Bug 9806

Summary: (tun dev) Impossible to deassert IFF_ONE_QUEUE or IFF_NO_PI
Product: Drivers Reporter: Nathaniel Filardo (nwfilardo)
Component: NetworkAssignee: Jeff Garzik (jgarzik)
Status: CLOSED CODE_FIX    
Severity: normal CC: protasnb
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.23 Subsystem:
Regression: --- Bisected commit-id:
Attachments: Proposed patch

Description Nathaniel Filardo 2008-01-23 13:13:12 UTC 
Problem Description:

The TUN/TAP driver only permits one-way transitions of IFF_NO_PI or IFF_ONE_QUEUE during the lifetime of a tap/tun interface.  Note that tun_set_iff contains

 541         if (ifr->ifr_flags & IFF_NO_PI)
 542                 tun->flags |= TUN_NO_PI;
 543 
 544         if (ifr->ifr_flags & IFF_ONE_QUEUE)
 545                 tun->flags |= TUN_ONE_QUEUE;

This is easily fixed by adding else branches which clear these bits.

Steps to reproduce:

This is easily reproduced by setting an interface persistant using tunctl then attempting to open it as IFF_TAP or IFF_TUN, without asserting the IFF_NO_PI flag.  The ioctl() will succeed and the ifr.flags word is not modified, but the interface remains in IFF_NO_PI mode (as it was set by tunctl).
Comment 1 Nathaniel Filardo 2008-01-23 13:14:37 UTC 
Created attachment 14548 [details]
Proposed patch

This causes tun_set_iff to clear TUN_ONE_QUEUE and TUN_NO_PI if the IFF_ flags are not asserted by userland.
Comment 2 Anonymous Emailer 2008-01-24 00:34:26 UTC 
Reply-To: akpm@linux-foundation.org

> On Wed, 23 Jan 2008 13:13:13 -0800 (PST) bugme-daemon@bugzilla.kernel.org
> wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=9806
> 
>            Summary: (tun dev) Impossible to deassert IFF_ONE_QUEUE or
>                     IFF_NO_PI
>            Product: Drivers
>            Version: 2.5
>      KernelVersion: 2.6.23
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Network
>         AssignedTo: jgarzik@pobox.com
>         ReportedBy: nwfilardo@gmail.com
> 
> 
> Problem Description:
> 
> The TUN/TAP driver only permits one-way transitions of IFF_NO_PI or
> IFF_ONE_QUEUE during the lifetime of a tap/tun interface.  Note that
> tun_set_iff contains
> 
>  541         if (ifr->ifr_flags & IFF_NO_PI)
>  542                 tun->flags |= TUN_NO_PI;
>  543 
>  544         if (ifr->ifr_flags & IFF_ONE_QUEUE)
>  545                 tun->flags |= TUN_ONE_QUEUE;
> 
> This is easily fixed by adding else branches which clear these bits.
> 
> Steps to reproduce:
> 
> This is easily reproduced by setting an interface persistant using tunctl
> then
> attempting to open it as IFF_TAP or IFF_TUN, without asserting the IFF_NO_PI
> flag.  The ioctl() will succeed and the ifr.flags word is not modified, but
> the
> interface remains in IFF_NO_PI mode (as it was set by tunctl).
> 

Thanks.   Could you please submit the patch via email?  Send it to
all recipients of this email.
Comment 3 Natalie Protasevich 2008-06-02 16:00:06 UTC 
Nathaniel, did you have chance to submit the driver? (since I don't see it in the latest git, but maybe it is in maintainer's tree..)