask because C is a beast of its own and I wouldn't recommend it. For the C++ part, you can directly see how it is done in vboxmanage per example.

[jchatham]

Alternatively, you may want to look in this thread; security wasn't one of my concerns, but response time and throughput were, and the results have been largely satisfactory - at least once I added a 25ms delay into the busy loop that VBoxManage uses.

In my case, I'm using C code to execute VBoxManage as a subsidiary process, and then communicate with its stdin/stdout; it then runs a program in the guest that simply plays relay between its stdin/stdout and a set of named pipes to talk to the actual client in the guest. If you need higher throughput than you can get from guest properties, something like this should work fairly well.