14

I'm using ip tuntap to create a tap interface, like this:

$ sudo ip tuntap add mode tap tap0

Afterwards, I set the interface up and address it with the common IP commands. I can see then my interface up and addressed with a simple ifconfig.

Now, I was told by a teacher that by creating a tap interface (named tap0 in that case), I would find a /dev/net/tap0 node, and that I would be able to write in it or to read it. However, I can't find it. I "just" have a /dev/net/tun.

Do I have to deal with this tun node, or am I supposed to really have a tap0 node?

chrk
  • 4,037
  • 2
  • 39
  • 47
C. Paul
  • 241
  • 1
  • 3
  • 7

2 Answers2

30

It's been a long time since the question was asked, but I thought it would be a good idea to post an actual answer for future reference.

Tap interfaces, as well as tun interfaces, are virtual interfaces provided by the in-kernel TUN/TAP device driver. The only interface this driver provides initially is the character device /dev/net/tun mentioned in the question.

By issuing:

$ sudo ip tuntap add mode tap tap0

we instruct ip tuntap to create a network interface named tap0, which is accomplished using the proper ioctl(2) calls on the aforementioned device file /dev/net/tun, to communicate with the underlying TUN/TAP device driver, as we can observe in ip tuntap's source code.

One of these ioctl(2) calls (the one with TUNSETIFF option, which is called first) returns a file descriptor associated with the new virtual interface that was created and can be used by processes.

Summing it up:

Do I have to deal with this tun node, or am I supposed to really have a tap0 node?

The /dev/net/tun device file is only used as a starting point to create both tap and tun interfaces, by userspace utilities like iproute2. In the context of this question, there's no need to deal with it as ip tuntap does this job for us.

Any extra /dev/net/tap0 device files are not needed or expected to be created for the processes to use the tap interfaces.

chrk
  • 4,037
  • 2
  • 39
  • 47
  • 2
    "Any extra /dev/net/tap0 device files are not needed or expected to be created for the processes to use the tap interfaces." Why? how would I use the device without a device file or a file descriptor? – Void Star Nov 25 '18 at 23:47
  • 1
    @VoidStar It depends. As you would have noticed if you had actually followed the link to `ip tuntap`'s source code in my answer, you actually do have a file descriptor if you create the tap interface programatically--it's the one you get by `open(2)`ing the `/dev/net/tun` device and use to do the appropriate `ioctl(2)` calls. If you don't create it programmatically, then you can think of the tap interface as a network interface, much like e.g. `eth0`. Do you need a file descriptor to "use" `eth0`? How do you "use" a network interface? You may attach it to a bridge, set routing rules, etc, etc. – chrk Nov 26 '18 at 00:05
  • If I use `ip tuntap add` I am not directly manipulating `/dev/net/tun` nor `ioctl(2)` so I do not really understand how that is relevant. The kernel appears to be aware of the device, but again, how does the user space program access it? – Void Star Nov 26 '18 at 00:25
  • 1
    @VoidStar Any other process can use it in exactly the same way as it uses the rest of the network interfaces on the host. Assign an address to the tap interface, configure it properly, e.g. set routing rules, iptables rules, etc, and use it as always, e.g. using sockets. There's not much special in using the tap interface in a non-programmatic manner in comparison to the other network interfaces on the host. – chrk Nov 26 '18 at 00:39
  • @VoidStar Configuring network interfaces is obviously way out of the scope of the original question here, but there are plenty of resources you can find about it, on this site, on other blogs, articles and forums, and of course the man pages. Consider posting a new question if you actually have a specific question, as the rules suggest. – chrk Nov 26 '18 at 00:49
  • 1
    @voidstar a 'persistent' tap interface you create with `ip tuntap add` is just sort of preset so you can configure the user and group ownership and set up the host system side of the network interface configuration before the user space program has even opened the tap interface. How the user space program accesses it is that it opens `/dev/net/tun`, and gives its fd a configuration using the `ioctl` `TUNSETIFF` and as part of that it gives it a name that matches the existing 'persistent' interface https://www.kernel.org/doc/html/latest/networking/tuntap.html#program-interface – rakslice Aug 24 '21 at 03:15
5

you need to activate that link with command

ip link set dev tap0 up

after that you can use it.

Moritz Ringler
  • 9,772
  • 9
  • 21
  • 34
Aleksei Kurepin
  • 139
  • 2
  • 10
  • 1
    this did not work for me, and I think more explanation of why this is necessary is needed – Void Star Nov 25 '18 at 23:46
  • Hi. it would be nice, when you describe your case, kernel, modules etc. Since year 2013 many things have changed. Maybe you try to implement this on docker? – Aleksei Kurepin Dec 04 '18 at 14:52
  • Thanks for the suggestion. I ran your command in Mininet, and I could see TAP from ` ifconfig`. I see only IPv6 address like "ether 62:...:64". Should I use this with network bridge for transferring packet (https://stackoverflow.com/a/28999823/5595995)? – Cloud Cho Aug 16 '23 at 05:23