Clarify the concept of tun/TAP

Source: Internet
Author: User
Tags ibm developerworks

Clarify the concept of tun/TAP
-- Check the source code of vtun.
I recently read some articles about virtual network card devices in Linux, all of which are well written. For example, on IBM developerworks and China UNIX, I explained the related driver design issues.
But when I first read the source code of vtun, I found that there were still some shortcomings in the US. I hope you will discuss your ideas together. Csdn is rarely used recently, so no images can be viewed ....

Tun and tap are different
The unified statement is as follows:
Tun is a point-to-point three-layer device that works on the IP layer and processes IP groups;
Tap is a virtual ethernet device that operates on the second layer and processes Ethernet frames;

The information found below also confirms this point:
FAQ from universal tun/TAP Device Driver:
The Tun is virtual point-to-point network device. Tun driver was designed as low level Kernel support forip tunneling.
The TAP is a virtual Ethernet network device. Tap driver was designed as low level Kernel support forethernet tunneling.
Tun works with IP frames. Tap works with Ethernet frames
From openvpn FAQ: the difference between a tun and tap device is this: a tun device is a virtual IP point-to-point device and a tap device is a virtual ethernet device

In fact, this is just one side. It is very general. Here are some more differences:
1. Different device numbers.
The Tun device number is 10 200, which is the MISC device under the character device and the miscdevice In the 2.6 kernel. the tun_minor (Slave Device number) defined in H is also 200, while the tap is 36 16, and the Netlink of the character device is supported.
See device-List (2008-3 ):

2. Obviously, different device numbers lead to different file nodes:
However, the universal tun/TAP Device Driver seems to be of the/dev/TUN type. It is found that this is before the 2.4 kernel, after 2.6, the Tun device corresponds to the file/dev/NET/tun.


3. In addition, I occasionally see the following information from other materials:

Tap: The subnet mask is/24,255.255 .255.0, corresponding to the Ethernet device

Tun: The subnet mask is/30,255.255. 255.252. It is a point-to-point device.

Finally, when the source code of vtun is used to enable the open device, the tap and Tun are also separated, as if there are two Tun, A node is/dev/TUN (excluding <Linux/if_tun.h>) and a node is/dev/NET/TUN (including <Linux/if_tun.h> ). The former seems to be set for 2.4 cores.

To sum up, (because the Tun device is confused, the tap device does not exist ):
2.4 core: Tun device number is 36 16 +, file node:/dev/tun0
2.6 core: Tun device number is 10 200, file node:/dev/NET/TUN

Specifically, Tun or tap is not determined when open opens the file node of the device. The file node is only the interface provided by the kernel to the user, and the application needsioctlSet the working mode of your virtual network device,Whether it is tun or tap.

So the second point above should be changed!
Here are some of my opinions. Please advise me!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.