i think this is enough to let vmd wire guests up to veb interfaces.
please remember that veb is not the same as bridge, so some care
has to be taken when replacing bridge with veb. the biggest difference
to note is that if you want the host to talk layer 3 (ie, ip, dhcp,
etc) with the guests, the host must have a vport(4) interface set
up for l3 and added to the veb(4). if you used vether for that, just
replace the vether interfaces with vports.
you can also have guests isolated from the host by not having vport
interfaces on their veb. you can still add a physical interface to the
veb to let guests talk l2 to the real world without having them talk to
the host they're running on.
lastly, veb doesnt filter (non-vport) ports by default. if you're
using pf and bridge to filter between guests, you have to allow pf
to run on veb by setting the link1 flag. care must be taken if
you're also filtering with pf on a vport(4) interface. if anyone is
having trouble with this bit and wants some more pointers, let me know.
i suspect you'll learn more from bitter experience though.
Index: config.c
===================================================================
RCS file: /cvs/src/usr.sbin/vmd/config.c,v
retrieving revision 1.58
diff -u -p -r1.58 config.c
--- config.c 11 May 2019 19:55:14 -0000 1.58
+++ config.c 26 Feb 2021 21:17:19 -0000
@@ -40,7 +40,7 @@
#include "vmd.h"
/* Supported bridge types */
-const char *vmd_descsw[] = { "switch", "bridge", NULL };
+const char *vmd_descsw[] = { "switch", "bridge", "veb", NULL };
static int config_init_localprefix(struct vmd_config *);
Index: priv.c
===================================================================
RCS file: /cvs/src/usr.sbin/vmd/priv.c,v
retrieving revision 1.15
diff -u -p -r1.15 priv.c
--- priv.c 28 Jun 2019 13:32:51 -0000 1.15
+++ priv.c 26 Feb 2021 21:17:19 -0000
@@ -81,7 +81,8 @@ priv_run(struct privsep *ps, struct priv
int
priv_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
{
- const char *desct[] = { "tap", "switch", "bridge", NULL };
+ const char *desct[] = { "tap", "switch", "bridge",
+ "veb", NULL };
struct privsep *ps = p->p_ps;
struct vmop_ifreq vfr;
struct vmd *env = ps->ps_env;
