From owner-freebsd-current@freebsd.org Sat Jul 18 11:22:31 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C73443652D7 for ; Sat, 18 Jul 2020 11:22:31 +0000 (UTC) (envelope-from me@anatoli.ws) Received: from out-mx.anatoli.ws (out-mx.anatoli.ws [177.54.157.124]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "out-mx.anatoli.ws", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B85F26jrWz48tc for ; Sat, 18 Jul 2020 11:22:30 +0000 (UTC) (envelope-from me@anatoli.ws) Received: from [192.168.0.1] (unknown [192.168.0.1]) by out-mx.oprbox.com (Postfix) with ESMTPSA id 02D691E00BCA for ; Sat, 18 Jul 2020 11:22:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anatoli.ws; s=vnptcm0lqn; t=1595071342; bh=14PJkBZK0qy0Ajcu1rMjYMJr9go14yUfCQNj9hhZdRo=; h=To:From:Subject:Date; b=PB8I7ItUYXNlp10UGdMU0f80GmL8lbdZhPN/xGMAKQ851ppLgO+4hVcBaT8wk48UN B3HX8VaWzxByzZKZSRWrZDD2cpo/UZDummh1t1gpmwU8yRmVzpIGV+mx08mVvoBaGk UynZ1xI3PQTx6/xBf9ZoB07ybwgr48i+jMf7EFcMPAbjiB/yNYQ53q8Hi2RZRyphjr sXd0ZMx12bAyT01QrPwQz29ishv+jWY4QEpvFIPBTgUkCrLzZ3clV1prJ/mjCIHXWl 9qEVaC75OjVa09D+qRUNwcwecxsLkgJFKmLtELKvm4ox47PQWuxquM/pMqS84zAW6D cBGwyRZfNocVw== To: FreeBSD Current From: Anatoli Subject: PCI passthru now working for OpenBSD guests in FreeBSD bhyve Message-ID: <763c7ad3-6948-a20c-b0c8-8fedddeff3f7@anatoli.ws> Date: Sat, 18 Jul 2020 08:22:19 -0300 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4B85F26jrWz48tc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=anatoli.ws header.s=vnptcm0lqn header.b=PB8I7ItU; dmarc=pass (policy=reject) header.from=anatoli.ws; spf=pass (mx1.freebsd.org: domain of me@anatoli.ws designates 177.54.157.124 as permitted sender) smtp.mailfrom=me@anatoli.ws X-Spamd-Result: default: False [-2.63 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[anatoli.ws:s=vnptcm0lqn]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_HAM_LONG(-0.99)[-0.988]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.01)[-1.013]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[anatoli.ws:+]; DMARC_POLICY_ALLOW(-0.50)[anatoli.ws,reject]; NEURAL_HAM_SHORT(-0.13)[-0.132]; R_SPF_ALLOW(-0.20)[+a:out-mx.anatoli.ws]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:262287, ipnet:177.54.156.0/22, country:BR]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jul 2020 11:22:31 -0000 Hi All, Just FYI, after years of PCI passthru* not working for OpenBSD guests in FreeBSD bhyve due to 2 bugs, a week ago the fixes were made available in FreeBSD 12.1-RELEASE-p7. Now it's possible to use an OpenBSD guest as a main firewall for a FreeBSD host, OpenBSD guest taking full control of the internet-connected NIC, isolating this way the host and other guests from unrestricted network flow. The details were recently published in the FreeBSD Quarterly Status Report - Second Quarter 2020: [1]. Regards, Anatoli * PCI devices passthru is a technique to pass host PCI devices to a virtual machine for its exclusive control and use. [1] https://www.freebsd.org/news/status/report-2020-04-2020-06.html#PCI-passthrough-with-bhyve-on-Intel-and-for-OpenBSD-guests