don't allow changing the if_type of tun(4) and tap(4) interfaces from userland

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

don't allow changing the if_type of tun(4) and tap(4) interfaces from userland

David Gwynne-5
making tun(4) not IFT_TUNNEL and tap(4) not IFT_ETHER makes for some
interesting possibilities for fun with the rest of the kernel. I think
we should just not allow the if_types to be changed.

I have another diff somewhere to prevent changing the flags
(IFF_BROADCAST etc) somewhere too, but we can start here.

ok?

Index: if_tun.c
===================================================================
RCS file: /cvs/src/sys/net/if_tun.c,v
retrieving revision 1.186
diff -u -p -r1.186 if_tun.c
--- if_tun.c 12 May 2019 16:38:02 -0000 1.186
+++ if_tun.c 10 Jun 2019 06:13:22 -0000
@@ -623,8 +623,9 @@ tun_dev_ioctl(struct tun_softc *tp, u_lo
  tunp = (struct tuninfo *)data;
  if (tunp->mtu < ETHERMIN || tunp->mtu > TUNMRU)
  return (EINVAL);
+ if (tunp->type != tp->tun_if.if_type)
+ return (EINVAL);
  tp->tun_if.if_mtu = tunp->mtu;
- tp->tun_if.if_type = tunp->type;
  tp->tun_if.if_flags =
     (tunp->flags & TUN_IFF_FLAGS) |
     (tp->tun_if.if_flags & ~TUN_IFF_FLAGS);

Reply | Threaded
Open this post in threaded view
|

Re: don't allow changing the if_type of tun(4) and tap(4) interfaces from userland

Claudio Jeker
On Mon, Jun 10, 2019 at 04:19:47PM +1000, David Gwynne wrote:
> making tun(4) not IFT_TUNNEL and tap(4) not IFT_ETHER makes for some
> interesting possibilities for fun with the rest of the kernel. I think
> we should just not allow the if_types to be changed.
>
> I have another diff somewhere to prevent changing the flags
> (IFF_BROADCAST etc) somewhere too, but we can start here.
>
> ok?

OK claudio@
 

> Index: if_tun.c
> ===================================================================
> RCS file: /cvs/src/sys/net/if_tun.c,v
> retrieving revision 1.186
> diff -u -p -r1.186 if_tun.c
> --- if_tun.c 12 May 2019 16:38:02 -0000 1.186
> +++ if_tun.c 10 Jun 2019 06:13:22 -0000
> @@ -623,8 +623,9 @@ tun_dev_ioctl(struct tun_softc *tp, u_lo
>   tunp = (struct tuninfo *)data;
>   if (tunp->mtu < ETHERMIN || tunp->mtu > TUNMRU)
>   return (EINVAL);
> + if (tunp->type != tp->tun_if.if_type)
> + return (EINVAL);
>   tp->tun_if.if_mtu = tunp->mtu;
> - tp->tun_if.if_type = tunp->type;
>   tp->tun_if.if_flags =
>      (tunp->flags & TUN_IFF_FLAGS) |
>      (tp->tun_if.if_flags & ~TUN_IFF_FLAGS);
>

--
:wq Claudio