Revision: 519
http://vde.svn.sourceforge.net/vde/?rev=519&view=rev
Author: rd235
Date: 2011-12-03 11:13:56 +0000 (Sat, 03 Dec 2011)
Log Message:
-----------
tunctl: -g (group permission) and -n added (TUN instead of TAP).
Modified Paths:
--------------
trunk/vde-2/man/vde_tunctl.8
trunk/vde-2/src/vde_tunctl.c
Modified: trunk/vde-2/man/vde_tunctl.8
===================================================================
--- trunk/vde-2/man/vde_tunctl.8 2011-11-28 11:52:24 UTC (rev 518)
+++ trunk/vde-2/man/vde_tunctl.8 2011-12-03 11:13:56 UTC (rev 519)
@@ -3,9 +3,9 @@
vde_tunctl \(em create and manage persistent TUN/TAP interfaces
.SH "SYNOPSIS"
.PP
-\fBvde_tunctl\fR [\fB-f\fP \fItun-clone-device\fR] [\fB-u\fP \fIowner\fR]
[\fB-t\fP \fIdevice-name\fR]
+\fBvde_tunctl\fR [\fB-f\fP \fIclone-dev\fR] [\fB-u\fP \fIowner\fR] [\fB-g\fP
\fIgroup\fR] [\fB-n\fR] [\fB-t\fP \fIdev-name\fR]
.PP
-\fBvde_tunctl\fR [\fB-f\fP \fItun-clone-device\fR] \fB-d\fP \fIdevice-name\fR
+\fBvde_tunctl\fR [\fB-f\fP \fIclone-dev\fR] \fB-d\fP \fIdev-name\fR
.SH "DESCRIPTION"
.PP
\fBvde_tunctl\fR allows the host sysadmin to
@@ -13,7 +13,10 @@
user may open and use the device, but may not change any aspects
of the host side of the interface.
.PP
-vde_tunctl is a simple copy of \fBtunctl\fR done for practical purposes.
+vde_tunctl is an extension of \fBtunctl\fR.
+.PP
+vde_tunctl defines tap interfaces unless \fIdev-name\fR begins by "tun" or
+the option \fR-n\fR appears in the command line.
.SH "USAGE"
.PP
To create an interface for use by a particular user, invoke
@@ -22,7 +25,6 @@
.nf
# \fBvde_tunctl \-u someuser\fP
Set 'tap0' persistent and owned by uid 500
-
.fi
.PP
Then, configure the interface as normal:
@@ -39,8 +41,16 @@
.nf
# \fBvde_tunctl \-d tap0\fP
Set 'tap0' nonpersistent
-
.fi
+
+To create or destroy a tun interface (instead of tap):
+.nf
+# \fBvde_tunctl -n \-u someuser\fP
+Set 'tun0' persistent and owned by uid 500
+# \fBvde_tunctl \-d tun0\fP
+Set 'tun0' nonpersistent
+.fi
+
.SH "SEE ALSO"
.PP
\fBvde_switch\fP(1)
Modified: trunk/vde-2/src/vde_tunctl.c
===================================================================
--- trunk/vde-2/src/vde_tunctl.c 2011-11-28 11:52:24 UTC (rev 518)
+++ trunk/vde-2/src/vde_tunctl.c 2011-12-03 11:13:56 UTC (rev 519)
@@ -9,23 +9,26 @@
#include <fcntl.h>
#include <unistd.h>
#include <pwd.h>
+#include <grp.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <linux/if_tun.h>
-#include <config.h>
-#include <vde.h>
-#include <vdecommon.h>
+/* TUNSETGROUP appeared in 2.6.23 */
+#ifndef TUNSETGROUP
+#define TUNSETGROUP _IOW('T', 206, int)
+#endif
static void Usage(char *name)
{
- fprintf(stderr, "Create: %s [-b] [-u owner] [-t device-name] "
+ fprintf(stderr, "Create: %s [-b] [-u owner] [-g group] [-n] [-t device-name]
"
"[-f tun-clone-device]\n", name);
fprintf(stderr, "Delete: %s -d device-name [-f tun-clone-device]\n\n",
name);
fprintf(stderr, "The default tun clone device is /dev/net/tun - some systems"
" use\n/dev/misc/net/tun instead\n\n");
fprintf(stderr, "-b will result in brief output (just the device name)\n");
+ fprintf(stderr, "-n create a tun interface (not needed if the device name
prefix is tun\n");
exit(1);
}
@@ -33,38 +36,58 @@
{
struct ifreq ifr;
struct passwd *pw;
- long owner = geteuid();
+ struct group *gr;
+ uid_t owner = -1;
+ gid_t group = -1;
int tap_fd, opt, delete = 0, brief = 0;
+ int type=IFF_TAP;
+
char *tun = "", *file = "/dev/net/tun", *name = argv[0], *end;
- while((opt = getopt(argc, argv, "bd:f:t:u:")) > 0){
+ while((opt = getopt(argc, argv, "bd:f:t:u:in")) > 0){
switch(opt) {
case 'b':
brief = 1;
break;
case 'd':
delete = 1;
- tun = optarg;
+ tun = optarg;
break;
case 'f':
- file = optarg;
- break;
+ file = optarg;
+ break;
case 'u':
- pw = getpwnam(optarg);
- if(pw != NULL){
- owner = pw->pw_uid;
- break;
- }
- owner = strtol(optarg, &end, 0);
- if(*end != '\0'){
- fprintf(stderr, "'%s' is neither a username nor a numeric uid.\n",
- optarg);
- Usage(name);
- }
- break;
- case 't':
+ pw = getpwnam(optarg);
+ if(pw != NULL){
+ owner = pw->pw_uid;
+ break;
+ }
+ owner = strtol(optarg, &end, 0);
+ if(*end != '\0'){
+ fprintf(stderr, "'%s' is neither a
username nor a numeric uid.\n",
+ optarg);
+ Usage(name);
+ }
+ break;
+ case 'g':
+ gr = getgrnam(optarg);
+ if(gr != NULL){
+ group = gr->gr_gid;
+ break;
+ }
+ group = strtol(optarg, &end, 0);
+ if(*end != '\0'){
+ fprintf(stderr, "'%s' is neither a
groupname nor a numeric group.\n",
+ optarg);
+ Usage(name);
+ }
+ break;
+ case 't':
tun = optarg;
break;
+ case 'n':
+ type = IFF_TUN;
+ break;
case 'h':
default:
Usage(name);
@@ -85,7 +108,8 @@
memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
+ if (strncmp(tun,"tun",3)==0) type=IFF_TUN;
+ ifr.ifr_flags = type | IFF_NO_PI;
strncpy(ifr.ifr_name, tun, sizeof(ifr.ifr_name) - 1);
if(ioctl(tap_fd, TUNSETIFF, (void *) &ifr) < 0){
perror("TUNSETIFF");
@@ -100,18 +124,38 @@
printf("Set '%s' nonpersistent\n", ifr.ifr_name);
}
else {
+ /* emulate behaviour prior to TUNSETGROUP */
+ if(owner == -1 && group == -1) {
+ owner = geteuid();
+ }
+
+ if(owner != -1) {
+ if(ioctl(tap_fd, TUNSETOWNER, owner) < 0){
+ perror("TUNSETOWNER");
+ exit(1);
+ }
+ }
+ if(group != -1) {
+ if(ioctl(tap_fd, TUNSETGROUP, group) < 0){
+ perror("TUNSETGROUP");
+ exit(1);
+ }
+ }
+
if(ioctl(tap_fd, TUNSETPERSIST, 1) < 0){
perror("TUNSETPERSIST");
exit(1);
}
- if(ioctl(tap_fd, TUNSETOWNER, owner) < 0){
- perror("TUNSETPERSIST");
- exit(1);
- }
if(brief)
printf("%s\n", ifr.ifr_name);
- else printf("Set '%s' persistent and owned by uid %ld\n", ifr.ifr_name,
- owner);
- }
- return(0);
+ else {
+ printf("Set '%s' persistent and owned by",
ifr.ifr_name);
+ if(owner != -1)
+ printf(" uid %d", owner);
+ if(group != -1)
+ printf(" gid %d", group);
+ printf("\n");
+ }
+ }
+ return(0);
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
vde-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vde-users
