The difference between a tap interface and a tun interface is that a tap interface outputs (and must be given) full ethernet frames, while a tun interface outputs (and must be given) raw IP packets (and no ethernet headers are added by the kernel). To the kernel, it would look like the tun/tap interface is receiving data "from the wire". In a similar fashion, the program can write to this special descriptor, and the data (which must be properly formatted, as we'll see) will appear as input to the tun/tap interface. When the program attaches to the tun/tap interface, it gets a special file descriptor, reading from which gives it the data that the interface is sending out. You can think of a tun/tap interface as a regular network interface that, when the kernel decides that the moment has come to send data "on the wire", instead sends data to some userspace program that is attached to the interface (using a specific procedure, see below). Tun/tap interfaces are software-only interfaces, meaning that they exist only in the kernel and, unlike regular network interfaces, they have no physical hardware component (and so there's no physical "wire" connected to them). This document attempts to explain how tun/tap interfaces work under Linux, with some sample code to demonstrate their usage. Tun/tap interfaces are a feature offered by Linux (and probably by other UNIX-like operating systems) that can do userspace networking, that is, allow userspace programs to see raw network traffic (at the ethernet or IP level) and do whatever they like with it. The following is with iproute2-2.6.34: # ip tuntap help Thus, installing tunctl (UML utilities) or OpenVPN just to be able to create tun devices is no longer needed. Update : Thanks to this post, I've learned that recent versions of iproute2 can (finally) create tun/tap devices, although the functionality is (still?) blissfully undocumented. Link to the source tarball described in the article: simpletun. Please report any bug or error you find in the code or otherwise in this article. Also, the description is by no means a definitive reference on the subject, but rather the result of my experimentation. If you want to be serious, you'll have to make it more robust and integrate it with other code. Foreword: please note that the code available here is only for demonstration purposes.
0 kommentar(er)
