Re: tap(4) should go UP if opened

Bruce, thanks for your answer!

Bruce M. Simpson <bms@xxxxxxxxxxx> wrote on 9 Mar 2007 12:30:
Frank Behrens wrote:
How does tun(4) handle this? tun(4) is also set to down, when closed. It is not set to up, when
ist is opened, but when an address is assigned by the user process. This is fine, because it
needs always an ip address. tap(4) as layer 2 tunnel device does not need an ip address, so
setting it up on open is IMHO the best solution.

This isn't consistent with the other software cloneable interfaces which
emulate certain layer 2 semantics, e.g. bridge, trunk, vlan; see below.

May be, but we have for tap(4) the possibility to attach a non root user process.

I recently committed Landon Fuller's code which makes tap and tun
cloneable interfaces which may then be created via 'ifconfig tap0 create'.

I appreciate that. :-) It was the reason to build a new 6.2 kernel and to try to run the attached
process not as root.

Automatically setting the interface to IFF_UP is not consistent with the
semantics for other network interfaces; it requires specific privileges
(usually super-user or PRIV_NET_SETIFFLAGS in -CURRENT) to do.

My idea is to set it to IFF_UP when the process _opens_ the interface. It can happen only if
1. the process has root provileges OR
2. net.link.tap.user_open=1 AND special rights are set on /dev/tapx

A more involved patch is needed to do this right for all cases -- we
should not do this by default.

But when it is useful to open a tap device by a non root process, when the tap is not IFF_UP?

May be my patch had not enough context to see immediately, where it fits into the game. To
make it easier for the reviewers I show the complete function:
/*
* tapopen
*
* to open tunnel. must be superuser
*/
static int
tapopen(struct cdev *dev, int flag, int mode, struct thread *td)
{
struct tap_softc *tp = NULL;
struct ifnet *ifp = NULL;
int error, s;

if (tapuopen == 0) {
error = suser(td);
if (error != 0)
return (error);
}

if ((dev2unit(dev) & CLONE_UNITMASK) > TAPMAXUNIT)
return (ENXIO);

tp = dev->si_drv1;

mtx_lock(&tp->tap_mtx);
if (tp->tap_flags & TAP_OPEN) {
mtx_unlock(&tp->tap_mtx);
return (EBUSY);
}

bcopy(IFP2ENADDR(tp->tap_ifp), tp->ether_addr, sizeof(tp->ether_addr));
tp->tap_pid = td->td_proc->p_pid;
tp->tap_flags |= TAP_OPEN;
ifp = tp->tap_ifp;
mtx_unlock(&tp->tap_mtx);

s = splimp();
ifp->if_drv_flags |= IFF_DRV_RUNNING;
ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
ifp->if_flags |= IFF_UP; /* ------- new line ------ */
splx(s);

TAPDEBUG("%s is open. minor = %#x\n", ifp->if_xname, minor(dev));

return (0);
} /* tapopen */


Regards,
Frank
--
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Is this possible??
    ... This has not been tested on a computer that does not have root ... Friday I put tape on the door, so the door opens even though it is ... Her computer is on and I see the dreaded login window. ... so I create a temporary account. ...
    (comp.sys.mac.system)
  • Re: Equivalent of su for GUI?
    ... I don't want to have to open a konsole and do "kdesu foo", ... have my GUI actions take effect with root privs. ... %u", so it opens the file with the regular association, only as root. ...
    (comp.os.linux.x)
  • Re: Permissions Question
    ... I was able to alter permissions to allow a regular user to ... If, in the console window I become root, then as ... root I can successfully start and user both iceape and openoffice. ... opens icewm with aforementioned problems. ...
    (Debian-User)
  • Re: root user
    ... >> root pw before it opens and then you can right click the file you want ... Then I changed their Icons to the Konq and Konsole Shell SVG Icons, ... Now I have 2 konsole and two Konq Icons on the task bar one red, ...
    (alt.os.linux.suse)