Paths

Table of Contentst

tun(4)/tap(4): allow devices to be configured as transient
ClosedPublic
Actions

Authored by kevans on Mar 3 2024, 8:20 PM.

Details

Reviewers

kp
glebius
melifaro
zlei
markj

Group Reviewers

network

Commits

rGa1174b3b1174: tun(4)/tap(4): allow devices to be configured as transient

Summary

Transient tunnel devices are removed immediately after last close, so
that an application that's created the tunnel could eliminate the need
to manually destroy the tunnel whose lifetime it's already managing.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kevans created this revision.Mar 3 2024, 8:20 PM

Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMar 3 2024, 8:20 PM

kevans requested review of this revision.Mar 3 2024, 8:20 PM

kevans added a parent revision: D44199: kern: net: allow an if_clone_destroyif() without knowing the cloner.

Harbormaster completed remote builds in B56420: Diff 135344.Mar 3 2024, 8:20 PM

zlei added a subscriber: zlei.Mar 4 2024, 1:03 AM

zlei added inline comments.

sys/net/if_tuntap.c
1257	What about making `ifc_find_cloner_in_vnet()` public and using it here ? So we do not need complex logic in `if_clone_destroyif_flags()` .

glebius requested changes to this revision.Mar 11 2024, 5:50 PM

glebius added inline comments.

sys/net/if_tuntap.c
1257	We have the knowledge about the cloner inside the tuntap driver. You don't need to hack if_clone.c to achieve what you want. Let me come with a prototype quickly...

This revision now requires changes to proceed.Mar 11 2024, 5:50 PM

kevans added inline comments.Mar 11 2024, 5:53 PM

sys/net/if_tuntap.c
1257	Right, I had a version that looked up the cloner, but it was a little gross because you also need to switch back to the home vnet and grab the cloner from that particular vnet, effectively duplicating what's already done in if_clone.c.

Damn, this again comes to the stupid idea of interfaces traveling between vnets. Grrrr. Still, I believe it should be done in the tuntap, not in if_clone.c. The existing SLIST of cloners can be simplified a lot, let me try.

In D44200#1010509, @glebius wrote:

Damn, this again comes to the stupid idea of interfaces traveling between vnets. Grrrr. Still, I believe it should be done in the tuntap, not in if_clone.c. The existing SLIST of cloners can be simplified a lot, let me try.

I don't really feel that strongly about it either way, it just seemed less error prone since what if_clone finds should always match which list it's actually on, in case someone gets a wild tendency and decides that an interface moving between vnets should be reflected in the cloners instead

So, with D44307 in, you can add this:

static struct if_clone *
tuntap_cloner_from_flags(int tun_flags)
{
 
        for (u_int i = 0; i < NDRV; i++)
                if ((tun_flags & TUN_DRIVER_IDENT_MASK) ==
                    tuntap_drivers[i].ident_flags)
                        return (V_tuntap_driver_cloners[i]);
 
        return (NULL);
}

And then call

if_clone_destroyif(tuntap_cloner_from_flags(flags), ifp);

This of course won't cover the problematic traveling case. To cover that, you'd need to:

CURVNET_SET_QUIET(ifp->if_home_vnet);
cloner = tuntap_cloner_from_flags(flags)
CURVNET_RESTORE();
if_clone_destroyif(cloner, ifp);

glebius added a reviewer: melifaro.Mar 12 2024, 1:15 AM

In D44200#1010523, @glebius wrote:

So, with D44307 in, you can add this:

static struct if_clone *
tuntap_cloner_from_flags(int tun_flags)
{
 
        for (u_int i = 0; i < NDRV; i++)
                if ((tun_flags & TUN_DRIVER_IDENT_MASK) ==
                    tuntap_drivers[i].ident_flags)
                        return (V_tuntap_driver_cloners[i]);
 
        return (NULL);
}

And then call

if_clone_destroyif(tuntap_cloner_from_flags(flags), ifp);

This of course won't cover the problematic traveling case. To cover that, you'd need to:

CURVNET_SET_QUIET(ifp->if_home_vnet);
cloner = tuntap_cloner_from_flags(flags)
CURVNET_RESTORE();
if_clone_destroyif(cloner, ifp);

Alright, I'll drop the other review and update this one with the latter variant -- though I likely won't have any time to return to this for a couple weeks. I don't think this is a particularly urgent feature anyways, I just like the idea of allowing a program to construct a tunnel and not worry about the lifetime (and it's reportedly the default Linux behavior, so I could see how some tunnelling applications might benefit from a way to match it).

Update following better tracking of our cloners, add a basic test as well

Harbormaster completed remote builds in B61135: Diff 147910.Dec 13 2024, 5:18 AM

Looks good to me.

markj accepted this revision as: markj.Dec 13 2024, 6:49 PM

kevans mentioned this in D39740: if_tuntap: make SIOCIFDESTROY interruptible.Dec 14 2024, 1:18 AM

guest-patmaddox added a subscriber: guest-patmaddox.Dec 18 2024, 10:04 AM

This revision was not accepted when it landed; it landed in state Needs Review.Aug 21 2025, 2:23 PM

Closed by commit rGa1174b3b1174: tun(4)/tap(4): allow devices to be configured as transient (authored by kevans). · Explain Why

This revision was automatically updated to reflect the committed changes.

kevans added a commit: rGa1174b3b1174: tun(4)/tap(4): allow devices to be configured as transient.

Herald added a subscriber: ziaee. · View Herald TranscriptAug 21 2025, 2:23 PM