search for: sys_tun_open

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

.../misc.c --- openssh-4.3p2.orig/misc.c 2006-01-31 05:49:28.000000000 -0500 +++ openssh-4.3p2/misc.c 2006-08-25 09:01:31.000000000 -0400 @@ -579,12 +579,15 @@ return -1; } +#if defined(SSH_TUN_LINUX) int -tun_open(int tun, int mode) +tun_open(int tun, int mode, uid_t uid) { -#if defined(CUSTOM_SYS_TUN_OPEN) - return (sys_tun_open(tun, mode)); + return (sys_tun_open(tun, mode, uid)); #elif defined(SSH_TUN_OPENBSD) +int +tun_open(int tun, int mode) +{ struct ifreq ifr; char name[100]; int fd = -1, sock; diff -Nurd openssh-4.3p2.orig/misc.h openssh-4.3p2/misc.h --- openssh-4.3p2.orig/misc.h 2006-...

If an ssh server receives a successful inbound ssh connection with 'ssh -w' without a tunnel number specified (i.e. in 'any' mode), it allocates the next tunnel device available on the server. The next thing the server needs to do is to set up the tunnel device. How does the server know which tunnel device was set up by the current connection? I'd really like something

...6.000000000 -0800 @@ -26,6 +26,7 @@ * settings. * * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device * SSH_TUN_COMPAT_AF Translate the OpenBSD address family * SSH_TUN_PREPEND_AF Prepend/remove the address family */ @@ -93,7 +94,10 @@ sys_tun_open(int tun, int mode) #ifdef SSH_TUN_FREEBSD #include <sys/socket.h> #include <net/if.h> + +#if !defined(SSH_TUN_PREPEND_AF) #include <net/if_tun.h> +#endif int sys_tun_open(int tun, int mode)

On Wed, 15 Jul 2020, Peter Stuge wrote: > is GPL-licensed, so a derivative of that can't be integrated into OpenSSH. A derivative of it, that exposes a general API to do tap-device-like things using stdio and command line options, could be called over its general API from OpenSSH though. Even be developed separately (this would, in fact, even help). bye, //mirabilos -- ?MyISAM tables

...eroTierOne project released a program <https://github.com/zerotier/ZeroTierOne/blob/master/osdep/MacEthernetTapAgent.c> which can interact with a feth interface through stdin and stdout. Since ssh uses file descriptors for all of its tunnels, I think a similar program could be used in the ssh sys_tun_open logic to interact with a feth interface on macOS. I have not yet gone far enough to try and integrate the ZeroTierOne code with my own ssh build, but I'm curious what thoughts others may have on this mailing list. One nice improvement of doing something like this in ssh would be removing the r...

...t goebel-consult.de When using "Tunnel ethernet", the client always uses the next available device number. Options like "-w 11" or "-w 11:any" are ignored. This makes "Tunnel ethernet" unusable. Debug-output seam okay: debug1: Requesting tun. debug1: sys_tun_open: tap7 mode 2 fd 7 debug1: channel 1: new [tun] but 'ifconfig -a' reports: tap11 Link encap:Ethernet Hardware Adresse .... BROADCAST MULTICAST MTU:1500 Metric:1 ... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are...

...gging output debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] Device tap7 does not seem to be present, delaying initialization. debug1: Entering interactive session. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Requesting tun. debug1: sys_tun_open: tap7 mode 2 fd 7 debug1: channel 1: new [tun] The "Device tap7 does not seem ..." message is from the LocalCommand. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...is cleared but does not return to prompt <ctrl-C> Killed by signal 2. ctrl-D does not work. Running ssh with -vvv has shown that as soon as authentication succeeds ssh requests tun device: debug1: Authentication succeeded (publickey). debug1: Requesting tun unit 2147483647 in mode 1 debug1: sys_tun_open: tunnel mode 1 fd 4 debug2: fd 4 setting O_NONBLOCK debug3: fd 4 is O_NONBLOCK debug1: channel 0: new [tun] debug1: channel 1: new [client-session] debug3: ssh_session2_open: channel_new: 1 debug2: channel 1: send open and after I exit from shell can not close it: debug2: channel 1: rcvd eof debu...

..., I'm probably not the best person to ask this. I really just deal with network performance issues. You should try the OpenSSH development group. I've cc:'d that group on this message. However, a quick look at the code shows that you'd only be getting that warning if both CUSTOM_SYS_TUN_OPEN and SSH_TUN_OPENBSD are not defined. Grep on the first define we find the following in the change log (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable again by providing a sys_tun_open() function for your platform and setting the CUSTOM_SYS_TUN_OPEN define. More work is requ...

...06) check for open tun/tap device Freebsd allows a non-root user to open a tap device (net.link.tap.user_open=1) at which point it can be marked up automatically (net.link.tap.up_on_open=1) so that root access is not required to get a functioning tap server side. #ifdef SSH_TUN_FREEBSD version of sys_tun_open in openbsd-compat/port-tun.c dosen't allow for this. It will successfully open a tap for non-root but will then attempt to IFF_UP which will fail. Test if the interface is already marked up and leave alone if it is. At this time, up on open is only available to tap devices. -- Configure bu...

...think there's much we can do about these without abandoning earlier OS releases. > - struct monitor declared in ssh_sandbox_init() parameter list > (sandbox-darwin.c) Missing monitor.h include. Harmless (it's never used), now fixed. > - set-but-unused 'flag' variable in sys_tun_open() (port-tun.c) True, the code that uses it is inside an ifdef. Might look at this later. > On Void Linux (which uses LibreSSL, for what it's worth): unable to compile > due to undeclared arc4random*() functions. The symbols exist in libcrypto > so configure's tests for them pas...

...len 172 debug2: input_userauth_pk_ok: fp <hex> debug3: sign_and_send_pubkey: ECDSA <hex> debug1: read PEM private key done: type ECDSA debug1: Authentication succeeded (publickey). Authenticated to <IP> ([<IP>]:38613). debug1: Requesting tun unit 2147483647 in mode 2 debug1: sys_tun_open: tunnel mode 2 fd 4 debug2: fd 4 setting O_NONBLOCK debug3: fd 4 is O_NONBLOCK debug1: channel 0: new [tun] debug1: setting up multiplex master socket debug3: muxserver_listen: temporary control path <hidden> debug2: fd 5 setting O_NONBLOCK debug3: fd 5 is O_NONBLOCK debug3: fd 5 is O_NONBLOC...

Hi, OpenSSH 7.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is