2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/ioctl.h>
21 #include <netinet/in.h>
22 #include <netinet/ip.h>
35 * This is the portable version of the SSH tunnel forwarding, it
36 * uses some preprocessor definitions for various platform-specific
39 * SSH_TUN_LINUX Use the (newer) Linux tun/tap device
40 * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device
41 * SSH_TUN_COMPAT_AF Translate the OpenBSD address family
42 * SSH_TUN_PREPEND_AF Prepend/remove the address family
46 * System-specific tunnel open function
49 #if defined(SSH_TUN_LINUX)
51 #include <linux/if_tun.h>
54 sys_tun_open(int tun, int mode)
58 const char *name = NULL;
60 if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
61 debug("%s: failed to open tunnel control interface: %s",
62 __func__, strerror(errno));
66 bzero(&ifr, sizeof(ifr));
68 if (mode == SSH_TUNMODE_ETHERNET) {
69 ifr.ifr_flags = IFF_TAP;
72 ifr.ifr_flags = IFF_TUN;
75 ifr.ifr_flags |= IFF_NO_PI;
77 if (tun != SSH_TUNID_ANY) {
78 if (tun > SSH_TUNID_MAX) {
79 debug("%s: invalid tunnel id %x: %s", __func__,
80 tun, strerror(errno));
83 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
86 if (ioctl(fd, TUNSETIFF, &ifr) == -1) {
87 debug("%s: failed to configure tunnel (mode %d): %s", __func__,
88 mode, strerror(errno));
92 if (tun == SSH_TUNID_ANY)
93 debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
95 debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
103 #endif /* SSH_TUN_LINUX */
105 #ifdef SSH_TUN_FREEBSD
106 #include <sys/socket.h>
109 #ifdef HAVE_NET_IF_TUN_H
110 #include <net/if_tun.h>
114 sys_tun_open(int tun, int mode)
118 int fd = -1, sock, flag;
119 const char *tunbase = "tun";
121 if (mode == SSH_TUNMODE_ETHERNET) {
123 debug("%s: no layer 2 tunnelling support", __func__);
130 /* Open the tunnel device */
131 if (tun <= SSH_TUNID_MAX) {
132 snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
133 fd = open(name, O_RDWR);
134 } else if (tun == SSH_TUNID_ANY) {
135 for (tun = 100; tun >= 0; tun--) {
136 snprintf(name, sizeof(name), "/dev/%s%d",
138 if ((fd = open(name, O_RDWR)) >= 0)
142 debug("%s: invalid tunnel %u\n", __func__, tun);
147 debug("%s: %s open failed: %s", __func__, name,
152 /* Turn on tunnel headers */
154 #if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
155 if (mode != SSH_TUNMODE_ETHERNET &&
156 ioctl(fd, TUNSIFHEAD, &flag) == -1) {
157 debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
163 debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
165 /* Set the tunnel device operation mode */
166 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
167 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
170 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
172 ifr.ifr_flags |= IFF_UP;
173 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
184 debug("%s: failed to set %s mode %d: %s", __func__, name,
185 mode, strerror(errno));
188 #endif /* SSH_TUN_FREEBSD */
191 * System-specific channel filters
194 #if defined(SSH_TUN_FILTER)
195 #define OPENBSD_AF_INET 2
196 #define OPENBSD_AF_INET6 24
199 sys_tun_infilter(struct Channel *c, char *buf, int len)
201 #if defined(SSH_TUN_PREPEND_AF)
202 char rbuf[CHAN_RBUF];
208 #if defined(SSH_TUN_PREPEND_AF)
209 if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
211 ptr = (char *)&rbuf[0];
212 bcopy(buf, ptr + sizeof(u_int32_t), len);
213 len += sizeof(u_int32_t);
214 af = (u_int32_t *)ptr;
216 iph = (struct ip *)(ptr + sizeof(u_int32_t));
228 #if defined(SSH_TUN_COMPAT_AF)
229 if (len < (int)sizeof(u_int32_t))
232 af = (u_int32_t *)ptr;
233 if (*af == htonl(AF_INET6))
234 *af = htonl(OPENBSD_AF_INET6);
236 *af = htonl(OPENBSD_AF_INET);
239 buffer_put_string(&c->input, ptr, len);
244 sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen)
249 *data = buffer_get_string(&c->output, dlen);
250 if (*dlen < sizeof(*af))
254 #if defined(SSH_TUN_PREPEND_AF)
255 *dlen -= sizeof(u_int32_t);
256 buf = *data + sizeof(u_int32_t);
257 #elif defined(SSH_TUN_COMPAT_AF)
258 af = ntohl(*(u_int32_t *)buf);
259 if (*af == OPENBSD_AF_INET6)
260 *af = htonl(AF_INET6);
262 *af = htonl(AF_INET);
267 #endif /* SSH_TUN_FILTER */