Date: Wed, 14 Mar 2007 13:09:25 +0000 From: "Bruce M. Simpson" <bms@FreeBSD.org> To: Frank Behrens <frank@pinky.sax.de> Cc: freebsd-net@freebsd.org Subject: Re: tap(4) should go UP if opened Message-ID: <45F7F405.4040607@FreeBSD.org> In-Reply-To: <200703141213.l2ECDntN087975@pinky.frank-behrens.de> References: <200703091036.l29AawwJ005466@pinky.frank-behrens.de> <200703141213.l2ECDntN087975@pinky.frank-behrens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------040501000203090403080306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
Frank Behrens wrote:
> If we have no possibility to mark the interface as UP for the non-root process the
> net.link.tap.user_open=1 is useless, because we can not transmit any packets. With the
> patch the interface goes UP only, when the administrator allowed non-root user access.
>
>
The conditional in the second patch is a no-op as the open will be
forbidden if the user did not have privilege to open the tap. Bringing
the interface up by default potentially violates POLA, so this should
not happen by default.
Please try the attached patch, which puts this behaviour under a sysctl.
Thanks,
BMS
--------------040501000203090403080306
Content-Type: text/x-patch;
name="tapuponopen.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="tapuponopen.diff"
==== //depot/user/bms/netdev/sys/net/if_tap.c#1 - /home/bms/p4/netdev/sys/net/if_tap.c ====
--- /tmp/tmp.58336.0 Wed Mar 14 13:06:09 2007
+++ /home/bms/p4/netdev/sys/net/if_tap.c Wed Mar 14 13:05:54 2007
@@ -150,7 +150,8 @@
*/
static struct mtx tapmtx;
static int tapdebug = 0; /* debug flag */
-static int tapuopen = 0; /* allow user open() */
+static int tapuopen = 0; /* allow user open() */
+static int tapuponopen = 0; /* IFF_UP on open() */
static int tapdclone = 1; /* enable devfs cloning */
static SLIST_HEAD(, tap_softc) taphead; /* first device */
static struct clonedevs *tapclones;
@@ -164,6 +165,8 @@
"Ethernet tunnel software network interface");
SYSCTL_INT(_net_link_tap, OID_AUTO, user_open, CTLFLAG_RW, &tapuopen, 0,
"Allow user to open /dev/tap (based on node permissions)");
+SYSCTL_INT(_net_link_tap, OID_AUTO, up_on_open, CTLFLAG_RW, &tapuponopen, 0,
+ "Bring interface up when /dev/tap is opened");
SYSCTL_INT(_net_link_tap, OID_AUTO, devfs_cloning, CTLFLAG_RW, &tapdclone, 0,
"Enably legacy devfs interface creation");
SYSCTL_INT(_net_link_tap, OID_AUTO, debug, CTLFLAG_RW, &tapdebug, 0, "");
@@ -502,6 +505,8 @@
s = splimp();
ifp->if_drv_flags |= IFF_DRV_RUNNING;
ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
+ if (tapuponopen)
+ ifp->if_flags |= IFF_UP;
splx(s);
TAPDEBUG("%s is open. minor = %#x\n", ifp->if_xname, minor(dev));
--------------040501000203090403080306--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45F7F405.4040607>