From 2873a1e3c73c06c265b58eade4dddc1e3043e002 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Mon, 17 Oct 2016 16:26:21 +0000 Subject: Add the option to specify an interface group per virtual switch as well; this group will be added to all VM tap(4) interfaces in the switch. Tested by martijn@ --- usr.sbin/vmd/parse.y | 10 +++++++++- usr.sbin/vmd/priv.c | 41 ++++++++++++++++++++++++++++------------- usr.sbin/vmd/vm.conf.5 | 13 +++++++++++-- usr.sbin/vmd/vmd.c | 3 ++- usr.sbin/vmd/vmd.h | 3 ++- 5 files changed, 52 insertions(+), 18 deletions(-) (limited to 'usr.sbin/vmd') diff --git a/usr.sbin/vmd/parse.y b/usr.sbin/vmd/parse.y index e6b9916787c..fb85b1ea0be 100644 --- a/usr.sbin/vmd/parse.y +++ b/usr.sbin/vmd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.10 2016/10/15 14:02:11 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.11 2016/10/17 16:26:20 reyk Exp $ */ /* * Copyright (c) 2007-2016 Reyk Floeter @@ -223,6 +223,14 @@ switch_opts : disable { TAILQ_INSERT_TAIL(&vsw->sw_ifs, vif, vif_entry); } + | GROUP string { + if (priv_validgroup($2) == -1) { + yyerror("invalid group name: %s", $2); + free($2); + YYERROR; + } + vsw->sw_group = $2; + } | INTERFACE string { if (priv_getiftype($2, vsw_type, &vsw_unit) == -1 || priv_findname(vsw_type, vmd_descsw) == -1) { diff --git a/usr.sbin/vmd/priv.c b/usr.sbin/vmd/priv.c index 35a1076d043..f28e3acaf87 100644 --- a/usr.sbin/vmd/priv.c +++ b/usr.sbin/vmd/priv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: priv.c,v 1.3 2016/10/15 14:02:11 reyk Exp $ */ +/* $OpenBSD: priv.c,v 1.4 2016/10/17 16:26:20 reyk Exp $ */ /* * Copyright (c) 2016 Reyk Floeter @@ -248,18 +248,6 @@ vm_priv_ifconfig(struct privsep *ps, struct vmd_vm *vm) proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFDESCR, &vfr, sizeof(vfr)); - if (vif->vif_group) { - if (strlcpy(vfr.vfr_value, vif->vif_group, - sizeof(vfr.vfr_value)) >= sizeof(vfr.vfr_value)) - return (-1); - - log_debug("%s: interface %s group %s", __func__, - vfr.vfr_name, vfr.vfr_value); - - proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFGROUP, - &vfr, sizeof(vfr)); - } - /* Add interface to bridge/switch */ if ((vsw = switch_getbyname(vif->vif_switch)) != NULL) { if (strlcpy(vfbr.vfr_name, vsw->sw_ifname, @@ -279,6 +267,33 @@ vm_priv_ifconfig(struct privsep *ps, struct vmd_vm *vm) } else if (vif->vif_switch != NULL) log_warnx("switch %s not found", vif->vif_switch); + /* First group is defined per-interface */ + if (vif->vif_group) { + if (strlcpy(vfr.vfr_value, vif->vif_group, + sizeof(vfr.vfr_value)) >= sizeof(vfr.vfr_value)) + return (-1); + + log_debug("%s: interface %s group %s", __func__, + vfr.vfr_name, vfr.vfr_value); + + proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFGROUP, + &vfr, sizeof(vfr)); + } + + /* The second group is defined per-switch */ + if (vsw != NULL && vsw->sw_group != NULL) { + if (strlcpy(vfr.vfr_value, vsw->sw_group, + sizeof(vfr.vfr_value)) >= sizeof(vfr.vfr_value)) + return (-1); + + log_debug("%s: interface %s group %s switch %s", + __func__, vfr.vfr_name, vfr.vfr_value, + vsw->sw_name); + + proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFGROUP, + &vfr, sizeof(vfr)); + } + /* Set the new interface status to up or down */ proc_compose(ps, PROC_PRIV, (vif->vif_flags & IFF_UP) ? IMSG_VMDOP_PRIV_IFUP : IMSG_VMDOP_PRIV_IFDOWN, diff --git a/usr.sbin/vmd/vm.conf.5 b/usr.sbin/vmd/vm.conf.5 index 13b5edfd1b3..46cb4c4d7b9 100644 --- a/usr.sbin/vmd/vm.conf.5 +++ b/usr.sbin/vmd/vm.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vm.conf.5,v 1.8 2016/10/15 14:02:11 reyk Exp $ +.\" $OpenBSD: vm.conf.5,v 1.9 2016/10/17 16:26:20 reyk Exp $ .\" .\" Copyright (c) 2015 Mike Larkin .\" Copyright (c) 2015 Reyk Floeter @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 15 2016 $ +.Dd $Mdocdate: October 17 2016 $ .Dt VM.CONF 5 .Os .Sh NAME @@ -207,6 +207,15 @@ nor is specified. .It Cm disable Do not configure this switch. +.It Cm group Ar group-name +Assign each interface to a specific interface +.Dq group . +For example, this can be used to write +.Xr pf.conf 5 +rules for several VM interfaces in the same group. +The +.Ar group-name +must not end with a digit. .It Cm interface Ar name Set the .Xr switch 4 diff --git a/usr.sbin/vmd/vmd.c b/usr.sbin/vmd/vmd.c index 352ac4d6318..de4a41b1847 100644 --- a/usr.sbin/vmd/vmd.c +++ b/usr.sbin/vmd/vmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.c,v 1.35 2016/10/15 14:02:11 reyk Exp $ */ +/* $OpenBSD: vmd.c,v 1.36 2016/10/17 16:26:20 reyk Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -578,6 +578,7 @@ switch_remove(struct vmd_switch *vsw) free(vif); } + free(vsw->sw_group); free(vsw->sw_name); free(vsw); } diff --git a/usr.sbin/vmd/vmd.h b/usr.sbin/vmd/vmd.h index 2848a2c72c5..f3cf13f5ac7 100644 --- a/usr.sbin/vmd/vmd.h +++ b/usr.sbin/vmd/vmd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.h,v 1.30 2016/10/15 14:02:11 reyk Exp $ */ +/* $OpenBSD: vmd.h,v 1.31 2016/10/17 16:26:20 reyk Exp $ */ /* * Copyright (c) 2015 Mike Larkin @@ -117,6 +117,7 @@ struct vmd_switch { uint32_t sw_id; char *sw_name; char sw_ifname[IF_NAMESIZE]; + char *sw_group; unsigned int sw_flags; struct viflist sw_ifs; TAILQ_ENTRY(vmd_switch) sw_entry; -- cgit v1.2.3