1. 03 2月, 2009 1 次提交
    • M
      tun: Check supplemental groups in TUN/TAP driver. · 1bded710
      Michael Tokarev 提交于
      Michael Tokarev wrote:
      []
      > 2, and this is the main one: How about supplementary groups?
      >
      > Here I have a valid usage case: a group of testers running various
      > versions of windows using KVM (kernel virtual machine), 1 at a time,
      > to test some software.  kvm is set up to use bridge with a tap device
      > (there should be a way to connect to the machine).  Anyone on that group
      > has to be able to start/stop the virtual machines.
      >
      > My first attempt - pretty obvious when I saw -g option of tunctl - is
      > to add group ownership for the tun device and add a supplementary group
      > to each user (their primary group should be different).  But that fails,
      > since kernel only checks for egid, not any other group ids.
      >
      > What's the reasoning to not allow supplementary groups and to only check
      > for egid?
      Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1bded710
  2. 01 2月, 2009 1 次提交
  3. 22 1月, 2009 10 次提交
  4. 05 1月, 2009 1 次提交
  5. 30 12月, 2008 1 次提交
  6. 21 11月, 2008 1 次提交
  7. 20 11月, 2008 1 次提交
  8. 14 11月, 2008 2 次提交
  9. 04 11月, 2008 1 次提交
  10. 02 11月, 2008 1 次提交
    • A
      saner FASYNC handling on file close · 233e70f4
      Al Viro 提交于
      As it is, all instances of ->release() for files that have ->fasync()
      need to remember to evict file from fasync lists; forgetting that
      creates a hole and we actually have a bunch that *does* forget.
      
      So let's keep our lives simple - let __fput() check FASYNC in
      file->f_flags and call ->fasync() there if it's been set.  And lose that
      crap in ->release() instances - leaving it there is still valid, but we
      don't have to bother anymore.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      233e70f4
  11. 28 10月, 2008 1 次提交
  12. 16 8月, 2008 2 次提交
  13. 23 7月, 2008 1 次提交
  14. 15 7月, 2008 1 次提交
    • M
      tun: Fix/rewrite packet filtering logic · f271b2cc
      Max Krasnyansky 提交于
      Please see the following thread to get some context on this
      	http://marc.info/?l=linux-netdev&m=121564433018903&w=2
      
      Basically the issue is that current multi-cast filtering stuff in
      the TUN/TAP driver is seriously broken.
      Original patch went in without proper review and ACK. It was broken and
      confusing to start with and subsequent patches broke it completely.
      To give you an idea of what's broken here are some of the issues:
      
      - Very confusing comments throughout the code that imply that the
      character device is a network interface in its own right, and that packets
      are passed between the two nics. Which is completely wrong.
      
      - Wrong set of ioctls is used for setting up filters. They look like
      shortcuts for manipulating state of the tun/tap network interface but
      in reality manipulate the state of the TX filter.
      
      - ioctls that were originally used for setting address of the the TX filter
      got "fixed" and now set the address of the network interface itself. Which
      made filter totaly useless.
      
      - Filtering is done too late. Instead of filtering early on, to avoid
      unnecessary wakeups, filtering is done in the read() call.
      
      The list goes on and on :)
      
      So the patch cleans all that up. It introduces simple and clean interface for
      setting up TX filters (TUNSETTXFILTER + tun_filter spec) and does filtering
      before enqueuing the packets.
      
      TX filtering is useful in the scenarios where TAP is part of a bridge, in
      which case it gets all broadcast, multicast and potentially other packets when
      the bridge is learning. So for example Ethernet tunnelling app may want to
      setup TX filters to avoid tunnelling multicast traffic. QEMU and other
      hypervisors can push RX filtering that is currently done in the guest into the
      host context therefore saving wakeups and unnecessary data transfer.
      Signed-off-by: NMax Krasnyansky <maxk@qualcomm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f271b2cc
  15. 11 7月, 2008 1 次提交
  16. 03 7月, 2008 5 次提交
  17. 18 6月, 2008 1 次提交
  18. 24 4月, 2008 2 次提交
  19. 16 4月, 2008 3 次提交
    • P
      [TUN]: Allow to register tun devices in namespace. · fc54c658
      Pavel Emelyanov 提交于
      This is basically means that a net is set for a new device, but
      actually also involves two more steps:
      
      1. mark the tun device as "local", i.e. do not allow for it to
         move across namespaces.
      
      This is done so, since tun device is most often associated to some
      file (and thus to some process) and moving the device alone is not
      valid while keeping the file and the process outside. The need in 
      ability to move a detached persistent device is to be investigated 
      later.
      
      2. get the tun device's net when tun becomes attached and put one
         when it becomes detached.
      
      This is needed to handle the case when a task owning the tun dies,
      but a files lives for some more time - in this case we must not
      allow for net to be freed, since its exit hook will spoil that file's
      private data by unregistering the tun from under tun_chr_close.
      Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fc54c658
    • P
      [TUN]: Make the tun_dev_list per-net. · d647a591
      Pavel Emelyanov 提交于
      Remove the static tun_dev_list and replace its occurrences in
      driver with per-net one.
      
      It is used in two places - in tun_set_iff and tun_cleanup. In 
      the first case it's legal to use current net_ns. In the cleanup
      call - move the loop, that unregisters all devices in net exit
      hook.
      Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d647a591
    • P
      [TUN]: Introduce the tun_net structure and init/exit net ops. · 79d17604
      Pavel Emelyanov 提交于
      This is the first step in making tuntap devices work in net 
      namespaces. The structure mentioned is pointed by generic
      net pointer with tun_net_id id, and tun driver fills one on 
      its load. It will contain only the tun devices list.
      
      So declare this structure and introduce net init and exit hooks.
      Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      79d17604
  20. 13 4月, 2008 2 次提交
  21. 01 3月, 2008 1 次提交