1.\" 2.\" Copyright (c) 2008 The DragonFly Project. All rights reserved. 3.\" 4.\" This code is derived from software contributed to The DragonFly Project 5.\" by Matthew Dillon <dillon@backplane.com> 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in 15.\" the documentation and/or other materials provided with the 16.\" distribution. 17.\" 3. Neither the name of The DragonFly Project nor the names of its 18.\" contributors may be used to endorse or promote products derived 19.\" from this software without specific, prior written permission. 20.\" 21.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25.\" COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26.\" INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" $DragonFly: src/usr.sbin/vknetd/vknetd.8,v 1.3 2008/05/31 12:04:15 swildner Exp $ 35.\" 36.Dd May 21, 2009 37.Dt VKNETD 8 38.Os 39.Sh NAME 40.Nm vknetd 41.Nd create a bridged network for (typically user-run) vkernels 42.Sh SYNOPSIS 43.Nm 44.Op Fl cdU 45.Op Fl b Ar bridgeN 46.Op Fl p Ar socket_path 47.Op Fl t Ar tapN 48.Op Ar address Ns / Ns Ar cidrbits 49.Sh DESCRIPTION 50The 51.Nm 52utility creates a virtualized bridged network suitable for vkernel use. 53The utility was created to simplify 54.Nm vkernel 55operations and to allow user-run 56vkernels to have access to a network. 57General use is to specify a large 10-dot network which multiple vkernels are 58then able to connect to, and backfeed the whole mess to a TAP interface. 59.Pp 60A 61.Nm vkernel 62would make use of the virtualized network by specifying 63.Fl I Ar /var/run/vknet 64instead of a 65.Xr tap 4 66interface. 67Any number of vkernels may connect to the virtual network. 68.Pp 69.Nm 70Implements a simple bridge for all entities connected to it. 71A cache 72of MAC addresses is built up (just like an ethernet switch does) and matching 73packets will be forwarded directly to the proper 74.Sq port 75(connected clients or TAP interface). 76Unknown MACs will be broadcast. 77.Pp 78The following options are available: 79.Bl -tag -width flag 80.It Fl c 81Connect into the bridge and monitor activity. 82This option currently only monitors broadcast packets. 83Packets with cached MACs are not monitored. 84.It Fl d 85Debug mode. 86Do not go into the background. 87.It Fl U 88Unsecure mode. 89Act as a pure bridge and do not try to secure the IP 90space from host visibility. 91This is typically used with the 92.Fl b 93option to directly bridge 94.Nm 95into the host rather than operating it as a separate subnet. 96All IP protocols will be allowed through and no address checking 97will be done. 98.Pp 99When this option is not specified 100.Nm 101runs in secure mode and only allowed through ICMP, UDP, and TCP, 102and only IP addresses within the space defined on the command line. 103.Nm 104was started. 105.It Fl b Ar bridgeN 106The 107.Xr tap 4 108interface 109will be bridged into the specified bridge. 110.It Fl p Ar socket_path 111Specify where to create the unix domain socket in the filesystem space. 112By default the socket is called 113.Pa /var/run/vknet . 114.It Fl t Ar tapN 115Specify a particular 116.Xr tap 4 117interface to use. 118If not specified, 119.Nm 120will search for an unused TAP interface. 121.It Ar address Ns / Ns Ar cidrbits 122When operating in secure mode (which is the default), a CIDR block must be 123specified. 124It is optional in unsecure mode. 125The 126.Ar address 127is the address you wish to assign to the TAP 128interface and will sit on both the host and virtual networks if not bridged. 129The 130.Ar cidrbits 131is the number of bits representing the virtual subnet. 132For example, 13310.1.0.1/24 places the TAP interface on 10.1.0.1 and gives you an 8 bit 134subnet capable of handling 254 hosts. 135An address of 0.0.0.0 is allowed as a special case in secure mode so that 136bootp ( 137.Xr dhclient 8 ) 138can get through. 139.El 140.Sh FILES 141.Bl -tag -width ".Pa /var/run/vknet" -compact 142.It Pa /dev/tap* 143TAP interface used to route packets from userland providers back into the 144real machine. 145If not otherwise specified an unused TAP interface will be selected. 146.It Pa /var/run/vknet 147Default socket 148.Nm 149sits on waiting for connections. 150.El 151.Sh EXAMPLES 152.Dl "vknetd 10.1.0.1/16" 153.Sh REQUIREMENTS 154.Nm 155requires that the 156.Nm if_tap 157and 158.Nm if_bridge 159modules be loaded. 160In addition, a 161.Dq vknet 162group must exist in 163.Pa /etc/groups . 164.Sh SEE ALSO 165.Xr vknet 1 , 166.Xr bridge 4 , 167.Xr tap 4 , 168.Xr vke 4 , 169.Xr vkernel 7 , 170.Xr dhclient 8 171.Sh HISTORY 172The 173.Nm 174command was written by Matthew Dillon and first appeared in 175.Dx 1.13 176in May 2008. 177.Sh BUGS 178.Nm 179defaults to secure mode and will prevent IP spoofing, but the security 180does not yet handle ARP issues so ARP spoofing can be used to create a 181denial of service attack on the host network. 182.Pp 183.Nm 184does not currently implement a timeout for its MAC cache. 185