2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/ioctl.h>
21 #include <netinet/in.h>
22 #include <netinet/ip.h>
36 * This is the portable version of the SSH tunnel forwarding, it
37 * uses some preprocessor definitions for various platform-specific
40 * SSH_TUN_LINUX Use the (newer) Linux tun/tap device
41 * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device
42 * SSH_TUN_COMPAT_AF Translate the OpenBSD address family
43 * SSH_TUN_PREPEND_AF Prepend/remove the address family
47 * System-specific tunnel open function
50 #if defined(SSH_TUN_LINUX)
52 #include <linux/if_tun.h>
55 sys_tun_open(int tun, int mode)
59 const char *name = NULL;
61 if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
62 debug("%s: failed to open tunnel control interface: %s",
63 __func__, strerror(errno));
67 bzero(&ifr, sizeof(ifr));
69 if (mode == SSH_TUNMODE_ETHERNET) {
70 ifr.ifr_flags = IFF_TAP;
73 ifr.ifr_flags = IFF_TUN;
76 ifr.ifr_flags |= IFF_NO_PI;
78 if (tun != SSH_TUNID_ANY) {
79 if (tun > SSH_TUNID_MAX) {
80 debug("%s: invalid tunnel id %x: %s", __func__,
81 tun, strerror(errno));
84 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
87 if (ioctl(fd, TUNSETIFF, &ifr) == -1) {
88 debug("%s: failed to configure tunnel (mode %d): %s", __func__,
89 mode, strerror(errno));
93 if (tun == SSH_TUNID_ANY)
94 debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
96 debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
104 #endif /* SSH_TUN_LINUX */
106 #ifdef SSH_TUN_FREEBSD
107 #include <sys/socket.h>
110 #ifdef HAVE_NET_IF_TUN_H
111 #include <net/if_tun.h>
115 sys_tun_open(int tun, int mode)
119 int fd = -1, sock, flag;
120 const char *tunbase = "tun";
122 if (mode == SSH_TUNMODE_ETHERNET) {
124 debug("%s: no layer 2 tunnelling support", __func__);
131 /* Open the tunnel device */
132 if (tun <= SSH_TUNID_MAX) {
133 snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
134 fd = open(name, O_RDWR);
135 } else if (tun == SSH_TUNID_ANY) {
136 for (tun = 100; tun >= 0; tun--) {
137 snprintf(name, sizeof(name), "/dev/%s%d",
139 if ((fd = open(name, O_RDWR)) >= 0)
143 debug("%s: invalid tunnel %u\n", __func__, tun);
148 debug("%s: %s open failed: %s", __func__, name,
153 /* Turn on tunnel headers */
155 #if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
156 if (mode != SSH_TUNMODE_ETHERNET &&
157 ioctl(fd, TUNSIFHEAD, &flag) == -1) {
158 debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
164 debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
166 /* Set the tunnel device operation mode */
167 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
168 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
171 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
173 ifr.ifr_flags |= IFF_UP;
174 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
185 debug("%s: failed to set %s mode %d: %s", __func__, name,
186 mode, strerror(errno));
189 #endif /* SSH_TUN_FREEBSD */
192 * System-specific channel filters
195 #if defined(SSH_TUN_FILTER)
196 #define OPENBSD_AF_INET 2
197 #define OPENBSD_AF_INET6 24
200 sys_tun_infilter(struct Channel *c, char *buf, int len)
202 #if defined(SSH_TUN_PREPEND_AF)
203 char rbuf[CHAN_RBUF];
209 #if defined(SSH_TUN_PREPEND_AF)
210 if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
212 ptr = (char *)&rbuf[0];
213 bcopy(buf, ptr + sizeof(u_int32_t), len);
214 len += sizeof(u_int32_t);
215 af = (u_int32_t *)ptr;
217 iph = (struct ip *)(ptr + sizeof(u_int32_t));
229 #if defined(SSH_TUN_COMPAT_AF)
230 if (len < (int)sizeof(u_int32_t))
233 af = (u_int32_t *)ptr;
234 if (*af == htonl(AF_INET6))
235 *af = htonl(OPENBSD_AF_INET6);
237 *af = htonl(OPENBSD_AF_INET);
240 buffer_put_string(&c->input, ptr, len);
245 sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen)
250 *data = buffer_get_string(&c->output, dlen);
251 if (*dlen < sizeof(*af))
255 #if defined(SSH_TUN_PREPEND_AF)
256 *dlen -= sizeof(u_int32_t);
257 buf = *data + sizeof(u_int32_t);
258 #elif defined(SSH_TUN_COMPAT_AF)
259 af = ntohl(*(u_int32_t *)buf);
260 if (*af == OPENBSD_AF_INET6)
261 *af = htonl(AF_INET6);
263 *af = htonl(AF_INET);
268 #endif /* SSH_TUN_FILTER */