2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 * This is the portable version of the SSH tunnel forwarding, it
25 * uses some preprocessor definitions for various platform-specific
28 * SSH_TUN_LINUX Use the (newer) Linux tun/tap device
29 * SSH_TUN_COMPAT_AF Translate the OpenBSD address family
30 * SSH_TUN_PREPEND_AF Prepend/remove the address family
34 * System-specific tunnel open function
37 #if defined(SSH_TUN_LINUX)
38 #include <linux/if_tun.h>
41 sys_tun_open(int tun, int mode)
45 const char *name = NULL;
47 if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
48 debug("%s: failed to open tunnel control interface: %s",
49 __func__, strerror(errno));
53 bzero(&ifr, sizeof(ifr));
55 if (mode == SSH_TUNMODE_ETHERNET) {
56 ifr.ifr_flags = IFF_TAP;
59 ifr.ifr_flags = IFF_TUN;
62 ifr.ifr_flags |= IFF_NO_PI;
64 if (tun != SSH_TUNID_ANY) {
65 if (tun > SSH_TUNID_MAX) {
66 debug("%s: invalid tunnel id %x: %s", __func__,
67 tun, strerror(errno));
70 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
73 if (ioctl(fd, TUNSETIFF, &ifr) == -1) {
74 debug("%s: failed to configure tunnel (mode %d): %s", __func__,
75 mode, strerror(errno));
79 if (tun == SSH_TUNID_ANY)
80 debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
82 debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
90 #endif /* SSH_TUN_LINUX */
92 #ifdef SSH_TUN_FREEBSD
93 #include <sys/socket.h>
95 #include <net/if_tun.h>
98 sys_tun_open(int tun, int mode)
102 int fd = -1, sock, flag;
103 const char *tunbase = "tun";
105 if (mode == SSH_TUNMODE_ETHERNET) {
107 debug("%s: no layer 2 tunnelling support", __func__);
114 /* Open the tunnel device */
115 if (tun <= SSH_TUNID_MAX) {
116 snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
117 fd = open(name, O_RDWR);
118 } else if (tun == SSH_TUNID_ANY) {
119 for (tun = 100; tun >= 0; tun--) {
120 snprintf(name, sizeof(name), "/dev/%s%d",
122 if ((fd = open(name, O_RDWR)) >= 0)
126 debug("%s: invalid tunnel %u\n", __func__, tun);
131 debug("%s: %s open failed: %s", __func__, name,
136 /* Turn on tunnel headers */
138 #if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
139 if (mode != SSH_TUNMODE_ETHERNET &&
140 ioctl(fd, TUNSIFHEAD, &flag) == -1) {
141 debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
147 debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
149 /* Set the tunnel device operation mode */
150 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
151 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
154 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
156 ifr.ifr_flags |= IFF_UP;
157 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
168 debug("%s: failed to set %s mode %d: %s", __func__, name,
169 mode, strerror(errno));
172 #endif /* SSH_TUN_FREEBSD */
175 * System-specific channel filters
178 #if defined(SSH_TUN_FILTER)
179 #define OPENBSD_AF_INET 2
180 #define OPENBSD_AF_INET6 24
183 sys_tun_infilter(struct Channel *c, char *buf, int len)
185 #if defined(SSH_TUN_PREPEND_AF)
186 char rbuf[CHAN_RBUF];
192 #if defined(SSH_TUN_PREPEND_AF)
193 if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
195 ptr = (char *)&rbuf[0];
196 bcopy(buf, ptr + sizeof(u_int32_t), len);
197 len += sizeof(u_int32_t);
198 af = (u_int32_t *)ptr;
200 iph = (struct ip *)(ptr + sizeof(u_int32_t));
212 #if defined(SSH_TUN_COMPAT_AF)
213 if (len < (int)sizeof(u_int32_t))
216 af = (u_int32_t *)ptr;
217 if (*af == htonl(AF_INET6))
218 *af = htonl(OPENBSD_AF_INET6);
220 *af = htonl(OPENBSD_AF_INET);
223 buffer_put_string(&c->input, ptr, len);
228 sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen)
233 *data = buffer_get_string(&c->output, dlen);
234 if (*dlen < sizeof(*af))
238 #if defined(SSH_TUN_PREPEND_AF)
239 *dlen -= sizeof(u_int32_t);
240 buf = *data + sizeof(u_int32_t);
241 #elif defined(SSH_TUN_COMPAT_AF)
242 af = ntohl(*(u_int32_t *)buf);
243 if (*af == OPENBSD_AF_INET6)
244 *af = htonl(AF_INET6);
246 *af = htonl(AF_INET);
251 #endif /* SSH_TUN_FILTER */