Revision: 519 http://vde.svn.sourceforge.net/vde/?rev=519&view=rev Author: rd235 Date: 2011-12-03 11:13:56 +0000 (Sat, 03 Dec 2011) Log Message: ----------- tunctl: -g (group permission) and -n added (TUN instead of TAP).
Modified Paths: -------------- trunk/vde-2/man/vde_tunctl.8 trunk/vde-2/src/vde_tunctl.c Modified: trunk/vde-2/man/vde_tunctl.8 =================================================================== --- trunk/vde-2/man/vde_tunctl.8 2011-11-28 11:52:24 UTC (rev 518) +++ trunk/vde-2/man/vde_tunctl.8 2011-12-03 11:13:56 UTC (rev 519) @@ -3,9 +3,9 @@ vde_tunctl \(em create and manage persistent TUN/TAP interfaces .SH "SYNOPSIS" .PP -\fBvde_tunctl\fR [\fB-f\fP \fItun-clone-device\fR] [\fB-u\fP \fIowner\fR] [\fB-t\fP \fIdevice-name\fR] +\fBvde_tunctl\fR [\fB-f\fP \fIclone-dev\fR] [\fB-u\fP \fIowner\fR] [\fB-g\fP \fIgroup\fR] [\fB-n\fR] [\fB-t\fP \fIdev-name\fR] .PP -\fBvde_tunctl\fR [\fB-f\fP \fItun-clone-device\fR] \fB-d\fP \fIdevice-name\fR +\fBvde_tunctl\fR [\fB-f\fP \fIclone-dev\fR] \fB-d\fP \fIdev-name\fR .SH "DESCRIPTION" .PP \fBvde_tunctl\fR allows the host sysadmin to @@ -13,7 +13,10 @@ user may open and use the device, but may not change any aspects of the host side of the interface. .PP -vde_tunctl is a simple copy of \fBtunctl\fR done for practical purposes. +vde_tunctl is an extension of \fBtunctl\fR. +.PP +vde_tunctl defines tap interfaces unless \fIdev-name\fR begins by "tun" or +the option \fR-n\fR appears in the command line. .SH "USAGE" .PP To create an interface for use by a particular user, invoke @@ -22,7 +25,6 @@ .nf # \fBvde_tunctl \-u someuser\fP Set 'tap0' persistent and owned by uid 500 - .fi .PP Then, configure the interface as normal: @@ -39,8 +41,16 @@ .nf # \fBvde_tunctl \-d tap0\fP Set 'tap0' nonpersistent - .fi + +To create or destroy a tun interface (instead of tap): +.nf +# \fBvde_tunctl -n \-u someuser\fP +Set 'tun0' persistent and owned by uid 500 +# \fBvde_tunctl \-d tun0\fP +Set 'tun0' nonpersistent +.fi + .SH "SEE ALSO" .PP \fBvde_switch\fP(1) Modified: trunk/vde-2/src/vde_tunctl.c =================================================================== --- trunk/vde-2/src/vde_tunctl.c 2011-11-28 11:52:24 UTC (rev 518) +++ trunk/vde-2/src/vde_tunctl.c 2011-12-03 11:13:56 UTC (rev 519) @@ -9,23 +9,26 @@ #include <fcntl.h> #include <unistd.h> #include <pwd.h> +#include <grp.h> #include <net/if.h> #include <sys/ioctl.h> #include <linux/if_tun.h> -#include <config.h> -#include <vde.h> -#include <vdecommon.h> +/* TUNSETGROUP appeared in 2.6.23 */ +#ifndef TUNSETGROUP +#define TUNSETGROUP _IOW('T', 206, int) +#endif static void Usage(char *name) { - fprintf(stderr, "Create: %s [-b] [-u owner] [-t device-name] " + fprintf(stderr, "Create: %s [-b] [-u owner] [-g group] [-n] [-t device-name] " "[-f tun-clone-device]\n", name); fprintf(stderr, "Delete: %s -d device-name [-f tun-clone-device]\n\n", name); fprintf(stderr, "The default tun clone device is /dev/net/tun - some systems" " use\n/dev/misc/net/tun instead\n\n"); fprintf(stderr, "-b will result in brief output (just the device name)\n"); + fprintf(stderr, "-n create a tun interface (not needed if the device name prefix is tun\n"); exit(1); } @@ -33,38 +36,58 @@ { struct ifreq ifr; struct passwd *pw; - long owner = geteuid(); + struct group *gr; + uid_t owner = -1; + gid_t group = -1; int tap_fd, opt, delete = 0, brief = 0; + int type=IFF_TAP; + char *tun = "", *file = "/dev/net/tun", *name = argv[0], *end; - while((opt = getopt(argc, argv, "bd:f:t:u:")) > 0){ + while((opt = getopt(argc, argv, "bd:f:t:u:in")) > 0){ switch(opt) { case 'b': brief = 1; break; case 'd': delete = 1; - tun = optarg; + tun = optarg; break; case 'f': - file = optarg; - break; + file = optarg; + break; case 'u': - pw = getpwnam(optarg); - if(pw != NULL){ - owner = pw->pw_uid; - break; - } - owner = strtol(optarg, &end, 0); - if(*end != '\0'){ - fprintf(stderr, "'%s' is neither a username nor a numeric uid.\n", - optarg); - Usage(name); - } - break; - case 't': + pw = getpwnam(optarg); + if(pw != NULL){ + owner = pw->pw_uid; + break; + } + owner = strtol(optarg, &end, 0); + if(*end != '\0'){ + fprintf(stderr, "'%s' is neither a username nor a numeric uid.\n", + optarg); + Usage(name); + } + break; + case 'g': + gr = getgrnam(optarg); + if(gr != NULL){ + group = gr->gr_gid; + break; + } + group = strtol(optarg, &end, 0); + if(*end != '\0'){ + fprintf(stderr, "'%s' is neither a groupname nor a numeric group.\n", + optarg); + Usage(name); + } + break; + case 't': tun = optarg; break; + case 'n': + type = IFF_TUN; + break; case 'h': default: Usage(name); @@ -85,7 +108,8 @@ memset(&ifr, 0, sizeof(ifr)); - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + if (strncmp(tun,"tun",3)==0) type=IFF_TUN; + ifr.ifr_flags = type | IFF_NO_PI; strncpy(ifr.ifr_name, tun, sizeof(ifr.ifr_name) - 1); if(ioctl(tap_fd, TUNSETIFF, (void *) &ifr) < 0){ perror("TUNSETIFF"); @@ -100,18 +124,38 @@ printf("Set '%s' nonpersistent\n", ifr.ifr_name); } else { + /* emulate behaviour prior to TUNSETGROUP */ + if(owner == -1 && group == -1) { + owner = geteuid(); + } + + if(owner != -1) { + if(ioctl(tap_fd, TUNSETOWNER, owner) < 0){ + perror("TUNSETOWNER"); + exit(1); + } + } + if(group != -1) { + if(ioctl(tap_fd, TUNSETGROUP, group) < 0){ + perror("TUNSETGROUP"); + exit(1); + } + } + if(ioctl(tap_fd, TUNSETPERSIST, 1) < 0){ perror("TUNSETPERSIST"); exit(1); } - if(ioctl(tap_fd, TUNSETOWNER, owner) < 0){ - perror("TUNSETPERSIST"); - exit(1); - } if(brief) printf("%s\n", ifr.ifr_name); - else printf("Set '%s' persistent and owned by uid %ld\n", ifr.ifr_name, - owner); - } - return(0); + else { + printf("Set '%s' persistent and owned by", ifr.ifr_name); + if(owner != -1) + printf(" uid %d", owner); + if(group != -1) + printf(" gid %d", group); + printf("\n"); + } + } + return(0); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ vde-users mailing list vde-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vde-users