Add support for raw bridging to an external interface for bhyve.

2023-05-29 17:41:02 -04:00 · 2023-05-29 17:41:02 -04:00 · 5f4939c9e6
commit 5f4939c9e6
parent 11079ff524
1 changed files with 46 additions and 6 deletions
--- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
+++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
@ -34,6 +34,13 @@ function main {
    fi
 }

+function die {
+    local status_code="$1"
+    shift
+    (>&2 echo "${@}")
+    exit "$status_code"
+}
+
 function create_disk {
    zfs_path="$1"
    mount_path="$2"
@ -43,6 +50,7 @@ function create_disk {
    tee "${mount_path}/settings" <<EOF
 CPU_CORES=1
 MEMORY=1G
+NETWORK=NAT
 EOF
    zfs create -s "-V${gigabytes}G" -o volmode=dev "$zfs_path/disk0"
 }
@ -51,22 +59,30 @@ function start_vm {
    name="$1"
    zfs_path="$2"
    mount_path="$3"
-    host_interface_name="$4"
+    host_interface_name="$4" # for raw, external interface
    bridge_name="bridge_${host_interface_name}"
-    ip_range="$5"
+    ip_range="$5" # for raw this value does not matter
    mount_cd="${6:-}"

    mac_address=$(calculate_mac_address "$name")

-    assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
-    bridge_link_name=$(detect_available_link "${bridge_name}")
-
-
    CPU_CORES=1
    MEMORY=1G
+    NETWORK="NAT"
    if [ -e "${mount_path}/settings" ]; then
        source "${mount_path}/settings"
    fi
+
+    if [ "$NETWORK" = "NAT" ]; then
+        assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"
+    elif [ "$NETWORK" = "RAW" ]; then
+        assert_raw "$host_interface_name" "$bridge_name"
+    else
+        die 1 "Unrecognized NETWORK type $NETWORK"
+    fi
+    bridge_link_name=$(detect_available_link "${bridge_name}")
+
+
    # -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
         # -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
             # -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
@ -152,6 +168,30 @@ EOF
    fi
 }

+function assert_raw {
+    extif="$1"
+    bridge_name="$2"
+
+    kldload -n ng_bridge ng_eiface ng_ether
+
+    if ! ng_exists "${bridge_name}:"; then
+        ngctl -d -f - <<EOF
+# Create a bridge.
+mkpeer $extif: bridge lower link0
+# Assign a name to the bridge.
+name $extif:lower ${bridge_name}
+# Since the host is also using $extif, we need to connect the upper hook also. Otherwise we will lose connectivity.
+connect $extif: ${bridge_name}: upper link1
+
+# Enable promiscuous mode so the host ethernet adapter accepts packets for all addresses
+msg $extif: setpromisc 1
+
+# Do not overwrite source address on packets
+msg $extif: setautosrc 0
+EOF
+    fi
+}
+
 function ng_exists {
    ngctl status "${1}" >/dev/null 2>&1
 }