disable the ability to change tun(4) mode from p2p to bcast and back again

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

disable the ability to change tun(4) mode from p2p to bcast and back again

David Gwynne-5
Currently you can change a tun interface from being point to point to
being a broadcast interface. Why?

This cuts out the ability to change it. Note that the ioctl code is
shared by tap, so it still has IFF_BROADCAST code that gets run, you
should just not be able to change the flags, only read them.

With the above in mind, this also removes the ability to make a tap
interface point to point. Why would you want that too?

This was noticed by tedu while playing with wg, and it confused me. But
that is true for a lot of tap stuff atm. Does anyone really use all the
ioctl buttons that tap provides?

ok?

Index: if_tun.c
===================================================================
RCS file: /cvs/src/sys/net/if_tun.c,v
retrieving revision 1.184
diff -u -p -r1.184 if_tun.c
--- if_tun.c 3 Feb 2019 23:04:49 -0000 1.184
+++ if_tun.c 4 Feb 2019 02:00:14 -0000
@@ -104,7 +104,7 @@ int tundebug = TUN_DEBUG;
 #endif
 
 /* Only these IFF flags are changeable by TUNSIFINFO */
-#define TUN_IFF_FLAGS (IFF_UP|IFF_POINTOPOINT|IFF_MULTICAST|IFF_BROADCAST)
+#define TUN_IFF_FLAGS (IFF_UP)
 
 void tunattach(int);
 
@@ -650,15 +650,9 @@ tun_dev_ioctl(struct tun_softc *tp, u_lo
  break;
 #endif
  case TUNSIFMODE:
- switch (*(int *)data & (IFF_POINTOPOINT|IFF_BROADCAST)) {
- case IFF_POINTOPOINT:
- case IFF_BROADCAST:
- tp->tun_if.if_flags &= ~TUN_IFF_FLAGS;
- tp->tun_if.if_flags |= *(int *)data & TUN_IFF_FLAGS;
- break;
- default:
+ if ((*(int *)data & (IFF_POINTOPOINT|IFF_BROADCAST)) !=
+    (tp->tun_if.if_flags & (IFF_POINTOPOINT|IFF_BROADCAST)))
  return (EINVAL);
- }
  break;
 
  case FIONBIO:

Reply | Threaded
Open this post in threaded view
|

Re: disable the ability to change tun(4) mode from p2p to bcast and back again

Tim Kuijsten-3
On Mon, Feb 04, 2019 at 12:07:22PM +1000, David Gwynne wrote:
>Currently you can change a tun interface from being point to point to
>being a broadcast interface. Why?

I'm using broadcast mode in my own wireguard implementation because
there can be more than one peer on the network:
https://github.com/timkuijsten/uwg/blob/ccd39c6a9bdf36575a3bb3db06c438a2241c1134/ifn.c#L1868

-Tim

Reply | Threaded
Open this post in threaded view
|

Re: disable the ability to change tun(4) mode from p2p to bcast and back again

David Gwynne-5


> On 4 Feb 2019, at 22:00, Tim Kuijsten <[hidden email]> wrote:
>
> On Mon, Feb 04, 2019 at 12:07:22PM +1000, David Gwynne wrote:
>> Currently you can change a tun interface from being point to point to
>> being a broadcast interface. Why?
>
> I'm using broadcast mode in my own wireguard implementation because there can be more than one peer on the network:
> https://github.com/timkuijsten/uwg/blob/ccd39c6a9bdf36575a3bb3db06c438a2241c1134/ifn.c#L1868

But there's only one process sucking on the /dev entry, so there's just the one pipe. Does it make a difference to the routes you can add whether tun is only point to point, or is broadcast required? I don't see uwg itself adding routes, do you do that outside it?

dlg

Reply | Threaded
Open this post in threaded view
|

Re: disable the ability to change tun(4) mode from p2p to bcast and back again

Tim Kuijsten-3
On Tue, Feb 05, 2019 at 01:50:25PM +1000, David Gwynne wrote:

>
>
>> On 4 Feb 2019, at 22:00, Tim Kuijsten <[hidden email]> wrote:
>>
>> On Mon, Feb 04, 2019 at 12:07:22PM +1000, David Gwynne wrote:
>>> Currently you can change a tun interface from being point to point to
>>> being a broadcast interface. Why?
>>
>> I'm using broadcast mode in my own wireguard implementation because there can be more than one peer on the network:
>> https://github.com/timkuijsten/uwg/blob/ccd39c6a9bdf36575a3bb3db06c438a2241c1134/ifn.c#L1868
>
>But there's only one process sucking on the /dev entry, so there's just the one pipe. Does it make a difference to the routes you can add whether tun is only point to point, or is broadcast required? I don't see uwg itself adding routes, do you do that outside it?

I don't need to manually add routes. If I bring the interface up without
the IFF_POINTOPOINT flag, then as soon as I assign the address and
netmask to the interface a route for the subnet is automatically added
[1].

About the IFF_BROADCAST flag, I thought not setting IFF_BROADCAST would
imply IFF_POINTOPOINT but now I see I read tun(4) the wrong way and it's
perfectly fine to run without IFF_POINTOPOINT and without IFF_BROADCAST.

[1] https://github.com/timkuijsten/uwg/blob/master/ifn.c#L294