HardenedBSD/sbin/devd/hyperv.conf
Warner Losh d0b2dbfa0e Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
2023-08-16 11:55:03 -06:00

108 lines
3.6 KiB
Plaintext

#
# Hyper-V specific events
notify 10 {
match "system" "DEVFS";
match "subsystem" "CDEV";
match "type" "CREATE";
match "cdev" "hv_kvp_dev";
action "/usr/sbin/hv_kvp_daemon";
};
notify 10 {
match "system" "DEVFS";
match "subsystem" "CDEV";
match "type" "DESTROY";
match "cdev" "hv_kvp_dev";
action "pkill -x hv_kvp_daemon";
};
notify 11 {
match "system" "DEVFS";
match "subsystem" "CDEV";
match "type" "CREATE";
match "cdev" "hv_fsvss_dev";
action "/usr/sbin/hv_vss_daemon";
};
notify 11 {
match "system" "DEVFS";
match "subsystem" "CDEV";
match "type" "DESTROY";
match "cdev" "hv_fsvss_dev";
action "pkill -x hv_vss_daemon";
};
#
# Rules for non-transparent network VF.
#
# How network VF works with hn(4) on Hyper-V in non-transparent mode:
#
# - Each network VF has a corresponding hn(4).
# - The network VF and the it's corresponding hn(4) have the same hardware
# address.
# - Once the network VF is up, e.g. ifconfig VF up:
# o All of the transmission should go through the network VF.
# o Most of the reception goes through the network VF.
# o Small amount of reception may go through the corresponding hn(4).
# This reception will happen, even if the corresponding hn(4) is
# down. The corresponding hn(4) will change the reception interface
# to the network VF, so that network layer and application layer will
# be tricked into thinking that these packets were received by the
# network VF.
# o The corresponding hn(4) pretends the physical link is down.
# - Once the network VF is down or detached:
# o All of the transmission should go through the corresponding hn(4).
# o All of the reception goes through the corresponding hn(4).
# o The corresponding hn(4) fallbacks to the original physical link
# detection logic.
#
# All these features are mainly used to help live migration, during which
# the network VF will be detached, while the network communication to the
# VM must not be cut off. In order to reach this level of live migration
# transparency, we use failover mode lagg(4) with the network VF and the
# corresponding hn(4) attached to it.
#
# To ease user configuration for both network VF and non-network VF, the
# lagg(4) will be created by the following rules, and the configuration
# of the corresponding hn(4) will be applied to the lagg(4) automatically.
#
# NOTE:
# If live migration is not needed at all, the following rules could be
# commented out, and the network VF interface could be used exclusively.
# Most often the corresponding hn(4) could be completely ignored.
#
#
# Default workflow for the network VF bringup:
# 1) ETHERNET/IFATTACH -> VF interface up (delayed by rc.conf hyperv_vf_delay
# seconds). This operation will trigger HYPERV_NIC_VF/VF_UP.
# 2) HYPERV_NIC_VF/VF_UP:
# a) Create laggX corresponding to hnX.
# b) Add hnX and VF to laggX.
# c) Whack all previous network configuration on hnX, including stopping
# dhclient.
# d) Apply rc.conf ifconfig_hnX to laggX; i.e. including starting dhclient.
#
# NOTE:
# HYPERV_NIC_VF/VF_UP action script could be customized per-interface by
# adding /usr/libexec/hyperv/hyperv_vfup.hnX script.
# /usr/libexec/hyperv/hyperv_vfup could be used as the template for the
# customized per-interface script.
#
# NOTE:
# For transparent network VF, hyperv_vfattach does nothing and
# HYPERV_NIC_VF/VF_UP will not be triggered at all.
#
notify 10 {
match "system" "HYPERV_NIC_VF";
match "type" "VF_UP";
action "/usr/libexec/hyperv/hyperv_vfup $subsystem";
};
notify 10 {
match "system" "ETHERNET";
match "type" "IFATTACH";
action "/usr/libexec/hyperv/hyperv_vfattach $subsystem 0";
};