| | 1 | .\" |
| | 2 | .\" Copyright (c) 2008 The DragonFly Project. All rights reserved. |
| | 3 | .\" |
| | 4 | .\" This code is derived from software contributed to The DragonFly Project |
| | 5 | .\" by Matthew Dillon <dillon@backplane.com> |
| | 6 | .\" |
| | 7 | .\" Redistribution and use in source and binary forms, with or without |
| | 8 | .\" modification, are permitted provided that the following conditions |
| | 9 | .\" are met: |
| | 10 | .\" |
| | 11 | .\" 1. Redistributions of source code must retain the above copyright |
| | 12 | .\" notice, this list of conditions and the following disclaimer. |
| | 13 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| | 14 | .\" notice, this list of conditions and the following disclaimer in |
| | 15 | .\" the documentation and/or other materials provided with the |
| | 16 | .\" distribution. |
| | 17 | .\" 3. Neither the name of The DragonFly Project nor the names of its |
| | 18 | .\" contributors may be used to endorse or promote products derived |
| | 19 | .\" from this software without specific, prior written permission. |
| | 20 | .\" |
| | 21 | .\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| | 22 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| | 23 | .\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| | 24 | .\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| | 25 | .\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| | 26 | .\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, |
| | 27 | .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| | 28 | .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
| | 29 | .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| | 30 | .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| | 31 | .\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| | 32 | .\" SUCH DAMAGE. |
| | 33 | .\" |
| | 34 | .\" $DragonFly: src/usr.sbin/vknetd/vknetd.8,v 1.1 2008/05/27 01:58:01 dillon Exp $ |
| | 35 | .\" |
| | 36 | .Dd May 26, 2008 |
| | 37 | .Dt vknet 8 |
| | 38 | .Os |
| | 39 | .Sh NAME |
| | 40 | .Nm vknet |
| | 41 | .Nd create a bridged network for (typically user-run) vkernel's |
| | 42 | .Sh SYNOPSIS |
| | 43 | .Nm |
| | 44 | .Op Fl cdU |
| | 45 | .Op Fl b Ar bridgeN |
| | 46 | .Op Fl p Ar socket_path |
| | 47 | .Op Fl t Ar tapN |
| | 48 | .Op Ar address/cidrbits |
| | 49 | .Sh DESCRIPTION |
| | 50 | The |
| | 51 | .Nm |
| | 52 | utility creates a virtualized bridged network suitable for vkernel use. |
| | 53 | The utility was created to simplify vkernel oprations and to allow user-run |
| | 54 | vkernels to have access to a network. |
| | 55 | General use is to specify a large 10-dot network which multiple vkernels are |
| | 56 | then able to connect to, and backfeed the whole mess to a TAP interface. |
| | 57 | .Pp |
| | 58 | A vkernel would make use of the virtualized network by specifying |
| | 59 | .Fl I Ar /dev/vknet |
| | 60 | instead of a |
| | 61 | .Xr tap 4 |
| | 62 | interface. |
| | 63 | Any number of vkernels may connect to the virtual network. |
| | 64 | .Pp |
| | 65 | .Nm |
| | 66 | Implements a simple bridge for all entities connected to it. A cache |
| | 67 | of MAC addresses is built up (just like an etherswitch does) and matching |
| | 68 | packets will be forwarded directly to the proper 'port' (connected clients |
| | 69 | or TAP interface). Unknown MACs will be broadcast. |
| | 70 | .Pp |
| | 71 | The following options are available: |
| | 72 | .Bl -tag -width flag |
| | 73 | .It Fl c |
| | 74 | Connect into the bridge and monitor activity. This option currently only |
| | 75 | monitors broadcast packets. Packets with cached MACs are not monitored. |
| | 76 | .It Fl d |
| | 77 | Debug mode. Do not go into the background. |
| | 78 | .It Fl U |
| | 79 | Unsecure mode. Act as a pure bridge and do not try to secure the IP |
| | 80 | space from host visibility. This is typically used with the |
| | 81 | .Fl b |
| | 82 | option to directly bridge |
| | 83 | .Nm |
| | 84 | into the host rather then operating it as a separate subnet. |
| | 85 | .It Fl b Ar bridgeN |
| | 86 | The |
| | 87 | .Xr tap 4 |
| | 88 | interface |
| | 89 | will be bridged into the specified bridge. |
| | 90 | .It Fl p Ar socket_path |
| | 91 | Specify where to create the unix domain socket in the filesystem space. |
| | 92 | By default the socket is called |
| | 93 | .Pa /dev/vknet . |
| | 94 | .It Fl t Ar tapN |
| | 95 | Specify a particular |
| | 96 | .Xr tap 4 |
| | 97 | interface to use. If not specified, |
| | 98 | .Nm |
| | 99 | will search for an unused tap interface. |
| | 100 | .It Ar address/cidrbits |
| | 101 | When operating in secure mode (which is the default), a CIDR block must be |
| | 102 | specified. The address is the address you wish to assign to the TAP |
| | 103 | interface and will sit on both the host and virtual networks if not bridged. |
| | 104 | The |
| | 105 | .Ar cidrbits |
| | 106 | is the number of bits representing the virtual subnet. For example, |
| | 107 | 10.1.0.1/24 places the tap interface on 10.1.0.1 and gives you an 8 bit |
| | 108 | subnet capable of handling 254 hosts. |
| | 109 | .El |
| | 110 | .Sh EXAMPLES |
| | 111 | .Li "vknetd 10.1.0.1/16" |
| | 112 | .Pp |
| | 113 | .Sh REQUIREMENTS |
| | 114 | .Nm |
| | 115 | requires that the |
| | 116 | .Ar if_tap |
| | 117 | and |
| | 118 | .Ar if_bridge |
| | 119 | modules be loaded. |
| | 120 | In addition, a 'vknet' group must exist in /etc/groups. |
| | 121 | .Sh FILES |
| | 122 | .Bl -tag -width /var/log/lastlog -compact |
| | 123 | .It Pa /dev/tap* |
| | 124 | TAP interface used to route packets from userland providers back into the |
| | 125 | real machine. If not otherwise specified an unused tap interface will be |
| | 126 | selected. |
| | 127 | .It Pa /dev/vknet |
| | 128 | Default socket |
| | 129 | .Nm |
| | 130 | sits on waiting for connections. |
| | 131 | .El |
| | 132 | .Sh BUGS |
| | 133 | .Nm |
| | 134 | defaults to secure mode and will prevent IP spoofing, but the security |
| | 135 | does not yet handle ARP issues so ARP spoofing can be used to create a |
| | 136 | denial of service attack on the host network. |
| | 137 | .Pp |
| | 138 | .Nm |
| | 139 | does not currently implement a timeout for its MAC cache. |
| | 140 | .Sh SEE ALSO |
| | 141 | .Xr vkernel 7 , |
| | 142 | .Xr vke 7 |
| | 143 | .Sh HISTORY |
| | 144 | The |
| | 145 | .Nm |
| | 146 | command was written by Matthew Dillon and first appeared in |
| | 147 | .Dx 1.13 |
| | 148 | in May 2008. |
lentferj's projects / dragonfly.git / blame_incremental