Commit Graph

28 Commits

Author SHA1 Message Date
kevans
0f415eea65 tun/tap: merge and rename to tuntap
tun(4) and tap(4) share the same general management interface and have a lot
in common. Bugs exist in tap(4) that have been fixed in tun(4), and
vice-versa. Let's reduce the maintenance requirements by merging them
together and using flags to differentiate between the three interface types
(tun, tap, vmnet).

This fixes a couple of tap(4)/vmnet(4) issues right out of the gate:
- tap devices may no longer be destroyed while they're open [0]
- VIMAGE issues already addressed in tun by kp

[0] emaste had removed an easy-panic-button in r240938 due to devdrn
blocking. A naive glance over this leads me to believe that this isn't quite
complete -- destroy_devl will only block while executing d_* functions, but
doesn't block the device from being destroyed while a process has it open.
The latter is the intent of the condvar in tun, so this is "fixed" (for
certain definitions of the word -- it wasn't really broken in tap, it just
wasn't quite ideal).

ifconfig(8) also grew the ability to map an interface name to a kld, so
that `ifconfig {tun,tap}0` can continue to autoload the correct module, and
`ifconfig vmnet0 create` will now autoload the correct module. This is a
low overhead addition.

(MFC commentary)

This may get MFC'd if many bugs in tun(4)/tap(4) are discovered after this,
and how critical they are. Changes after this are likely easily MFC'd
without taking this merge, but the merge will be easier.

I have no plans to do this MFC as of now.

Reviewed by:	bcr (manpages), tuexen (testing, syzkaller/packetdrill)
Input also from:	melifaro
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D20044
2019-05-08 02:32:11 +00:00
hselasky
30eed323c8 Disallow TUN and TAP character device IOCTLs to modify the network device
type to any value. This can cause page faults and panics due to accessing
uninitialized fields in the "struct ifnet" which are specific to the network
device type.

MFC after:	1 week
Found by:	jau@iki.fi
PR:		223767
Sponsored by:	Mellanox Technologies
2017-11-29 09:40:11 +00:00
glebius
50ede929e1 Redo r274966. Instead of global all-interface all-vnet undocumented sysctl,
use per-interface flag, and document it.

Sponsored by:	Nginx, Inc.
2015-04-10 09:50:13 +00:00
brueffer
33d4745855 Remove EOL whitespace.
Found with:	mandoc -Tlint
2014-12-21 10:04:26 +00:00
peterj
058535ab0f Cross reference tap(4) and tun(4) and include a short explanation as
to how they differ.  This will assist users in selecting which interface
is more appropriate for their purposes.

Approved by:	grog (co-mentor)
MFC after:	2 week
2014-11-30 04:50:13 +00:00
jmg
084b35d30b convert .Nm to proper .Xr's... 2014-11-04 08:22:08 +00:00
glebius
2df3f34dc8 Don't mention no longer supported ioctl commands. 2012-01-26 10:53:39 +00:00
uqs
3960614646 mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
emax
3ce5090dce Document TAPGIFNAME, TAPSIFINFO and TAPGIFINFO tap(4)
character device ioctl's.

MFC after:	1 week
2008-09-08 22:44:51 +00:00
bms
52a90d88fa Document net.link.tap.up_on_open.
PR:		110383
Submitted by:	Frank Behrens
MFC after:	2 weeks
2007-03-19 18:27:00 +00:00
bms
77c2e11309 Implement ifnet cloning for tun(4)/tap(4).
Make devfs cloning a sysctl/tunable which defaults to on.

If devfs cloning is enabled, only the super-user may create
tun(4)/tap(4)/vmnet(4) instances. Devfs cloning is still enabled by
default; it may be disabled from the loader or via sysctl with
"net.link.tap.devfs_cloning" and "net.link.tun.devfs_cloning".

Disabling its use affects potentially all tun(4)/tap(4) consumers
including OpenSSH, OpenVPN and VMware.

PR:		105228 (potentially also 90413, 105570)
Submitted by:	Landon Fuller
Tested by:	Andrej Tobola
Approved by:	core (rwatson)
MFC after:	4 weeks
2007-02-04 16:32:46 +00:00
mdodd
6f55c85dec Provide a sysctl (net.link.tap.user_open) to allow unpriviliged
acces to tap(4) device nodes based on file system permission.

Duplicate the 'debug.if_tap_debug' sysctl under the
'net.link.tap' hierarchy.
2005-04-13 00:30:19 +00:00
ru
1541af42f1 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
ru
1c23ef339b mdoc(7): Use the new feature of the .In macro. 2003-09-08 19:57:22 +00:00
keramida
1eaf47abcc Delete MAKEDEV references and update the text about /dev/foo control
devices that return the next available device when opened.

PR:		50280, 50281, 50282, 50283
Submitted by:	Sergey A.Osokin <osa@FreeBSD.org.ru>
2003-03-25 14:49:02 +00:00
ru
6d3a461a4f mdoc(7) police: scheduled sweep.
Approved by:	re
2002-11-29 11:39:20 +00:00
trhodes
6d87908c0d Make a few content fixes/additions to tap(4) manual page.
PR:		36985
Submitted by:	Hiten Pandya <hiten@uk.FreeBSD.org>
MFC after:	4 days
2002-04-12 22:06:16 +00:00
ru
d8fc65b1fe mdoc(7) police: removed hard sentence breaks. 2001-09-11 10:08:29 +00:00
dd
37a10edce3 can not -> cannot 2001-09-05 13:33:55 +00:00
brooks
c1c22aa958 Add cloning support for the tap(4) device similar to that in the tun(4)
device.

Submitted by:   Maksim Yevmenkin <myevmenk@digisle.net>
2001-09-05 01:06:21 +00:00
ru
4345758876 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
schweikh
c91401db41 pseudo-device -> device in kernel config lines. Removed whitespace at EOL.
Reviewed by:	joerg, dd
2001-05-01 09:15:30 +00:00
ru
8a6f8b5fe4 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
ru
17ba214098 Prepare for mdoc(7)NG. 2000-12-29 09:18:45 +00:00
ru
0100fd6e93 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 18:41:33 +00:00
ru
7d99729431 Use Fx macro wherever possible. 2000-11-14 11:20:58 +00:00
nsayer
72460d1dc9 Minor man page corrections and fixups to document the difference between
tap and vmnet style devices.

Submitted by:	Vladimir
2000-08-02 17:27:39 +00:00
nsayer
14503a8247 Add the tap driver.
The tap driver is used to present a virtual Ethernet interface to the
system. Packets presented by the network stack to the interface are
made available to a character device in /dev. With tap and the bridge
code, you can make remote bridge configurations where both sides of
the bridge are separated by userland daemons.

This driver also has a special naming hack to allow it to serve a similar
purpose to the vmware port.

Submitted by:	myevmenkin@att.com, vsilyaev@mindspring.com
2000-07-20 17:01:10 +00:00