.TH VDE_PLUG 1 "August 23, 2016" "Virtual Distributed Ethernet" .SH NAME vde_plug \- Virtual Distributed Ethernet plug (two plugs creates a vde cable) .SH SYNOPSIS .B vde_plug [ .I OPTIONS ] [ .I vde_plug_url ] .br .B vde_plug [ .I OPTIONS ] .I vde_plug_url .I vde_plug_url .br .B vde_plug [ .I OPTIONS ] .B = .I command [ .I args ] .br .B vde_plug [ .I OPTIONS ] .I vde_plug_url .B = .I command [ .I args ] .br .SH DESCRIPTION A \fBvde_plug\fR is a plug to be connected into a VDE network. VDE network sockets are named using the vde_plug_url syntax, i.e. \fImodule\fB://\fIspecific_address\fR. e.g. \fBvde:///home/user/myswitch\fR or \fBvxvde://239.0.0.1\fR. The default module is \fBlibvdeplug_vde(1)\fR (connection to a \fBvde_switch(1)\fR) and can be omitted. e.g. \fB/home/user/myswitch\fR means \fBvde:///home/user/myswitch\fR \fBvde_plug\fR can have zero, one or two vde_plug_url arguments. In case of zero or one argument the network communication is converted in a byte stream. Packets from the VDE network are sent to stdout and bytes from stdin are converted into packets and injected in the VDE network. When a vde_plug_url is omitted or it is an empty argument (\fB''\fR) \fBvde_plug\fR tries to connect to a default network (defined by the user in \fB$HOME/.vde2/default.switch\fR otherwise \fBvde:///run/vde.ctl\fR or \fBvde:///tmp/vde.ctl\fR). This tool has been designed to be used together with .B dpipe (1) to interconnect a second vde_plug to another switch, working as a virtual ethernet crossed cable between the two switches. The command .RS .br .B dpipe vde_plug = vde_plug vde:///tmp/vde2.ctl .RE connects two local switches: the former is using the standard control socket /tmp/vde.ctl (or /var/run/vde.ctl) while the latter is using /tmp/vde2.ctl. \fBvde_plug\fR creates a virtual cable between to VDE networks when two vde_plug_url arguments are present in the command line. The previous command is equivalent to: .RS .br .B vde_plug /tmp/vde.ctl /tmp/vde2.ctl .RE The following example connects a vxvde network to a tap interfave .RS .br .B vde_plug vxvde://239.1.2.3 tap://mytap .RE The command .RS .br .B dpipe vde_plug = ssh remote.machine.org vde_plug .RE connects two remote switches. If for example the two vde_switches run as daemon and they are connected to tap interfaces a level 2 encrypted tunnel is established. While \fBdpipe\fR supports more complex vitrual network structures (e.g. including \fBwirefilter(1)\fR to emulate network conditions) \fBvde_plug\fR has been designed to provide simple syntax options to implement the most common virtual network scenarios. It is possible to use an equal sign (\fB=\fR) followed by a command and its optional arguments in place of the second vde_plug_url. In this case the packets from/to the network are converted into a bidirectional byte stream provided as stdin and stdout to the command. The previous command have the same effect of: .RS .br .B vde_plug = ssh remote.machine.org vde_plug .RE (the first vde_plug_url is omitted). This example: .RS .br .B vde_plug vxvde://239.1.2.3 = ssh vde_plug tap://remotetap .RE connects a vxvde network to a tap interface of a remote host. vde_plug can also be established as a login shell for users. The following command works as in the previous example .RS .br .B vde_plug = ssh vdeuser@remote.machine.org vde_plug .RE where vdeuser is the user with vde_plug as standard shell. All the remote accesses are logged by syslog at the beginning and at the end of each session and the IP address used are logged if \fBvdeuser\fR belongs to the \fBvdeplug_iplog\fR group. Attempts to login without the command vde_plug at the end or to run on the remote host other commands but vde_plug are blocked and the violation is logged by syslog. .SH OPTIONS .TP \fB\-d .TQ \fB\-\-daemon run as a daemon. .TP \fB\-p\fR \fIPIDFILE .TQ \fB\-\-pidfile\fR \fIPIDFILE write the process id to the file \fIPIDFILE\fR .TP \fB\-l .TQ \fB\-\-log log START/STOP of vde_plug on syslog .TP \fB\-L .TQ \fB\-\-iplog log START/STOP of vde_plug and the IP addresses of hosts seen on the stream (or on the second vde_plug_url) on syslog. .TP \fB\-\-port "\fIportnum\fP" Obsolete option, use the syntax of the libvdeplug_vde module instead, add the port number in square brackets suffix (e.g. \fBvde://tmp/myswitch[10]\fR). It is possible to decide which port of the switch to use. When this option is not specified the switch assigns the first available unused port (if any). It is possible to connect several cables in the same switch port: in this way all this cables work concurrently. It means that packet can result as duplicate but no ARP table loops are generated. Is useful when vde is used for mobility. Several physical interfaces can be used at a time during handoffs to prevent hichups in connectivity. log START/STOP of vde_plug on syslog .TP \fB\-g \fIgroup .TQ \fB\-\-group \fIgroup group ownership of the communication socket. For security when more want to share a switch it is better to use a unix group to own the comm sockets so that the network traffic cannot be sniffed. .TP \fB\-m \fIoctal-mode\fR .TQ \fB\-\-mod \fIoctal-mode\fR octal chmod like permissions for the comm sockets .TP \fB\-G \-M .TQ \fB\-\-port2 \-\-group2 \-\-mod2 These options, valid in the syntax with two vde_plug_urls, have the the same meaning of \-p \-g \-m. The uppercase options or the long options with a trailing 2 refer to the second vde_plug_url. .TP \fB\-D\fR \fIDESCR .TQ \fB\-\-descr\fR \fIDESCR set the description of this connection to \fIDESCR\fR (e.g. port/print command on a vde_switch shows this description). .SH NOTICE Virtual Distributed Ethernet is not related in any way with www.vde.com ("Verband der Elektrotechnik, Elektronik und Informationstechnik" i.e. the German "Association for Electrical, Electronic & Information Technologies"). .SH SEE ALSO \fBvde_switch\fP(1), \fBvdeq\fP(1), \fBdpipe\fP(1), \fBlibvdeplug_p2p.1\fR, \fBlibvdeplug_udp.1\fR, \fBlibvdeplug_vxlan.1\fR, \fBlibvdeplug_tap.1\fR, \fBlibvdeplug_vde.1\fR, \fBlibvdeplug_vxvde.1\fR. .br .SH AUTHOR VDE is a project by Renzo Davoli