Lines 154-160
static const char vmnetname[] = "vmnet";
Link Here
|
154 |
static MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface"); |
154 |
static MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface"); |
155 |
static int tundebug = 0; |
155 |
static int tundebug = 0; |
156 |
static int tundclone = 1; |
156 |
static int tundclone = 1; |
157 |
static int tap_allow_uopen = 0; /* allow user open() */ |
|
|
158 |
static int tapuponopen = 0; /* IFF_UP on open() */ |
157 |
static int tapuponopen = 0; /* IFF_UP on open() */ |
159 |
static int tapdclone = 1; /* enable devfs cloning */ |
158 |
static int tapdclone = 1; /* enable devfs cloning */ |
160 |
|
159 |
|
Lines 174-181
SYSCTL_INT(_net_link_tun, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tundclone, 0,
Link Here
|
174 |
/* tap */ |
173 |
/* tap */ |
175 |
static SYSCTL_NODE(_net_link, OID_AUTO, tap, CTLFLAG_RW, 0, |
174 |
static SYSCTL_NODE(_net_link, OID_AUTO, tap, CTLFLAG_RW, 0, |
176 |
"Ethernet tunnel software network interface"); |
175 |
"Ethernet tunnel software network interface"); |
177 |
SYSCTL_INT(_net_link_tap, OID_AUTO, user_open, CTLFLAG_RW, &tap_allow_uopen, 0, |
|
|
178 |
"Allow user to open /dev/tap (based on node permissions)"); |
179 |
SYSCTL_INT(_net_link_tap, OID_AUTO, up_on_open, CTLFLAG_RW, &tapuponopen, 0, |
176 |
SYSCTL_INT(_net_link_tap, OID_AUTO, up_on_open, CTLFLAG_RW, &tapuponopen, 0, |
180 |
"Bring interface up when /dev/tap is opened"); |
177 |
"Bring interface up when /dev/tap is opened"); |
181 |
SYSCTL_INT(_net_link_tap, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tapdclone, 0, |
178 |
SYSCTL_INT(_net_link_tap, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tapdclone, 0, |
Lines 486-492
tunclone(void *arg, struct ucred *cred, char *name, int namelen,
Link Here
|
486 |
mayclone = priv_check_cred(cred, PRIV_NET_IFCREATE) == 0; |
483 |
mayclone = priv_check_cred(cred, PRIV_NET_IFCREATE) == 0; |
487 |
if ((tunflags & TUN_L2) != 0) { |
484 |
if ((tunflags & TUN_L2) != 0) { |
488 |
/* tap/vmnet allow user open with a sysctl */ |
485 |
/* tap/vmnet allow user open with a sysctl */ |
489 |
mayclone = (mayclone || tap_allow_uopen) && tapdclone; |
486 |
mayclone = mayclone && tapdclone; |
490 |
} else { |
487 |
} else { |
491 |
mayclone = mayclone && tundclone; |
488 |
mayclone = mayclone && tundclone; |
492 |
} |
489 |
} |
Lines 852-867
tunopen(struct cdev *dev, int flag, int mode, struct thread *td)
Link Here
|
852 |
return (error); /* Shouldn't happen */ |
849 |
return (error); /* Shouldn't happen */ |
853 |
} |
850 |
} |
854 |
|
851 |
|
|
|
852 |
#ifdef TAP_OPEN_PRIVILEGED |
855 |
if ((tunflags & TUN_L2) != 0) { |
853 |
if ((tunflags & TUN_L2) != 0) { |
856 |
/* Restrict? */ |
854 |
/* Restrict? */ |
857 |
if (tap_allow_uopen == 0) { |
855 |
error = priv_check(td, PRIV_NET_TAP); |
858 |
error = priv_check(td, PRIV_NET_TAP); |
856 |
if (error != 0) { |
859 |
if (error != 0) { |
857 |
CURVNET_RESTORE(); |
860 |
CURVNET_RESTORE(); |
858 |
return (error); |
861 |
return (error); |
|
|
862 |
} |
863 |
} |
859 |
} |
864 |
} |
860 |
} |
|
|
861 |
#endif |
865 |
|
862 |
|
866 |
/* |
863 |
/* |
867 |
* XXXRW: Non-atomic test and set of dev->si_drv1 requires |
864 |
* XXXRW: Non-atomic test and set of dev->si_drv1 requires |