2004-12-05 16:28:54 +03:00
|
|
|
.\" $NetBSD: tun.4,v 1.17 2004/12/05 13:28:54 wiz Exp $
|
2003-03-10 02:29:52 +03:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 1996-2003 The NetBSD Foundation, Inc.
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
|
|
.\" by der Mouse.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the NetBSD
|
|
|
|
.\" Foundation, Inc. and its contributors.
|
|
|
|
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
|
|
.\" contributors may be used to endorse or promote products derived
|
|
|
|
.\" from this software without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
1996-06-26 02:17:37 +04:00
|
|
|
.\"
|
2004-11-22 20:17:24 +03:00
|
|
|
.Dd November 22, 2004
|
1996-06-26 02:17:37 +04:00
|
|
|
.Dt TUN 4
|
1999-03-16 04:19:14 +03:00
|
|
|
.Os
|
1996-06-26 02:17:37 +04:00
|
|
|
.Sh NAME
|
|
|
|
.Nm tun
|
|
|
|
.Nd tunnel software network interface
|
|
|
|
.Sh SYNOPSIS
|
2004-11-22 20:17:24 +03:00
|
|
|
.Cd pseudo-device tun
|
1996-06-26 02:17:37 +04:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Nm tun
|
|
|
|
interface is a software loopback mechanism that can be loosely
|
|
|
|
described as the network interface analog of the
|
|
|
|
.Xr pty 4 ,
|
|
|
|
that is,
|
|
|
|
.Nm tun
|
|
|
|
does for network interfaces what the
|
|
|
|
.Nm pty
|
|
|
|
driver does for terminals.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Nm tun
|
|
|
|
driver, like the
|
|
|
|
.Nm pty
|
|
|
|
driver, provides two interfaces: an interface like the usual facility
|
|
|
|
it is simulating
|
|
|
|
.Po
|
|
|
|
a network interface in the case of
|
|
|
|
.Nm tun ,
|
|
|
|
or a terminal for
|
2000-08-10 06:34:50 +04:00
|
|
|
.Nm pty
|
|
|
|
.Pc ,
|
1996-06-26 02:17:37 +04:00
|
|
|
and a character-special device
|
|
|
|
.Dq control
|
|
|
|
interface.
|
|
|
|
.Pp
|
2001-10-31 23:08:17 +03:00
|
|
|
To use a
|
|
|
|
.Nm tun
|
2004-12-05 16:28:54 +03:00
|
|
|
device, the administrator must first create the interface.
|
|
|
|
This can be done by using the
|
2001-10-31 23:08:17 +03:00
|
|
|
.Xr ifconfig 8
|
2004-12-05 16:26:39 +03:00
|
|
|
.Cm create
|
2001-11-01 04:15:42 +03:00
|
|
|
command, or via the
|
2001-10-31 23:08:17 +03:00
|
|
|
.Dv SIOCIFCREATE
|
2004-12-05 16:28:54 +03:00
|
|
|
ioctl.
|
|
|
|
An
|
2001-10-31 23:08:17 +03:00
|
|
|
.Fn open
|
|
|
|
call on
|
|
|
|
.Pa /dev/tun Ns Sy N ,
|
2004-12-05 16:26:39 +03:00
|
|
|
will also create a network interface with the same unit number of
|
|
|
|
that device if it doesn't exists yet.
|
2001-10-31 23:08:17 +03:00
|
|
|
.Pp
|
2004-11-22 20:17:24 +03:00
|
|
|
The network interfaces should be named
|
1996-06-26 02:17:37 +04:00
|
|
|
.Sy tun Ns Ar 0 ,
|
|
|
|
.Sy tun Ns Ar 1 ,
|
2004-11-22 20:17:24 +03:00
|
|
|
etc.
|
|
|
|
Each interface supports the usual network-interface
|
2001-09-22 20:36:21 +04:00
|
|
|
.Xr ioctl 2 Ns s ,
|
1996-06-26 02:17:37 +04:00
|
|
|
such as
|
|
|
|
.Dv SIOCSIFADDR
|
|
|
|
and
|
|
|
|
.Dv SIOCSIFNETMASK ,
|
|
|
|
and thus can be used with
|
|
|
|
.Xr ifconfig 8
|
2004-12-05 16:28:54 +03:00
|
|
|
like any other interface.
|
|
|
|
At boot time, they are
|
1996-06-26 02:17:37 +04:00
|
|
|
.Dv POINTOPOINT
|
|
|
|
interfaces, but this can be changed; see the description of the control
|
2004-12-05 16:28:54 +03:00
|
|
|
device, below.
|
|
|
|
When the system chooses to transmit a packet on the
|
1996-06-26 02:17:37 +04:00
|
|
|
network interface, the packet can be read from the control device
|
|
|
|
.Po
|
2001-10-31 23:08:17 +03:00
|
|
|
it appears there as
|
|
|
|
.Dq output
|
1996-06-26 02:17:37 +04:00
|
|
|
.Pc ;
|
|
|
|
writing a packet to the control device generates an input
|
|
|
|
packet on the network interface, as if the
|
|
|
|
.Pq non-existent
|
|
|
|
hardware had just received it.
|
|
|
|
.Pp
|
|
|
|
The tunnel device, normally
|
|
|
|
.Pa /dev/tun Ns Sy N ,
|
|
|
|
is exclusive-open
|
|
|
|
.Po
|
|
|
|
it cannot be opened if it is already open
|
|
|
|
.Pc
|
2001-10-31 23:08:17 +03:00
|
|
|
and is restricted to the super-user
|
2004-12-05 16:28:54 +03:00
|
|
|
.Pq regardless of file system permissions .
|
|
|
|
A
|
1996-06-26 02:17:37 +04:00
|
|
|
.Fn read
|
|
|
|
call will return an error
|
|
|
|
.Pq Er EHOSTDOWN
|
|
|
|
if the interface is not
|
|
|
|
.Dq ready
|
2001-10-31 23:08:17 +03:00
|
|
|
(which means that the interface
|
|
|
|
address has not been set).
|
1996-06-26 02:17:37 +04:00
|
|
|
Once the interface is ready,
|
|
|
|
.Fn read
|
|
|
|
will return a packet if one is available; if not, it will either block
|
|
|
|
until one is or return
|
2001-05-19 21:23:39 +04:00
|
|
|
.Er EAGAIN ,
|
2004-12-05 16:28:54 +03:00
|
|
|
depending on whether non-blocking I/O has been enabled.
|
|
|
|
If the packet
|
1996-06-26 02:17:37 +04:00
|
|
|
is longer than is allowed for in the buffer passed to
|
|
|
|
.Fn read ,
|
|
|
|
the extra data will be silently dropped.
|
|
|
|
.Pp
|
|
|
|
Packets can be optionally prepended with the destination address as presented
|
|
|
|
to the network interface output routine
|
|
|
|
.Pq Sq Li tunoutput .
|
|
|
|
The destination address is in
|
|
|
|
.Sq Li struct sockaddr
|
2004-12-05 16:28:54 +03:00
|
|
|
format.
|
|
|
|
The actual length of the prepended address is in the member
|
1996-06-26 02:17:37 +04:00
|
|
|
.Sq Li sa_len .
|
|
|
|
The packet data follows immediately.
|
|
|
|
A
|
|
|
|
.Xr write 2
|
|
|
|
call passes a packet in to be
|
|
|
|
.Dq received
|
2004-12-05 16:28:54 +03:00
|
|
|
on the pseudo-interface.
|
|
|
|
Each
|
1996-06-26 02:17:37 +04:00
|
|
|
.Fn write
|
|
|
|
call supplies exactly one packet; the packet length is taken from the
|
|
|
|
amount of data provided to
|
|
|
|
.Fn write .
|
|
|
|
Writes will not block; if the packet cannot be accepted for a
|
|
|
|
transient reason
|
|
|
|
.Pq e.g., no buffer space available ,
|
|
|
|
it is silently dropped; if the reason is not transient
|
|
|
|
.Pq e.g., packet too large ,
|
|
|
|
an error is returned.
|
|
|
|
If
|
|
|
|
.Dq link-layer mode
|
|
|
|
is on
|
|
|
|
.Pq see Dv TUNSLMODE No below ,
|
|
|
|
the actual packet data must be preceded by a
|
|
|
|
.Sq Li struct sockaddr .
|
|
|
|
The driver currently only inspects the
|
|
|
|
.Sq Li sa_family
|
|
|
|
field.
|
|
|
|
The following
|
|
|
|
.Xr ioctl 2
|
|
|
|
calls are supported
|
2002-08-20 19:47:46 +04:00
|
|
|
.Pq defined in Aq Pa net/if_tun.h :
|
1996-06-26 02:17:37 +04:00
|
|
|
.Bl -tag -width TUNSIFMODE
|
|
|
|
.It Dv TUNSDEBUG
|
|
|
|
The argument should be a pointer to an
|
|
|
|
.Va int ;
|
2004-12-05 16:28:54 +03:00
|
|
|
this sets the internal debugging variable to that value.
|
|
|
|
What, if anything, this variable controls is not documented here;
|
|
|
|
see the source code.
|
1996-06-26 02:17:37 +04:00
|
|
|
.It Dv TUNGDEBUG
|
|
|
|
The argument should be a pointer to an
|
|
|
|
.Va int ;
|
|
|
|
this stores the internal debugging variable's value into it.
|
|
|
|
.It Dv TUNSIFMODE
|
|
|
|
The argument should be a pointer to an
|
|
|
|
.Va int ;
|
1997-09-25 17:14:46 +04:00
|
|
|
its value must be either
|
1996-06-26 02:17:37 +04:00
|
|
|
.Dv IFF_POINTOPOINT
|
|
|
|
or
|
2001-09-12 02:52:52 +04:00
|
|
|
.Dv IFF_BROADCAST
|
1997-09-25 17:14:46 +04:00
|
|
|
(optionally
|
|
|
|
.Dv IFF_MULTICAST
|
2004-12-05 16:28:54 +03:00
|
|
|
may be or'ed into the value).
|
|
|
|
The type of the corresponding
|
1996-06-26 02:17:37 +04:00
|
|
|
.Em tun Ns Sy n
|
2004-12-05 16:28:54 +03:00
|
|
|
interface is set to the supplied type.
|
|
|
|
If the value is anything else, an
|
1996-06-26 02:17:37 +04:00
|
|
|
.Er EINVAL
|
2004-12-05 16:28:54 +03:00
|
|
|
error occurs.
|
|
|
|
The interface must be down at the time; if it is up, an
|
1996-06-26 02:17:37 +04:00
|
|
|
.Er EBUSY
|
|
|
|
error occurs.
|
|
|
|
.It Dv TUNSLMODE
|
|
|
|
The argument should be a pointer to an
|
|
|
|
.Va int ;
|
|
|
|
a non-zero value turns on
|
|
|
|
.Dq link-layer
|
|
|
|
mode, causing packets read from the tunnel device to be prepended with
|
|
|
|
network destination address.
|
|
|
|
.It Dv FIONBIO
|
|
|
|
Turn non-blocking I/O for reads off or on, according as the argument
|
|
|
|
.Va int Ns 's
|
|
|
|
value is or isn't zero
|
|
|
|
.Pq Writes are always nonblocking .
|
|
|
|
.It Dv FIOASYNC
|
|
|
|
Turn asynchronous I/O for reads
|
|
|
|
.Po
|
|
|
|
i.e., generation of
|
|
|
|
.Dv SIGIO
|
|
|
|
when data is available to be read
|
|
|
|
.Pc off or on, according as the argument
|
|
|
|
.Va int Ns 's
|
|
|
|
value is or isn't zero.
|
|
|
|
.It Dv FIONREAD
|
|
|
|
If any packets are queued to be read, store the size of the first one
|
|
|
|
into the argument
|
|
|
|
.Va int ;
|
|
|
|
otherwise, store zero.
|
|
|
|
.It Dv TIOCSPGRP
|
|
|
|
Set the process group to receive
|
|
|
|
.Dv SIGIO
|
|
|
|
signals, when asynchronous I/O is enabled, to the argument
|
|
|
|
.Va int
|
|
|
|
value.
|
|
|
|
.It Dv TIOCGPGRP
|
|
|
|
Retrieve the process group value for
|
|
|
|
.Dv SIGIO
|
|
|
|
signals into the argument
|
|
|
|
.Va int
|
|
|
|
value.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
The control device also supports
|
|
|
|
.Xr select 2
|
|
|
|
for read; selecting for write is pointless, and always succeeds, since
|
|
|
|
writes are always non-blocking.
|
|
|
|
.Pp
|
|
|
|
On the last close of the data device, by default, the interface is
|
|
|
|
brought down
|
|
|
|
.Po as if with
|
|
|
|
.Dq ifconfig tun Ns Sy n No down
|
|
|
|
.Pc .
|
|
|
|
All queued packets are thrown away.
|
1998-05-06 04:03:02 +04:00
|
|
|
If the interface is up when the data device is not open
|
|
|
|
output packets are always thrown away rather than letting
|
|
|
|
them pile up.
|
1996-06-26 02:17:37 +04:00
|
|
|
.Sh SEE ALSO
|
2001-09-22 20:36:21 +04:00
|
|
|
.Xr inet 4 ,
|
|
|
|
.Xr intro 4
|
1996-06-26 02:17:37 +04:00
|
|
|
.Sh BUGS
|
2000-12-12 21:15:38 +03:00
|
|
|
Currently is IPv4-only.
|