More on “codename hubport”:
“hiding” libvirt virtual network interfaces from the host operating system for functionality (not security) reasons as in Whonix-Gateway to Whonix-Workstation internal networking not getting broken by corridor or (VPN) firewalls…
The solution could be using unix domain socket files for Whonix-Gateway to Whonix-Workstation internal networking.
Quote Invocation — QEMU documentation
-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|off][,reconnect-ms=milliseconds]
Configure a network backend to connect to another QEMU virtual machine or a proxy using a stream oriented unix domain socket.
Quote Documentation/Networking - QEMU
The socket networking backend allows you to create a network of guests that can see each other. It’s primarily useful in extending the network created by the SLIRP backend to multiple virtual machines. In general, if you want to have multiple guests communicate, the tap backend is a better choice unless you do not have root access to the host environment.
Note: “primarily useful” doesn’t mean “this is SLIRP”.
I haven’t found this in libvirt manual yet.