From sec@42.org  Thu Mar  4 11:14:45 2004
Return-Path: <sec@42.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1CCA016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Mar 2004 11:14:45 -0800 (PST)
Received: from ice.42.org (ice.42.org [194.77.3.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CD39B43D46
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Mar 2004 11:14:44 -0800 (PST)
	(envelope-from sec@42.org)
Received: by ice.42.org (Postfix, from userid 1000)
	id 67E9B1C8BA; Thu,  4 Mar 2004 20:14:43 +0100 (CET)
Message-Id: <20040304191443.67E9B1C8BA@ice.42.org>
Date: Thu,  4 Mar 2004 20:14:43 +0100 (CET)
From: Stefan `Sec` Zehl <sec@42.org>
Reply-To: Stefan `Sec` Zehl <sec@42.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: tap device / exclusive open problem
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         63772
>Category:       kern
>Synopsis:       tap device / exclusive open problem
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 04 11:20:08 PST 2004
>Closed-Date:    Sun May 23 10:19:30 PDT 2004
>Last-Modified:  Sun May 23 10:19:30 PDT 2004
>Originator:     Stefan `Sec` Zehl
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD dell 5.2-CURRENT FreeBSD 5.2-CURRENT #3: Thu Mar 4 17:37:09 CET 2004 root@dell:/usr/obj/usr/src/sys/DELL i386



        
>Description:

tap(4) says:

     The Ethernet tunnel device, normally /dev/tapN, is exclusive-open (it
     cannot be opened if it is already open) and is restricted to the super-
     user.  A read() call will return an error (EHOSTDOWN) if the interface is

but this appears to be untrue.

The problem affects openvpn (1.6r2) which always ends up using tap0,            even if it already in use.

>How-To-Repeat:

I can have multiple processes reading and writing on a single tap inerface.

dell:~#cat /dev/tap0 &
[1] 29197
dell:~#cat /dev/tap0 &
[2] 29198

dell:~#echo> /dev/tap0 ; echo $?
0
dell:~#jobs
[1]  - running    cat /dev/tap0
[2]  + running    cat /dev/tap0


>Fix:

>Release-Note:
>Audit-Trail:

From: Stefan `Sec` Zehl <sec@42.org>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: kern/63772: tap device / exclusive open problem
Date: Fri, 5 Mar 2004 19:18:52 +0100

 On Thu, Mar 04, 2004 at 11:20 -0800, FreeBSD-gnats-submit@FreeBSD.org wrote:
 > Thank you very much for your problem report.
 > It has the internal identification `kern/63772'.
 
 I have checked the if_tap.c in the current and stable branches, and was
 thus able to come up with an easy fix:
 
 --- if_tap.c    Tue Feb 24 05:35:44 2004
 +++ if_tap.c.neu        Fri Mar  5 19:09:12 2004
 @@ -323,6 +323,9 @@
         KASSERT(!(tp->tap_flags & TAP_OPEN), 
                 ("%s flags is out of sync", tp->tap_if.if_xname));
  
 +       if (tp->tap_flags & TAP_OPEN)
 +               return (EBUSY);
 +
         bcopy(tp->arpcom.ac_enaddr, tp->ether_addr, sizeof(tp->ether_addr));
  
         tp->tap_pid = td->td_proc->p_pid;
 
 
 After this simple change, openvpn works with multiple tunnels again.
 
 I hope this can be committed.
 
 CU,
     Sec
 -- 
 "Caution, you have *no chance* of operating this device successfully
 unless you have read the instruction manual."
 - from a card covering the screen of an Amstrad phone

From: Brooks Davis <brooks@one-eyed-alien.net>
To: Stefan `Sec` Zehl <sec@42.org>
Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: kern/63772: tap device / exclusive open problem
Date: Fri, 5 Mar 2004 10:55:30 -0800

 On Fri, Mar 05, 2004 at 07:18:52PM +0100, Stefan `Sec` Zehl wrote:
 > On Thu, Mar 04, 2004 at 11:20 -0800, FreeBSD-gnats-submit@FreeBSD.org wrote:
 > > Thank you very much for your problem report.
 > > It has the internal identification `kern/63772'.
 > 
 > I have checked the if_tap.c in the current and stable branches, and was
 > thus able to come up with an easy fix:
 > 
 > --- if_tap.c    Tue Feb 24 05:35:44 2004
 > +++ if_tap.c.neu        Fri Mar  5 19:09:12 2004
 > @@ -323,6 +323,9 @@
 >         KASSERT(!(tp->tap_flags & TAP_OPEN), 
 >                 ("%s flags is out of sync", tp->tap_if.if_xname));
 >  
 > +       if (tp->tap_flags & TAP_OPEN)
 > +               return (EBUSY);
 > +
 >         bcopy(tp->arpcom.ac_enaddr, tp->ether_addr, sizeof(tp->ether_addr));
 >  
 >         tp->tap_pid = td->td_proc->p_pid;
 > 
 > 
 > After this simple change, openvpn works with multiple tunnels again.
 
 There's obviously something complicated going on since with INVARIANTS
 enabled this would either return EBUSY or panic.  This should definitely
 not be committed as is.
 
 -- Brooks

From: Stefan `Sec` Zehl <sec@42.org>
To: Brooks Davis <brooks@one-eyed-alien.net>
Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: kern/63772: tap device / exclusive open problem
Date: Tue, 9 Mar 2004 01:46:45 +0100

 On Fri, Mar 05, 2004 at 10:55 -0800, Brooks Davis wrote:
 
 [...]
 
 > >         KASSERT(!(tp->tap_flags & TAP_OPEN), 
 > >                 ("%s flags is out of sync", tp->tap_if.if_xname));
 > >  
 > > +       if (tp->tap_flags & TAP_OPEN)
 > > +               return (EBUSY);
 > > +
 [...]
 
 
 > There's obviously something complicated going on since with INVARIANTS
 > enabled this would either return EBUSY or panic.  This should definitely
 > not be committed as is.
 
 I must admit, I don't understand the problem. this is an really simple
 if. Nothing is modified, and tp is not NULL, or the KASSERT above would
 be broken already.
 
 How do you get it to panic?
 
 It works fine for me.
 
 CU,
     Sec
 -- 
 In 1968 it took the computing-Power of 2 C-64 to fly a rocket to the moon.
 Now, 1997 it takes the Power of a Pentium 133 to run Microsoft Windows 95.
                     Something must have gone wrong.
State-Changed-From-To: open->closed  
State-Changed-By: csjp 
State-Changed-When: Sun May 23 10:16:33 PDT 2004 
State-Changed-Why:  
This problem has been fixed. Opens on these devices 
are now exclusive.  

Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63772 
>Unformatted:
