From owner-freebsd-net@FreeBSD.ORG Fri Mar 9 12:30:52 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0357216A408 for ; Fri, 9 Mar 2007 12:30:52 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out5.smtp.messagingengine.com (out5.smtp.messagingengine.com [66.111.4.29]) by mx1.freebsd.org (Postfix) with ESMTP id C7A3913C4B4 for ; Fri, 9 Mar 2007 12:30:51 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out1.internal (unknown [10.202.2.149]) by out1.messagingengine.com (Postfix) with ESMTP id 24D961F6D5C; Fri, 9 Mar 2007 07:30:49 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by out1.internal (MEProxy); Fri, 09 Mar 2007 07:30:51 -0500 X-Sasl-enc: CPJal9ZGJ9rBardeqqPMMBmvyHotwHKqQqx/B8Esxqe/ 1173443450 Received: from [192.168.123.18] (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id BAFCA20ADA; Fri, 9 Mar 2007 07:30:49 -0500 (EST) Message-ID: <45F15378.3020207@FreeBSD.org> Date: Fri, 09 Mar 2007 12:30:48 +0000 From: "Bruce M. Simpson" User-Agent: Thunderbird 1.5.0.9 (X11/20070125) MIME-Version: 1.0 To: Frank Behrens References: <200703091036.l29AawwJ005466@pinky.frank-behrens.de> In-Reply-To: <200703091036.l29AawwJ005466@pinky.frank-behrens.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: tap(4) should go UP if opened X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2007 12:30:52 -0000 Frank Behrens wrote: > How does tun(4) handle this? tun(4) is also set to down, when closed. It is not set to up, when > ist is opened, but when an address is assigned by the user process. This is fine, because it > needs always an ip address. tap(4) as layer 2 tunnel device does not need an ip address, so > setting it up on open is IMHO the best solution. > > This isn't consistent with the other software cloneable interfaces which emulate certain layer 2 semantics, e.g. bridge, trunk, vlan; see below. > Sound this reasonable or how should I handle the tap(4) open by an user process, when this > process does not run as root? > I recently committed Landon Fuller's code which makes tap and tun cloneable interfaces which may then be created via 'ifconfig tap0 create'. Automatically setting the interface to IFF_UP is not consistent with the semantics for other network interfaces; it requires specific privileges (usually super-user or PRIV_NET_SETIFFLAGS in -CURRENT) to do. However, we also support the creation of tap/tun instances by non-super-users, so there is motivation for the change. Configuring a tap interface to up by a non-superuser should only be permitted if the interface itself was created by a non-superuser, and if net.link.tap.user_open is set to 1. A more involved patch is needed to do this right for all cases -- we should not do this by default. Regards, BMS