back to home

msantos / tunctl

Erlang TUN/TAP interface

78 stars
24 forks
6 issues
ErlangShell
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing msantos/tunctl in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Source files are only loaded when you start an analysis to optimize performance.
Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind.in/repo/msantos/tunctl)
Preview:Analyzed by RepoMind

Repository Overview (README excerpt)

Crawler view

tunctl is an Erlang API for creating and using TUN/TAP interfaces. PRIVILEGES Linux For IPv4 addresses, beam needs to have privileges to configure interfaces. To add cap_net_admin capabilities: To check the privileges: To remove the privileges: Currently, IPv6 addresses are configured by calling ifconfig using sudo (see below). Mac OS X Requires the tun/tap driver from: http://tuntaposx.sourceforge.net/ Allow the user running tunctl to call ifconfig using sudo: FreeBSD tunctl uses the FreeBSD tuntap legacy interface. • Ensure the tap device kernel module is loaded: If you want the tap driver loaded on boot, add to /boot/loader.conf: • Check cloning is enabled: • Allow the user running tunctl to call ifconfig using sudo: EXPORTS tuncer Tuncer is a stand up guy and just like him, tuncer has your back. tunctl tunctl does the actual tun/tap device manipulation. Some functions take a device name, others a file descriptor. It is up to the caller to make sure the file descriptors are closed (the device will disappear after the fd is closed if the device is not persistent). EXAMPLES • "Passive" mode • Active mode vpwn vpwn will set up a point to point tunnel over the Erlang distribution protocol. Compile vpwn on the source and destination nodes: Run Erlang on the destination node: And on the source node: Then start up the tunnel (replace the host name): Then connect over the tunnel to the second node: Bridging is an example of a simple bridge that floods frames to all the switch ports. uses a tap device plugged into a Linux bridge as an uplink port and 1 or more tap devices as the switch ports. This example uses the tap devices as interfaces for Linux containers (LXC). • Create a bridge and attach the physical ethernet interface • Start the bridge: • is the name of the tap device connected to the bridge • are the tap devices used by the containers • In another shell, as root, bring up the uplink and attach it to the bridge: • Move the switch port interface into the container. The interface name inside the container will be known as "erl0". TODO • Linux: • the TUNSETIFF ioctl request to create the interface requires CAP_NET_ADMIN privileges. Look at moving the interface creation into the procket setuid binary for OSes that use the multiplexing dev. • add support for tun filtering • make sure tuncer can never leak file descriptors