kern/110383: [patch] tap(4) should go UP if opened

Frank Behrens frank at
Fri Mar 16 09:40:11 UTC 2007

>Number:         110383
>Category:       kern
>Synopsis:       [patch] tap(4) should go UP if opened
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 16 09:40:09 GMT 2007
>Originator:     Frank Behrens
>Release:        FreeBSD 6.2-STABLE-200703081613 i386
The patch introduces a new sysctl "".
When it is non-zero the Ethernet interface will be enabled automatically 
(marked ``up'') when the control device is opened.

With that change (and previous cloning enhancements) it is possible to
setup tap(4)/if_bridge(4) interfaces by an administrator (or in the boot process)
und access them by non-root processes (e.q. qemu).

For transmitting packets via tap(4) device (at least) two conditions have to be met:
1. The control device must be opened by a process.
2. The ethernet interface must be UP.

For 1. we allow non-root processes the access, when
a) sysctl   AND
b) /dev/tapx has sufficient permissions

Without the patch we have no possibility to mark the interface as UP for the 
non-root process and the sysctl sounds a bit useless.

The patch is from Bruce M. Simpson, see
and associated thread for discussion.

proposed MFC to RELENG_6 after: 2 weeks


--- tapUPonOpen.patch begins here ---
--- sys/net/if_tap.c.orig	Fri Mar 16 09:17:05 2007
+++ sys/net/if_tap.c	Fri Mar 16 09:18:59 2007
@@ -150,6 +150,7 @@
 static struct mtx		tapmtx;
 static int			tapdebug = 0;        /* debug flag   */
 static int			tapuopen = 0;        /* allow user open() */	     
+static int			tapuponopen = 0;    /* IFF_UP on open() */
 static int			tapdclone = 1;	/* enable devfs cloning */
 static SLIST_HEAD(, tap_softc)	taphead;             /* first device */
 static struct clonedevs 	*tapclones;
@@ -163,6 +164,8 @@
     "Ethernet tunnel software network interface");
 SYSCTL_INT(_net_link_tap, OID_AUTO, user_open, CTLFLAG_RW, &tapuopen, 0,
 	"Allow user to open /dev/tap (based on node permissions)");
+SYSCTL_INT(_net_link_tap, OID_AUTO, up_on_open, CTLFLAG_RW, &tapuponopen, 0,
+	"Bring interface up when /dev/tap is opened");
 SYSCTL_INT(_net_link_tap, OID_AUTO, devfs_cloning, CTLFLAG_RW, &tapdclone, 0,
 	"Enably legacy devfs interface creation");
 SYSCTL_INT(_net_link_tap, OID_AUTO, debug, CTLFLAG_RW, &tapdebug, 0, "");
@@ -501,6 +504,8 @@
 	s = splimp();
 	ifp->if_drv_flags |= IFF_DRV_RUNNING;
 	ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
+	if (tapuponopen)
+		ifp->if_flags |= IFF_UP;
 	TAPDEBUG("%s is open. minor = %#x\n", ifp->if_xname, minor(dev));
--- share/man/man4/tap.4.orig	Thu Mar  8 19:06:35 2007
+++ share/man/man4/tap.4	Fri Mar 16 09:42:52 2007
@@ -1,7 +1,7 @@
 .\" $FreeBSD: src/share/man/man4/tap.4,v 2007/03/04 14:34:42 bms Exp $
 .\" Based on PR#2411
-.Dd February 4, 2007
+.Dd March 16, 2007
 .Dt TAP 4
@@ -117,6 +117,13 @@
 is non-zero.
+.Xr sysctl 8
+is non-zero the Ethernet interface will be enabled automatically (marked
+.Dq up )
+when the control device is opened.
 .Fn read
 call will return an error
--- tapUPonOpen.patch ends here ---


More information about the freebsd-bugs mailing list