^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) .. include:: <isonum.txt>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) ===============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) Universal TUN/TAP device driver
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) ===============================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) Copyright |copy| 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) Linux, Solaris drivers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) Copyright |copy| 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) FreeBSD TAP driver
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) Copyright |copy| 1999-2000 Maksim Yevmenkin <m_evmenkin@yahoo.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) Revision of this document 2002 by Florian Thiel <florian.thiel@gmx.net>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 1. Description
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) ==============
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) TUN/TAP provides packet reception and transmission for user space programs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) It can be seen as a simple Point-to-Point or Ethernet device, which,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) instead of receiving packets from physical media, receives them from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) user space program and instead of sending packets via physical media
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) writes them to the user space program.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) In order to use the driver a program has to open /dev/net/tun and issue a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) corresponding ioctl() to register a network device with the kernel. A network
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) device will appear as tunXX or tapXX, depending on the options chosen. When
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) the program closes the file descriptor, the network device and all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) corresponding routes will disappear.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) Depending on the type of device chosen the userspace program has to read/write
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) IP packets (with tun) or ethernet frames (with tap). Which one is being used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) depends on the flags given with the ioctl().
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) The package from http://vtun.sourceforge.net/tun contains two simple examples
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) for how to use tun and tap devices. Both programs work like a bridge between
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) two network interfaces.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) br_select.c - bridge based on select system call.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) br_sigio.c - bridge based on async io and SIGIO signal.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) However, the best example is VTun http://vtun.sourceforge.net :))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 2. Configuration
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) ================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) Create device node::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) mkdir /dev/net (if it doesn't exist already)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) mknod /dev/net/tun c 10 200
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) Set permissions::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) e.g. chmod 0666 /dev/net/tun
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) There's no harm in allowing the device to be accessible by non-root users,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) since CAP_NET_ADMIN is required for creating network devices or for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) connecting to network devices which aren't owned by the user in question.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) If you want to create persistent devices and give ownership of them to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) unprivileged users, then you need the /dev/net/tun device to be usable by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) those users.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) Driver module autoloading
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) Make sure that "Kernel module loader" - module auto-loading
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) support is enabled in your kernel. The kernel should load it on
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) first access.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) Manual loading
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) insert the module by hand::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) modprobe tun
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) If you do it the latter way, you have to load the module every time you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) need it, if you do it the other way it will be automatically loaded when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) /dev/net/tun is being opened.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) 3. Program interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) ====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) 3.1 Network device allocation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) -----------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) ``char *dev`` should be the name of the device with a format string (e.g.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) "tun%d"), but (as far as I can see) this can be any valid network device name.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) Note that the character pointer becomes overwritten with the real device name
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) (e.g. "tun0")::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) #include <linux/if.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) #include <linux/if_tun.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) int tun_alloc(char *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) struct ifreq ifr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) int fd, err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) if( (fd = open("/dev/net/tun", O_RDWR)) < 0 )
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) return tun_alloc_old(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) memset(&ifr, 0, sizeof(ifr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) /* Flags: IFF_TUN - TUN device (no Ethernet headers)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) * IFF_TAP - TAP device
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) * IFF_NO_PI - Do not provide packet information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) ifr.ifr_flags = IFF_TUN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) if( *dev )
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) strncpy(ifr.ifr_name, dev, IFNAMSIZ);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) if( (err = ioctl(fd, TUNSETIFF, (void *) &ifr)) < 0 ){
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) close(fd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) strcpy(dev, ifr.ifr_name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) return fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 3.2 Frame format
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) ----------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) If flag IFF_NO_PI is not set each frame format is::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) Flags [2 bytes]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) Proto [2 bytes]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) Raw protocol(IP, IPv6, etc) frame.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 3.3 Multiqueue tuntap interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) -------------------------------
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) From version 3.8, Linux supports multiqueue tuntap which can uses multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) file descriptors (queues) to parallelize packets sending or receiving. The
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) device allocation is the same as before, and if user wants to create multiple
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) queues, TUNSETIFF with the same device name must be called many times with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) IFF_MULTI_QUEUE flag.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) ``char *dev`` should be the name of the device, queues is the number of queues
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) to be created, fds is used to store and return the file descriptors (queues)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) created to the caller. Each file descriptor were served as the interface of a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) queue which could be accessed by userspace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) ::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) #include <linux/if.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) #include <linux/if_tun.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) int tun_alloc_mq(char *dev, int queues, int *fds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) struct ifreq ifr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) int fd, err, i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) if (!dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) return -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) memset(&ifr, 0, sizeof(ifr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) /* Flags: IFF_TUN - TUN device (no Ethernet headers)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) * IFF_TAP - TAP device
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) * IFF_NO_PI - Do not provide packet information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) * IFF_MULTI_QUEUE - Create a queue of multiqueue device
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_MULTI_QUEUE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) strcpy(ifr.ifr_name, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) for (i = 0; i < queues; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) if ((fd = open("/dev/net/tun", O_RDWR)) < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) err = ioctl(fd, TUNSETIFF, (void *)&ifr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) close(fd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) fds[i] = fd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) for (--i; i >= 0; i--)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) close(fds[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) A new ioctl(TUNSETQUEUE) were introduced to enable or disable a queue. When
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) calling it with IFF_DETACH_QUEUE flag, the queue were disabled. And when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) calling it with IFF_ATTACH_QUEUE flag, the queue were enabled. The queue were
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) enabled by default after it was created through TUNSETIFF.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) fd is the file descriptor (queue) that we want to enable or disable, when
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) enable is true we enable it, otherwise we disable it::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) #include <linux/if.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) #include <linux/if_tun.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) int tun_set_queue(int fd, int enable)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) struct ifreq ifr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) memset(&ifr, 0, sizeof(ifr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) if (enable)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) ifr.ifr_flags = IFF_ATTACH_QUEUE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) ifr.ifr_flags = IFF_DETACH_QUEUE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) return ioctl(fd, TUNSETQUEUE, (void *)&ifr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) Universal TUN/TAP device driver Frequently Asked Question
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) =========================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 1. What platforms are supported by TUN/TAP driver ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) Currently driver has been written for 3 Unices:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) - Linux kernels 2.2.x, 2.4.x
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) - FreeBSD 3.x, 4.x, 5.x
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) - Solaris 2.6, 7.0, 8.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 2. What is TUN/TAP driver used for?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) As mentioned above, main purpose of TUN/TAP driver is tunneling.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) It is used by VTun (http://vtun.sourceforge.net).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) Another interesting application using TUN/TAP is pipsecd
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) (http://perso.enst.fr/~beyssac/pipsec/), a userspace IPSec
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) implementation that can use complete kernel routing (unlike FreeS/WAN).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 3. How does Virtual network device actually work ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) Virtual network device can be viewed as a simple Point-to-Point or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) Ethernet device, which instead of receiving packets from a physical
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) media, receives them from user space program and instead of sending
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) packets via physical media sends them to the user space program.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) Let's say that you configured IPv6 on the tap0, then whenever
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) the kernel sends an IPv6 packet to tap0, it is passed to the application
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) (VTun for example). The application encrypts, compresses and sends it to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) the other side over TCP or UDP. The application on the other side decompresses
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) and decrypts the data received and writes the packet to the TAP device,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) the kernel handles the packet like it came from real physical device.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 4. What is the difference between TUN driver and TAP driver?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) TUN works with IP frames. TAP works with Ethernet frames.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) This means that you have to read/write IP packets when you are using tun and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) ethernet frames when using tap.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 5. What is the difference between BPF and TUN/TAP driver?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) BPF is an advanced packet filter. It can be attached to existing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) network interface. It does not provide a virtual network interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) A TUN/TAP driver does provide a virtual network interface and it is possible
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) to attach BPF to this interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 6. Does TAP driver support kernel Ethernet bridging?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) Yes. Linux and FreeBSD drivers support Ethernet bridging.
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags