[Switch] Linux- virtual network device -tun / tap

Others 2019-12-16 00:12:27 views: null

Turn: Original: https://blog.csdn.net/sld880311/article/details/77854651

-------------------------------------------------------

The basic concept
A gateway to userspace.

     TUN and TAP device is a Linux kernel virtual network equipment, pure software implementation.
     OS connected to the user space program TUN / TAP device sends packets; user space programs like a physical port can send packets that image / TAP port sends a message to TUN, in this case, the TUN / TAP transmission (or injection) packet to the OS stack, just like the message received from the same physical port.
link:

TUN/TAP: The user-space application/VM can read or write an ethernet frame to the tap interface and it would reach the host kernel, where it would be handled like any other ethernet frame that reached the kernel via physical (e.g. eth0) ports. You can potentially add it to a software-bridge (e.g. linux-bridge)

How it works
     TUN / TAP or as a simple point to point Ethernet device, not receiving data packets from the physical media, but receives from the user space program; not to send packets over the physical media, but sends them to the user space program.
     Suppose you configure the IPX on tap0, then whenever the kernel sends an IPX packet to tap0, it passes to the application (e.g. VTun). Application encrypted, compressed packet, and sent to the peer through the TCP / UDP. The application end decompress, decrypt the received data packet, and packet writing apparatus TAP, and the kernel processes the packet as if the data packet from a real physical device.
     Adding a Linux kernel TUN / TAP driver and a virtual network devices associated with a character device / dev / net / tun, tun character device interface data as the user space and kernel space exchange.
     Userspace applications can interact and driver in the kernel through this device file, mode of operation and other common file operation is no different. When the kernel sends the packet to virtual network device, the packet is stored in a queue associated with the apparatus, until the user program to read through the open space character device tun descriptor, it will be copied to the user space buffer, which is equivalent to the effect, the packet is sent directly to the user space. The principle is similar to the write when sending packets through the system call.
     tun / tap driver consists of two parts: a character device driver and the network card driver. Using the NIC driver portion receives from the sub-network tcp / ip or protocol stack and in turn transmits the received sub-network protocol stack processing pass. And the character sub-network device driver division between the kernel and user mode transmission, data receiving and transmitting analog physical link. tun / tap driver to achieve a good two drive combination.

Use
     for encryption, VPN, tunnel, virtual machines, etc. (encryption, VPN, tunneling, virtual machines).
     use tun / tap device to forward the portion of the packet in the protocol stack to the application user space, opportunities for a user-space program packet processing. Thus commonly used data compression and encryption functions can be implemented in the application. tun / tap device is used most of the VPN, and IPSec tunnel including an application layer, and the like.

Application of tap / tun in the libvirt


VPN


Other
commonly used commands
the root @ Ubuntu: ~ # IP tuntap Help
the Usage: IP tuntap {the Add | del} [dev PHYS_DEV]
[MODE {TUN | TAP}] [User the USER] [Group the GROUP]
[one_queue] [PI] [vnet_hdr] [multi_queue]

Where: USER := { STRING | NUMBER }
GROUP := { STRING | NUMBER }
1
2
3
4
5
6
7
8
veth、tun、tap比对

 

      tun is a point to point device, and tap an ordinary Ethernet card device. In other words, tun device in fact, does not require a physical address. It incoming and outgoing packets need not arp, there is no need for the data link layer header. The tap device is a complete physical address and complete Ethernet frames.
TAP (network tap) operates much like TUN however instead of only being able to write and receive layer 3 packets to / from the file descriptor it can do so with raw ethernet packets. You will typically see tap devices used by KVM / Qemu virtualization, where a TAP device is assigned to a virtual guests interface during creation.


TUN (Tunel) layer device device analog network, three packet processing, such as IP packets. TAP device model link layer devices, the processing Layer 2 packets, such as Ethernet frames. TUN for routing, while TAP is used to create a bridge.

Example (from the network)
sample program
after receiving the data packet tun device, just print out the number of bytes received packets, the other doing nothing

#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <sys/types.h>
#include <linux/if_tun.h>
#include <stdlib.h>
#include <stdio.h>

tun_alloc you (you flags)
{

struct ifreq ifr;
int fd, err;
char *clonedev = "/dev/net/tun";

if ((fd = open(clonedev, O_RDWR)) < 0) {
return fd;
}

memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = flags;

if ((err = ioctl(fd, TUNSETIFF, (void *) &ifr)) < 0) {
close(fd);
return err;
}

printf("Open tun/tap device: %s for reading...\n", ifr.ifr_name);

return fd;
}

int main ()
{

int tun_fd, nread;
char buffer[1500];

/* Flags: IFF_TUN - TUN device (no Ethernet headers)
* IFF_TAP - TAP device
* IFF_NO_PI - Do not provide packet information
*/
tun_fd = tun_alloc(IFF_TUN | IFF_NO_PI);

if (tun_fd < 0) {
perror("Allocating interface");
exit(1);
}

while (1) {
nread = read(tun_fd, buffer, sizeof(buffer));
if (nread < 0) {
perror("Reading from interface");
close(tun_fd);
exit(1);
}

printf("Read %d bytes from tun/tap device\n", nread);
}
return 0;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51 is
52 is
53 is
54 is
55
56 is
57 is
58
59
60
61 is
62 is
63 is
64
presentations
# -------------------------- first shell window --- -------------------
# save the above program into tun.c, and then compile
root @ ubuntu: ~ # gcc tun.c -o tun

# Tun start the program, the program will create a new tun equipment,
# the program will back up here, waiting for data packets over
root @ Ubuntu: ~ # ./tun
Open tun / TAP Device: Reading ... tun0 for
the Read 84 bytes TUN from / TAP Device
the Read from 84 bytes TUN / TAP Device
the Read from 84 bytes TUN / TAP Device
the Read from 84 bytes TUN / TAP Device

 

#--------------------------第二个shell窗口----------------------
#启动抓包程序,抓经过tun0的包
root@ubuntu:/home/sunld# tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
02:53:08.840817 IP 192.168.209.138 > 192.168.209.139: ICMP echo request, id 9828, seq 1, length 64
02:53:09.839871 IP 192.168.209.138 > 192.168.209.139: ICMP echo request, id 9828, seq 2, length 64
02:53:10.850205 IP 192.168.209.138 > 192.168.209.139: ICMP echo request, id 9828, seq 3, length 64
02:53:11.851285 IP 192.168.209.138 > 192.168.209.139: ICMP echo request, id 9828, seq 4, length 64


The third shell window # -------------------------- ------------------ ----
# / tun after starting, by ip link command system will find more than a tun device,
27: tun0: <pointopoint, the MULTICAST, noarp> 1500 MTU Group default qdisc allows users to DOWN NOOP State of qlen 500
Link / none
# the new device is not ip, we give tun0 accompanied IP address
root @ Ubuntu: / Home / sunld # ip addr the Add 192.168.209.138/24 dev tun0
# by default, tun0 not up, use the following command to start up tun0
root @ ubuntu: / home / sunld # ip link set dev tun0 up

# Try to ping 192.168.209.0/24 segment of IP,
# because the data packets received after our program, got nothing to do, which is equivalent to a packet drop,
# ping so here is simply not receive the return package , #
but the two windows can be seen here in the previous four issued to icmp echo request packet
# Description packets sent to the correct application inside, but the application does not handle the package
root @ ubuntu: / home / sunld -I of ping 192.168.209.139. 4 -C # tun0
the PING 192.168.209.139 (192.168.209.139) 192.168.209.138 tun0 from:. 56 is (84) bytes of Data
. 1
2
. 3
. 4
. 5
. 6
. 7
. 8
. 9
10
. 11
12 is
13 is
14
15
16
. 17
18 is
. 19
20 is
21 is
22 is
23 is
24
25
26 is
27
28
29
30
31 is
32
33 is
34 is
35
36
37 [
38 is
39
40
41 is
42 is
43 is
reference
Kernel DOC tuntap
Virtual Networking Devices in Linux
the Linux Networking Explained
Tun / the Tap interface Tutorial
TUN, the TAP and Veth - the Virtual Networking Devices Explained
virtual machine NIC and the linux bridge tap device relationship
tun Linux virtual network equipment / tap


3 thumbs ----------------
Disclaimer: This article is CSDN blogger "Han Lin Academy" in the original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.
Original link: https: //blog.csdn.net/sld880311/article/details/77854651

Guess you like

Origin www.cnblogs.com/oxspirt/p/12046609.html
Recommended
Apache Doris version 2.0.10 is officially released!
Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs
Ranking
JS inheritance and monitoring
[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...
Java threads sharing static variable
balancap/SSD-Tensorflow使用及训练预测自己的数据集
Detailed core ES6
JS --- reverse traversal achieved Array array, the array is connected string
How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell
Linux modify the hostname method
Charging Specification BC v1.2
node的性能和java对比分析
Daily
More
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)

Code World

© 2018 codetd.com