diff options
author | bms <bms@FreeBSD.org> | 2007-02-04 16:32:46 +0000 |
---|---|---|
committer | bms <bms@FreeBSD.org> | 2007-02-04 16:32:46 +0000 |
commit | 77c2e113090f513f7876ee5e02f61ab600b319cf (patch) | |
tree | 2b8098cffbe0971d05ca5c30201a51b937a1e7f9 /share/man/man4 | |
parent | 4e9c971afca066f77117383709ba6fa8ee6a6f12 (diff) | |
download | FreeBSD-src-77c2e113090f513f7876ee5e02f61ab600b319cf.zip FreeBSD-src-77c2e113090f513f7876ee5e02f61ab600b319cf.tar.gz |
Implement ifnet cloning for tun(4)/tap(4).
Make devfs cloning a sysctl/tunable which defaults to on.
If devfs cloning is enabled, only the super-user may create
tun(4)/tap(4)/vmnet(4) instances. Devfs cloning is still enabled by
default; it may be disabled from the loader or via sysctl with
"net.link.tap.devfs_cloning" and "net.link.tun.devfs_cloning".
Disabling its use affects potentially all tun(4)/tap(4) consumers
including OpenSSH, OpenVPN and VMware.
PR: 105228 (potentially also 90413, 105570)
Submitted by: Landon Fuller
Tested by: Andrej Tobola
Approved by: core (rwatson)
MFC after: 4 weeks
Diffstat (limited to 'share/man/man4')
-rw-r--r-- | share/man/man4/tap.4 | 37 | ||||
-rw-r--r-- | share/man/man4/tun.4 | 37 |
2 files changed, 65 insertions, 9 deletions
diff --git a/share/man/man4/tap.4 b/share/man/man4/tap.4 index c82220b..98861d8 100644 --- a/share/man/man4/tap.4 +++ b/share/man/man4/tap.4 @@ -1,7 +1,7 @@ .\" $FreeBSD$ .\" Based on PR#2411 .\" -.Dd July 9, 2000 +.Dd February 4, 2007 .Os .Dt TAP 4 .Sh NAME @@ -41,11 +41,26 @@ The network interfaces are named etc., one for each control device that has been opened. These Ethernet network interfaces persist until .Pa if_tap.ko -module is unloaded (if +module is unloaded, or until removed with "ifconfig destroy" (see below). +.Pp +.Nm +devices are created using interface cloning. +This is done using the +.Dq ifconfig tap Ns Sy N No create +command. +This is the preferred method of creating .Nm -is built into your kernel, the network interfaces cannot be removed). +devices. +The same method allows removal of interfaces. +For this, use the +.Dq ifconfig tap Ns Sy N No destroy +command. .Pp -The +If the +.Xr sysctl 8 +variable +.Va net.link.tap.devfs_cloning +is non-zero, the .Nm interface permits opens on the special control device @@ -57,9 +72,21 @@ will return a handle for the lowest unused device (use .Xr devname 3 to determine which). +.Pp +.Bf Em +Disabling the legacy devfs cloning functionality may break existing +applications which use +.Nm , +such as +.Tn VMware +and +.Xr ssh 1 . +It therefore defaults to being enabled until further notice. +.Ef +.Pp Control devices (once successfully opened) persist until .Pa if_tap.ko -is unloaded in the same way that network interfaces persist (see above). +is unloaded or the interface is destroyed. .Pp Each interface supports the usual Ethernet network interface .Xr ioctl 2 Ns s , diff --git a/share/man/man4/tun.4 b/share/man/man4/tun.4 index d6dd862..e162ef4 100644 --- a/share/man/man4/tun.4 +++ b/share/man/man4/tun.4 @@ -2,7 +2,7 @@ .\" $FreeBSD$ .\" Based on PR#2411 .\" -.Dd October 9, 2006 +.Dd February 4, 2007 .Dt TUN 4 .Os .Sh NAME @@ -42,11 +42,28 @@ The network interfaces are named etc., one for each control device that has been opened. These network interfaces persist until the .Pa if_tun.ko -module is unloaded (if +module is unloaded, or until removed with the +.Xr ifconfig 8 +command. +.Pp +.Nm +devices are created using interface cloning. +This is done using the +.Dq ifconfig tap Ns Sy N No create +command. +This is the preferred method of creating .Nm -is built into your kernel, the network interfaces cannot be removed). +devices. +The same method allows removal of interfaces. +For this, use the +.Dq ifconfig tap Ns Sy N No destroy +command. .Pp -The +If the +.Xr sysctl 8 +variable +.Va net.link.tun.devfs_cloning +is non-zero, the .Nm interface permits opens on the special control device @@ -58,6 +75,18 @@ will return a handle for the lowest unused device (use .Xr devname 3 to determine which). +.Pp +.Bf Em +Disabling the legacy devfs cloning functionality may break existing +applications which use +.Nm , +such as +.Xr ppp 8 +and +.Xr ssh 1 . +It therefore defaults to being enabled until further notice. +.Ef +.Pp Control devices (once successfully opened) persist until .Pa if_tun.ko is unloaded in the same way that network interfaces persist (see above). |