git: 1aad95345237 - main - bhyve: add support for ng_device network backend

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 27 Oct 2025 12:48:13 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=1aad95345237424918e5f6b18464df4dbc2aa1d8

commit 1aad95345237424918e5f6b18464df4dbc2aa1d8
Author:     Quentin Thébault <quentin.thebault@defenso.fr>
AuthorDate: 2025-09-12 08:39:55 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-10-27 12:46:47 +0000

    bhyve: add support for ng_device network backend
    
    Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
    
    Reviewed by:    markj
    MFC after:      1 month
    Sponsored by:   Defenso
    Differential Revision:  https://reviews.freebsd.org/D52542
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/1880
---
 usr.sbin/bhyve/bhyve.8        | 21 +++++++++++++++++++--
 usr.sbin/bhyve/net_backends.c | 19 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/bhyve/bhyve.8 b/usr.sbin/bhyve/bhyve.8
index c902c265da9e..3df9f79c3b2c 100644
--- a/usr.sbin/bhyve/bhyve.8
+++ b/usr.sbin/bhyve/bhyve.8
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 21, 2024
+.Dd September 16, 2025
 .Dt BHYVE 8
 .Os
 .Sh NAME
@@ -518,6 +518,8 @@ considered unconnected.
 .Op Cm \&,mtu= Ar N
 .Xc
 .It
+.Cm ngd Ar N
+.It
 .Xo
 .Cm netgraph,path= Ar ADDRESS Cm \&,peerhook= Ar HOOK
 .Op Cm \&,socket= Ar NAME
@@ -542,6 +544,19 @@ The MAC address is an ASCII string in
 .Xr ethers 5
 format.
 .Pp
+A
+.Cm ngd
+device can be used to connect a guest to a
+.Xr netgraph 4
+through a
+.Xr ng_device 4
+node.
+This can be used to run bhyve in a
+.Xr VNET 9
+jail, and give it access to the host's netgraph, that cannot be reached
+directly, by exposing the ng_device through
+.Xr devfs 8 .
+.Pp
 With
 .Cm virtio-net
 devices, the
@@ -572,7 +587,9 @@ must comply with
 .Xr netgraph 4
 addressing rules.
 .Pp
-The slirp backend can be used to provide a NATed network to the guest.
+The
+.Cm slirp
+backend can be used to provide a NATed network to the guest.
 This backend has poor performance but does not require any network
 configuration on the host system.
 It depends on the
diff --git a/usr.sbin/bhyve/net_backends.c b/usr.sbin/bhyve/net_backends.c
index 2d11c45f217a..95909d1f8ea2 100644
--- a/usr.sbin/bhyve/net_backends.c
+++ b/usr.sbin/bhyve/net_backends.c
@@ -119,7 +119,8 @@ tap_init(struct net_backend *be, const char *devname,
 		goto error;
 	}
 
-	if (ioctl(be->fd, VMIO_SIOCSIFFLAGS, up)) {
+	if (strncmp("ngd", be->prefix, 3) &&
+	    ioctl(be->fd, VMIO_SIOCSIFFLAGS, up)) {
 		EPRINTLN("tap device link up failed");
 		goto error;
 	}
@@ -273,8 +274,24 @@ static struct net_backend vmnet_backend = {
 	.set_cap = tap_set_cap,
 };
 
+/* A clone of the tap backend, with a different prefix. */
+static struct net_backend ngd_backend = {
+	.prefix = "ngd",
+	.priv_size = sizeof(struct tap_priv),
+	.init = tap_init,
+	.cleanup = tap_cleanup,
+	.send = tap_send,
+	.peek_recvlen = tap_peek_recvlen,
+	.recv = tap_recv,
+	.recv_enable = tap_recv_enable,
+	.recv_disable = tap_recv_disable,
+	.get_cap = tap_get_cap,
+	.set_cap = tap_set_cap,
+};
+
 DATA_SET(net_backend_set, tap_backend);
 DATA_SET(net_backend_set, vmnet_backend);
+DATA_SET(net_backend_set, ngd_backend);
 
 int
 netbe_legacy_config(nvlist_t *nvl, const char *opts)