VKNETD(8) BSD System Manager's Manual VKNETD(8)NAMEvknetd — create a bridged network for (typically user-run) vkernels
SYNOPSISvknetd [-cdU] [-b bridgeN] [-p socket_path] [-t tapN] [address/cidrbits]
DESCRIPTION
The vknetd utility creates a virtualized bridged network suitable for
vkernel use. The utility was created to simplify vkernel operations and
to allow user-run vkernels to have access to a network. General use is
to specify a large 10-dot network which multiple vkernels are then able
to connect to, and backfeed the whole mess to a TAP interface.
A vkernel would make use of the virtualized network by specifying -I
/var/run/vknet instead of a tap(4) interface. Any number of vkernels may
connect to the virtual network.
vknetd Implements a simple bridge for all entities connected to it. A
cache of MAC addresses is built up (just like an ethernet switch does)
and matching packets will be forwarded directly to the proper ‘port’
(connected clients or TAP interface). Unknown MACs will be broadcast.
The following options are available:
-c Connect into the bridge and monitor activity. This option cur‐
rently only monitors broadcast packets. Packets with cached MACs
are not monitored.
-d Debug mode. Do not go into the background.
-U Unsecure mode. Act as a pure bridge and do not try to secure the
IP space from host visibility. This is typically used with the -b
option to directly bridge vknetd into the host rather than operat‐
ing it as a separate subnet. All IP protocols will be allowed
through and no address checking will be done.
When this option is not specified vknetd runs in secure mode and
only allowed through ICMP, UDP, and TCP, and only IP addresses
within the space defined on the command line. vknetd was started.
-b bridgeN
The tap(4) interface will be bridged into the specified bridge.
-p socket_path
Specify where to create the unix domain socket in the filesystem
space. By default the socket is called /var/run/vknet.
-t tapN
Specify a particular tap(4) interface to use. If not specified,
vknetd will search for an unused TAP interface.
address/cidrbits
When operating in secure mode (which is the default), a CIDR block
must be specified. It is optional in unsecure mode. The address
is the address you wish to assign to the TAP interface and will sit
on both the host and virtual networks if not bridged. The cidrbits
is the number of bits representing the virtual subnet. For exam‐
ple, 10.1.0.1/24 places the TAP interface on 10.1.0.1 and gives you
an 8 bit subnet capable of handling 254 hosts. An address of
0.0.0.0 is allowed as a special case in secure mode so that bootp (
dhclient(8)) can get through.
FILES
/dev/tap* TAP interface used to route packets from userland
providers back into the real machine. If not otherwise
specified an unused TAP interface will be selected.
/var/run/vknet Default socket vknetd sits on waiting for connections.
EXAMPLESvknetd 10.1.0.1/16
REQUIREMENTSvknetd requires that the if_tap and if_bridge modules be loaded. In
addition, a “vknet” group must exist in /etc/groups.
SEE ALSOvknet(1), bridge(4), tap(4), vke(4), vkernel(7), dhclient(8)HISTORY
The vknetd command was written by Matthew Dillon and first appeared in
DragonFly 1.13 in May 2008.
BUGSvknetd defaults to secure mode and will prevent IP spoofing, but the
security does not yet handle ARP issues so ARP spoofing can be used to
create a denial of service attack on the host network.
vknetd does not currently implement a timeout for its MAC cache.
BSD May 21, 2009 BSD
