Up to [local] / src / usr.sbin / vmd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jul 13 18:31:59 2023 UTC (10 months, 2 weeks ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.12: +4 -6 lines
Diff to previous 1.12 (colored)
vmd(8): pull validation into local prefix parser. Validation for local prefixes, both inet and inet6, was scattered around. To make it even more confusing, vmd was using generic address parsing logic from prior network daemons. vmd doesn't need to parse addresses other than when parsing the local prefix settings in vm.conf and no runtime parsing is needed. This change merges parsing and validation based on vmd's specific needs for local prefixes (e.g. reserving enough bits for vm id and network interface id encoding in an ipv4 address). In addition, it simplifies the struct from a generic address struct to one focused on just storing the v4 and v6 prefixes and masks. This cleans up an unused TAILQ struct member that isn't used by vmd and was leftover copy-pasta from those prior daemons. The address parsing that vmd uses is also updated to using the latest logic in bgpd(8). ok mlarkin@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Apr 27 22:47:27 2023 UTC (13 months ago) by dv
Branch: MAIN
Changes since 1.11: +16 -11 lines
Diff to previous 1.11 (colored)
vmd(8): introduce multi-process model for virtio devices. Isolate virtio network and block device emulation in dedicated processes, forked and exec'd from the vm process. This allows for tightening pledge promises to just "stdio". Communication between the vcpu's and these devices now occurs via imsg channels, which adds the benefit of not always blocking the vcpu thread while emulating the device. With this commit, it's possible that vmd is the first open source hypervisor that *defaults* to a multi-process device emulation model without requiring any additional configuration from the operator. Testing help from phessler@ and Mischa Peters. ok mlarkin@
Revision 1.11 / (download) - annotate - [select for diffs], Wed Jun 16 16:55:02 2021 UTC (2 years, 11 months ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.10: +2 -3 lines
Diff to previous 1.10 (colored)
cleanup vmd(8) includes and header files Lots of organic growth other the years lead to unnecessary includes (proc.h everywhere) and odd dependencies between header files. This cleans things up a bit to help with upcoming cleanup around dhcp code. No functional change. "go for it" mlarkin@
Revision 1.8.10.1 / (download) - annotate - [select for diffs], Tue Jun 8 14:42:24 2021 UTC (2 years, 11 months ago) by bluhm
Branch: OPENBSD_6_8
Changes since 1.8: +57 -37 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
vmd(8): malicious dhcp packets on local ifs can cause stack overflows A sufficiently large dhcp packet can cause a stack overflow in vmd's internal dhcp server used for providing ip addresses to local guest interfaces. (This does not affect non-local interfaces.) The primary changes drop larger packets and change the memory copying logic to use a compile-time constant. The dhcp option processing also additional prevention for out of bound reads. While here, improve construction of the dhcp response's hostname handling to guard against overflowing the response dhcp options. Vulnerability reported by Maxime Villard. ok claudio@ from dv@ this is errata/6.8/025_vmd.patch.sig
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Tue Jun 8 14:41:14 2021 UTC (2 years, 11 months ago) by bluhm
Branch: OPENBSD_6_9
Changes since 1.9: +57 -37 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
vmd(8): malicious dhcp packets on local ifs can cause stack overflows A sufficiently large dhcp packet can cause a stack overflow in vmd's internal dhcp server used for providing ip addresses to local guest interfaces. (This does not affect non-local interfaces.) The primary changes drop larger packets and change the memory copying logic to use a compile-time constant. The dhcp option processing also additional prevention for out of bound reads. While here, improve construction of the dhcp response's hostname handling to guard against overflowing the response dhcp options. Vulnerability reported by Maxime Villard. ok claudio@ from dv@ this is errata/6.9/008_vmd.patch.sig
Revision 1.10 / (download) - annotate - [select for diffs], Tue Jun 8 14:37:48 2021 UTC (2 years, 11 months ago) by dv
Branch: MAIN
Changes since 1.9: +57 -37 lines
Diff to previous 1.9 (colored)
vmd(8): malicious dhcp packets on local ifs can cause stack overflows A sufficiently large dhcp packet can cause a stack overflow in vmd's internal dhcp server used for providing ip addresses to local guest interfaces. (This does not affect non-local interfaces.) The primary changes drop larger packets and change the memory copying logic to use a compile-time constant. The dhcp option processing also additional prevention for out of bound reads. While here, improve construction of the dhcp response's hostname handling to guard against overflowing the response dhcp options. Vulnerability reported by Maxime Villard. ok claudio@
Revision 1.9 / (download) - annotate - [select for diffs], Mon Mar 29 23:37:01 2021 UTC (3 years, 2 months ago) by dv
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.8: +6 -3 lines
Diff to previous 1.8 (colored)
Propagate host-side tap(4) lladdr to guest vm process to allow unicast dhcp and bootp renewals with vmd(8)'s built-in dhcp server. Previous behavior ignored did not intercept these packets and instead transmitted them. This should make vmd(8)'s dhcp behave more as a true dhcp server should and allows it to work properly with the new dhcpleased(8) attempting a renewal. OK mlarkin@
Revision 1.8 / (download) - annotate - [select for diffs], Thu Dec 27 19:51:30 2018 UTC (5 years, 5 months ago) by anton
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Branch point for: OPENBSD_6_8
Changes since 1.7: +18 -3 lines
Diff to previous 1.7 (colored)
When netbooting a vm using the `-B net' option, set the hostname DHCP option in the lease to the name of the vm. Makes it easier to use dedicated autoinstall response files for different vms. ok ccardenas@
Revision 1.7 / (download) - annotate - [select for diffs], Thu Dec 6 09:20:06 2018 UTC (5 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.6: +7 -6 lines
Diff to previous 1.6 (colored)
Make it possible to define the bootdevice in vmd. This information is used currently only when booting a OpenBSD kernel. If VMBOOTDEV_NET is used the internal dhcp server will pass "auto_install" as boot file to the client and the boot loader passes the MAC of the first interface to the kernel to indicate PXE booting. Adding boot order support to SeaBIOS is not yet implemented. Ok ccardenas@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Nov 21 12:31:47 2018 UTC (5 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
Add support for "local inet6" interfaces. ok & test ccardenas@, additional review from kn@
Revision 1.5 / (download) - annotate - [select for diffs], Fri Aug 17 07:12:28 2018 UTC (5 years, 9 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.4: +1 -6 lines
Diff to previous 1.4 (colored)
No need to send the same nameserver twice. OK ccardenas@
Revision 1.4 / (download) - annotate - [select for diffs], Sun Nov 5 20:01:09 2017 UTC (6 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.3: +85 -16 lines
Diff to previous 1.3 (colored)
Add minimal DHCP support to vmd's built-in DHCP/BOOTP server. This fixes "local interface" mode with the udhcpc client. udhcpc, a DHCP client that is used by busybox and many embedded Linux distributions, does not support BOOTP which is the predecessor and a valid subset of DHCP. OK mlarkin@, Carlos Cardenas
Revision 1.3 / (download) - annotate - [select for diffs], Mon Apr 24 07:14:27 2017 UTC (7 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Don't overflow the allocated DHCP response buffer. When copying the DHCP/BOOTP response into the allocated buffer, use the calculated response length instead of the maximum size of a DHCP packet. The response length was verified correctly but the very last step missed to use it. Found by Caspar Schutijser and malloc.conf(5) "S" OK deraadt@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 21 07:03:26 2017 UTC (7 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.1: +6 -3 lines
Diff to previous 1.1 (colored)
Add global configuration option "local prefix" to change prefix for -L. The default prefix is 100.64.0.0/10 from RFC6598. Requested by sthen@ chris@ OK mlarkin@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Apr 19 15:38:32 2017 UTC (7 years, 1 month ago) by reyk
Branch: MAIN
Add support for dynamic "NAT" interfaces (-L/local interface). When a local interface is configured, vmd configures a /31 address on the tap(4) interface of the host and provides another IP in the same subnet via DHCP (BOOTP) to the VM. vmd runs an internal BOOTP server that replies with IP, gateway, and DNS addresses to the VM. The built-in server only ever responds to the VM on the inside and cannot leak its DHCP responses to the outside. Thanks to Uwe Werler, Josh Grosse, and some others for testing! OK deraadt@