Use imsg_get_fd() in vmd.

vmd uses a lot of fd passing and does it sometimes via extra abstraction
so this just tries to convert the code without any optimisations.

ok dv@

vmd(8): pull validation into local prefix parser.

Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logic from prior network daemons. vmd doesn't need to parse
addresses other than when parsing the local prefix settings in
vm.conf and no runtime parsing is needed.

This change merges parsing and validation based on vmd's specific
needs for local prefixes (e.g. reserving enough bits for vm id and
network interface id encoding in an ipv4 address). In addition, it
simplifies the struct from a generic address struct to one focused
on just storing the v4 and v6 prefixes and masks. This cleans up an
unused TAILQ struct member that isn't used by vmd and was leftover
copy-pasta from those prior daemons.

The address parsing that vmd uses is also updated to using the
latest logic in bgpd(8).

ok mlarkin@

Move some header definitions from vmm(4) to vmd(8).

Part of an ongoing effort to move userland-specific information out
of a kernel header and directly into vmd(8). No functional change.

ok mlarkin@

priv_validgroup: do not read more than IF_NAMESIZE chars of name
Store the length locally instead of computing it multiple times.
OK dv@, previous version OK deraadt@

Add explicit casts to ctype functions in vmd(8).

OK millert@

mostly avoid sys/param.h with a local nitems()
ok mlarkin

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

vmd(8): pull validation into local prefix parser.

Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logic from prior network daemons. vmd doesn't need to parse
addresses other than when parsing the local prefix settings in
vm.conf and no runtime parsing is needed.

This change merges parsing and validation based on vmd's specific
needs for local prefixes (e.g. reserving enough bits for vm id and
network interface id encoding in an ipv4 address). In addition, it
simplifies the struct from a generic address struct to one focused
on just storing the v4 and v6 prefixes and masks. This cleans up an
unused TAILQ struct member that isn't used by vmd and was leftover
copy-pasta from those prior daemons.

The address parsing that vmd uses is also updated to using the
latest logic in bgpd(8).

ok mlarkin@

Move some header definitions from vmm(4) to vmd(8).

Part of an ongoing effort to move userland-specific information out
of a kernel header and directly into vmd(8). No functional change.

ok mlarkin@

priv_validgroup: do not read more than IF_NAMESIZE chars of name
Store the length locally instead of computing it multiple times.
OK dv@, previous version OK deraadt@

Add explicit casts to ctype functions in vmd(8).

OK millert@

mostly avoid sys/param.h with a local nitems()
ok mlarkin

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

Move some header definitions from vmm(4) to vmd(8).

Part of an ongoing effort to move userland-specific information out
of a kernel header and directly into vmd(8). No functional change.

ok mlarkin@

priv_validgroup: do not read more than IF_NAMESIZE chars of name
Store the length locally instead of computing it multiple times.
OK dv@, previous version OK deraadt@

Add explicit casts to ctype functions in vmd(8).

OK millert@

mostly avoid sys/param.h with a local nitems()
ok mlarkin

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

priv_validgroup: do not read more than IF_NAMESIZE chars of name
Store the length locally instead of computing it multiple times.
OK dv@, previous version OK deraadt@

Add explicit casts to ctype functions in vmd(8).

OK millert@

mostly avoid sys/param.h with a local nitems()
ok mlarkin

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

mostly avoid sys/param.h with a local nitems()
ok mlarkin

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

Remove switch(4) pieces, feedback/missing piece millert@ ok claudio@ mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp
and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior
ignored did not intercept these packets and instead transmitted them.

This should make vmd(8)'s dhcp behave more as a true dhcp server should and
allows it to work properly with the new dhcpleased(8) attempting a renewal.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

add veb(4) to the list of supported bridges/switches you can configure.

tested by josh rickmar
ok kn@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

Add support for "local inet6" interfaces.

ok & test ccardenas@, additional review from kn@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@

update switch handling in vmd(8). vmd now gets switch information (rdomain,
etc) from underlying switch interface instead of handling this on its
own.

Diff from carlos cardenas, Thanks!

ok reyk@

vmd no longer creates bridges by default. users should create bridges in
/etc/hostname.bridge* files, and specify which bridge to use for a given
virtual switch in vm.conf.

diff from Carlos Cardenas, thanks

vmd: fix two wrong comments I stumbled across while updating the vmctl(8)
man page

Use vmd's process rdomain via getrtable() instead of 0 by default.

This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and
bridge interfaces by default.

ok mlarkin@

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains.

OK mlarkin@

Add global configuration option "local prefix" to change prefix for -L.

The default prefix is 100.64.0.0/10 from RFC6598.

Requested by sthen@ chris@
OK mlarkin@

Add support for dynamic "NAT" interfaces (-L/local interface).

When a local interface is configured, vmd configures a /31 address on
the tap(4) interface of the host and provides another IP in the same
subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server
that replies with IP, gateway, and DNS addresses to the VM. The
built-in server only ever responds to the VM on the inside and cannot
leak its DHCP responses to the outside.

Thanks to Uwe Werler, Josh Grosse, and some others for testing!

OK deraadt@

Add "locked lladdr" option to prevent VMs from spoofing MAC addresses.

This is especially useful when multiple VMs share a switch, the
implementation is independent from the underlying switch or bridge.

no objections mlarkin@

Separate parsing vms and switches from starting them in vmd(8).

Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).

Input, testing and OK reyk@. Thanks.

Add the option to specify an interface group per virtual switch as well;
this group will be added to all VM tap(4) interfaces in the switch.

Tested by martijn@

Allow to add an interface to an interface group; with the group keyword.

Requested and tested by martijn@

Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.

OK mlarkin@

Add a new "priv" process that is responsible for ioctls and restricted
operations that aren't allowed under pledge. This is a companion to
the "vmd" process that runs as root but with pledge.

With the "priv" process, each new tap(4) interface now gets a
description to indicate the vm, eg. "vm1-if0-myvm". For network
configuration will be done by vmd/priv later.

OK mlarkin@