diff options
| author | SeokYeon Hwang <syeon.hwang@samsung.com> | 2017-12-15 15:50:33 +0900 |
|---|---|---|
| committer | SeokYeon Hwang <syeon.hwang@samsung.com> | 2017-12-15 15:50:33 +0900 |
| commit | 8267ac2731d75939dea24b4d5b8dee1a2c257744 (patch) | |
| tree | 765f895ffaceaab370279364a6b4f24703767603 | |
| parent | 5e6b709a694568fb77a54ee2c62989275f5e48dd (diff) | |
| parent | d2e2d581de12bc46816ee292d2031877e5e45172 (diff) | |
| download | tuntaposx-tizen_studio.tar.gz tuntaposx-tizen_studio.tar.bz2 tuntaposx-tizen_studio.zip | |
Merge remote-tracking branch 'opensrc' into tizen_studiotizen_studio
59 files changed, 7125 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2d9c558 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.DS_Store +*.o +src/tap/tap +tap.kext/ diff --git a/COPYING.BSD2 b/COPYING.BSD2 new file mode 100644 index 0000000..e220bd6 --- /dev/null +++ b/COPYING.BSD2 @@ -0,0 +1,27 @@ +Copyright (c) 2015 - 2017 Samsung Electronics Co., Ltd. + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + diff --git a/Changelog b/Changelog new file mode 100644 index 0000000..264bcc0 --- /dev/null +++ b/Changelog @@ -0,0 +1,158 @@ + +January 18, 2015: + o Update documentation to reflect removal of startup items. + +November 4, 2014: + o Generate a LINK_ON event on MAC address changes. This works around a problem + with the DHCP client implementation using a stale MAC address after updating + the network interface's address. + o Update compilation to only produce 64 bit binaries, which is appropriate for + Mavericks and onwards. + o Modernize package generation to use pkgbuild and productbuild. + o Replace the startup items with launchd jobs. + o Code signatures for the kernel extensions as well as the installer, the + signed extensions now work on Mavericks and Yosemite. + o Add extra synchronization in tap.kext to avoid a kernel crash triggered by + quickly re-attaching an interface. + o Fix MTU enforcement calculation when writing to the character device. + +November 1, 2011: + o Make the netmask address family fix work without knowledge of the struct + ifaddr definition. This fixes a crash on Lion, where the layout of the + structure has been changed, but at the cost of the fix no longer working for + IPv6. I think this is OK though, since mDNSResponder has been fixed on + Leopard and beyond to no longer require the hack. + o Proper multicast address checking for tun; multicast should now work reliably + with IP and IPv6 on tun also. + o A quite comprehensive test suite has been added that allows for quick release + testing. + o PPC support has been dropped due to XCode 4 no longer supporting PPC arch. + +September 13, 2009: + o Change linker options to produce 64 bit kext bundle for Snow Leopard. + o Switch from kmem_alloc and friends to OSAlloc for memory allocation and + avoid the delay() call. Respective symbols are not available on 64 bit + kernels anymore. + +September 5, 2009: + o Initial Snow Leopard port. Thanks to various people contributing patches in + the bugtracker. The new official version can only be compiled on Snow + Leopard but has been tested to work on all Tiger, Leopard and Snow Leopard + o Clean up unused locking code and switch to rwlocks even for simple mutexes, + which avoids a symbol incompatibility for Tiger and Leopard. + o Clean up compilation flags in the Makefiles. + +July 4, 2008: + o Adapt the former Leopard package to also be installable on Tiger systems. + This obsoletes the Tiger version, both Leopard and Tiger are now supported + by a single package. + +June 7, 2008: + o Protect the selwakeup() call by the lock. This fixes incorrect select() + behaviour, thanks to Roland Wendelin for reporting this. + o Fix tuntap_mbuf_queue::size initialization + o Use a proper wait condition for synchronization when detaching the network + interface. The old code would crash if the if_detached() handler was called + from a different thread than unregister_interface(). + +January 21, 2008: + o Work around an issue in the Darwin kernel. When unregistering an interface, + addresses are not properly removed from the interface. This leads to + crashes and other problems when reusing the interface. Introduce an ugly + hack that tries to remove all interface addresses when shutting the + interface down. + o Fix a small mbuf leak that could occur when the output queue was full. + Thanks to Oleg Dolgov for reporting this. + +December 21, 2007: + o Fix paths in the startup item postflight scripts + o Check if_ioctl arguments more defensively after a report of a panic after + receiving a NULL arg. + +November 14, 2007: + o I have done a complete rework of the installer package generation. The + package is now edited in PackageMaker. The distribution package can still + be built from the commandline though. + o Fix incorrect permission & ownership of the installed files. + +Oktober 11, 2007: + o Fix the permissions of the postflight scripts. Installer packages should work + again. + o Drop the kmod and kmodc++ in the linker command, they seem to be unneeded + with Leopard. + +September 20, 2007: + o Initial Leopard port, it's basically the latest Tiger version with some + Leopard-related fixes and s/Tiger/Leopard/g + o I have switched to a proper version management system (git) and could + remove some of the CVS hacks subsequently. + o The installation packages have been reworked a bit, they now install into + /System/Extensions and /System/StartupItems directly by using + DestinationPaths. + +May 13, 2006: + o This version is not stable, it may crash, sorry. + o Universal binaries that run on ppc and intel macs. + o Adds tap MAC address randomization + o Redesigned locking. + o Better multicast support + o mDNSResponder workaround, so that the tap interfaces should get picked up + now. Note that we are fixing ifconfig/kernel behaviour here. + o All tapX and tunX devices are visible in /dev at all times, network + interfaces still created dynamically, though. + o Startup items moved to /Library/StartupItems + +May 17, 2005: + o Initial Tiger port. We now have KPI-style interfaces. I guess the Tiger + version is little slower than the Panther version because of all the + wrapping and hiding in the kernel. + o The kernel extensions moved to /Library/Extensions. That is the place where + non-Apple kexts are supposed to live. + +April 21, 2005: + o I added support in tun for AF prepending like some BSDs do. Thanks to Dennis + kSchneider for mailing the initial patch. You can also set the value of + AF_INET6 to be used. + o I finally found that major bug causing crashes (especially on multiprocessor + machines). It also caused a memory leak (lost mbufs), and might have caused + performance/througput/data-loss problems. Everyone is recommended to upgrade. + +April 6, 2005: + o I rewrote the common part concerning the tun and tap initialization and + cleanup. This should make the code more maintainable (less duplication). + o The devices now reinitialize to the state they were started in when they + are closed by an application. This concerns IP addresses for example. + o I changed the package building system to use PackageMaker.app in batch + mode. The packages also check for version 10.3 now, so nobody should be + able to install tun/tap on 10.2 using installer packages. Furthermore I + have sprinkled some warnings telling you not to use tun/tap on SMP machines + over the installation process ;-) + o Some minor locking fixes. + +November 19, 2004: + o Jamie Wood reported that the packet queue in the driver could be considered + empty even if there were packets in it. This was probably caused by a + synchronization problem that should be fixed now. People encountering + timeouts etc. should try the new version. + o I finally implemented support for changing the interface MTU. The driver + enforces the MTU when writing packets to the character device now. However, + packets coming from the kernel are not checked. + +September 9, 2004: + o Marcello Teodori told me that the tun driver wasn't working with openvpn. + The problem was the fcntl call, fixed that. Should work now. Thanks + Marcello! + o changed the tun driver not to prepend the address family field before each + and every packet (which is the behaviour of OpenBSD). As there is currently + only IPv4 and IPv6 support there is no problem with the standard tun + approach used on other OSes. This should make the driver much more + compatible. + o Did a script and makefile support so that the installer packages can now be + built from the command prompt. Unfortunately this might break things + someday as I am not using the 'official' way to build the packages + o Cleaned up installer packages a little. + +August 24, 2004: + o initial version put online + o basic tun/tap support, tap working with qemu + @@ -0,0 +1,79 @@ +Building +======== + +If you want to build the tun/tap drivers, make sure you have Apple's Developer +Tools installed. Then from the top of the tun/tap source tree issue + + # make + +This will build the driver kexts and place them as tap.kext and tun.kext in the +top tun/tap directory. + + +Installing +========== + +Note that OS X will refuse to load kernel extensions if they are not owned by +root. So you can install the two kexts directly in /Library/Extensions: + + # sudo make install + +Note that this also installs launchd jobs to automatically load the kexts at +boot. No need to reboot now though, the kexts can be loaded using kextload: + + # kextload /Library/Extensions/tap.kext/ + kextload: /Library/Extensions/tap.kext/ loaded successfully + # kextload /Library/Extensions/tun.kext/ + kextload: /Library/Extensions/tun.kext/ loaded successfully + +Note that this will only work if your system allows running kernel extensions +that lack a digital signature. See below for more. + +I have also included the files used to build the installer packages in the +directory pkg. They can be made by + + # make pkg + + +Code signing +============ + +Beginning with 10.10, Apple requires all kernel extensions to carry a valid +digital signature from a certified developer. This means your locally built +kernel extensions will only work if (1) you disable kext signature checks for +your system or (2) you acquire a developer certificate with kernel extension +signing powers and sign your extensions. + +#1 has obvious security implications and is not recommended, but may be +acceptable temporarily for testing changes. If you do have a suitable +certificate, here is how you can get the build scripts generate signatures: + +1) Export your private signing key and corresponding certificate to a + PKCS#12 file that replaces the identity.p12 file in the tuntap + source directory. + +2) Run + + # make keysetup + + This will prompt you for your passphrase, decrypt the identity.p12 + file and import its contents into a temporary keychain. The keychain + is configured to use a randomly-generated password and to lock after + 60 seconds. This means your keys are now available without further + password prompts for the next 60 seconds. + +3) (Re-)Build the kernel extensions as usual: + + # make clean all + + If this fails saying "User interaction is not allowed.", the timeout to lock + the temporary keychain created in step #2 has fired already. Re-run step #2 + and retry. If you want to switch back to building unsigned kernel + extensions, just remove the .signing_identity and .installer_identity files. + +4) Note that the installer package created by the pkg target will also be + signed if a suitable signing key is available in the identity.p12 file. + + +This is all I have to say at the moment, feel free send mail for any bug +reports, problems and suggestions you have at <mattias.nissler@gmx.de>. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..7d05954 --- /dev/null +++ b/Makefile @@ -0,0 +1,97 @@ +# Lets have a version, at last! +TUNTAP_VERSION = 20150118 + +# BASE install directory +BASE= + +all: tap.kext tun.kext + +keysetup: + -security delete-keychain net.sf.tuntaposx.tmp + security create-keychain -p $$(head -c 32 /dev/urandom | hexdump -e '"%02x"') \ + net.sf.tuntaposx.tmp + security set-keychain-settings -lut 60 net.sf.tuntaposx.tmp + security import identity.p12 -k net.sf.tuntaposx.tmp -f pkcs12 \ + -P $$(read -sp 'identity passphrase: ' pw && echo "$$pw") -A + security find-identity -v net.sf.tuntaposx.tmp | \ + awk -F \" '$$2 ~ /^Developer ID Application:/ { print $$2 }' > .signing_identity + security find-identity -v net.sf.tuntaposx.tmp | \ + awk -F \" '$$2 ~ /^Developer ID Installer:/ { print $$2 }' > .installer_identity + +pkgbuild/%.pkg: %.kext + mkdir -p pkgbuild/$*_root/Library/Extensions + cp -pR $*.kext pkgbuild/$*_root/Library/Extensions + mkdir -p pkgbuild/$*_root/Library/LaunchDaemons + cp pkg/launchd/net.sf.tuntaposx.$*.plist pkgbuild/$*_root/Library/LaunchDaemons + pkgbuild --root pkgbuild/$*_root \ + --component-plist pkg/components/$*.plist \ + --scripts pkg/scripts/$* pkgbuild/$*.pkg + +tuntap_$(TUNTAP_VERSION).pkg: pkgbuild/tap.pkg pkgbuild/tun.pkg + productbuild --distribution pkg/distribution.xml --package-path pkgbuild \ + --resources pkg/res.dummy \ + tuntap_$(TUNTAP_VERSION).pkg ; \ + pkgutil --expand tuntap_$(TUNTAP_VERSION).pkg pkgbuild/tuntap_pkg.d + cp -pR pkg/res/ pkgbuild/tuntap_pkg.d/Resources + pkgutil --flatten pkgbuild/tuntap_pkg.d tuntap_$(TUNTAP_VERSION).pkg + if test -s ".installer_identity"; then \ + productsign --sign "$$(cat .installer_identity)" --keychain net.sf.tuntaposx.tmp \ + tuntap_$(TUNTAP_VERSION).pkg tuntap_$(TUNTAP_VERSION).pkg.signed ; \ + mv tuntap_$(TUNTAP_VERSION).pkg.signed tuntap_$(TUNTAP_VERSION).pkg ; \ + fi + +pkg: tuntap_$(TUNTAP_VERSION).pkg + tar czf tuntap_$(TUNTAP_VERSION).tar.gz \ + README.installer README tuntap_$(TUNTAP_VERSION).pkg + +# Install targets +# They are provided for the gentoo ebuild, but should work just fine for other people as well. +install_%_kext: %.kext + mkdir -p $(BASE)/Library/Extensions + cp -pR $*.kext $(BASE)/Library/Extensions/ + chown -R root:wheel $(BASE)/Library/Extensions/$*.kext + mkdir -p $(BASE)/Library/LaunchDaemons + cp pkg/launchd/net.sf.tuntaposx.$*.plist $(BASE)/Library/LaunchDaemons + chown -R root:wheel $(BASE)/Library/LaunchDaemons/net.sf.tuntaposx.$*.plist + +install: install_tap_kext + +tarball: clean + touch tuntap_$(TUNTAP_VERSION)_src.tar.gz + tar czf tuntap_$(TUNTAP_VERSION)_src.tar.gz \ + -C .. \ + --exclude "tuntap/identity.p12" \ + --exclude "tuntap/tuntap_$(TUNTAP_VERSION)_src.tar.gz" \ + --exclude "tuntap/tuntap_$(TUNTAP_VERSION).tar.gz" \ + --exclude "tuntap/tuntap_$(TUNTAP_VERSION).pkg" \ + --exclude "*/.*" \ + tuntap + +clean: + cd src/tap && make -f Makefile clean + cd src/tun && make -f Makefile clean + -rm -rf pkgbuild + -rm -rf tuntap_$(TUNTAP_VERSION).pkg + -rm -f tuntap_$(TUNTAP_VERSION).tar.gz + -rm -f tuntap_$(TUNTAP_VERSION)_src.tar.gz + +%.kext: + cd src/$* && make TUNTAP_VERSION=$(TUNTAP_VERSION) -f Makefile all + + cp pkg/launchd/net.sf.tuntaposx.$*.plist $*.kext/Contents/ + if test -s ".signing_identity"; then \ + codesign -fv --keychain net.sf.tuntaposx.tmp -s "$$(cat .signing_identity)" \ + $*.kext ; \ + fi + +test: + # configd messes with interface flags, issuing SIOCSIFFLAGS ioctls upon receiving kernel + # events indicating protocols have been attached and detached. Unfortunately, configd does + # this asynchronously, making the SIOCSIFFLAGS changes totally unpredictable when we bring + # our interfaces up and down in rapid succession during our tests. I haven't found a good + # way to suppress or handle this mess other than disabling configd temporarily. + killall -STOP configd + -PYTHONPATH=test python test/tuntap/tuntap_tests.py --tests='$(TESTS)' + killall -CONT configd + +.PHONY: test @@ -0,0 +1,83 @@ +tun/tap driver for Mac OS X +=========================== + +This is an experimental IP tunnel/ethertap driver for Mac OS X/Darwin. It +provides /dev/tunX and /dev/tapX devices. The maximum number of devices can be +configured at compile time, it is currently set to 16. That should be enough in +most cases. + +The driver ships as two kernel extensions, one for tap and one for tun. They are +located in /Library/Extensions and can also be loaded and unloaded by hand. The +distribution also contains launchd jobs that will automatically load the kernel +extensions at system startup. + +Operation & Programming notes +============================= + +tapX are ethertap devices which provide an interface to the kernel's ethernet +layer. Packets can be read from and written to the /dev/tapX character devices +one at a time (same name as the interface that shows up in ifconfig). + +tunX are IP tunnel devices. These can be used to exchange IP packets with the +kernel. You will get single packets for each read() and should write() packets +one at a time to /dev/tunX. + +There are some special ioctls with the tun devices that allow you to have them +prepend the address family of the packet when reading it from /dev/tunX. Using +this mode the driver also expects you put this 4-byte address family field +(network byte order) in front of the packets you write to /dev/tunX. + +Here are the ioctls to setup up address prepending mode (for convenience there +also is a header called tun_ioctls.h in the source package that you can use) +Set the int argument to one if you want to have AF prepending, use 0 if you want +to switch it off. + +#define TUNSIFHEAD _IOW('t', 96, int) +#define TUNGIFHEAD _IOR('t', 97, int) + +Prepending mode is off by default. Currently it is not recommended to switch the +mode while packets are in flight on the device. + +The character devices are always visible in the filesystem as /dev/tunX and +/dev/tapX. The number of available character devices is a compile time constant +and is currently fixed to 16. Each character device is associated with a +network interface of the same name. The network interface is only created when +the corresponding character device is opened by a program and will be removed +when the character device is closed. + +The character devices currently provide a pretty minimal interface. Whole +packets are read and written using a singe read/write call. File descriptors +opened on the devices can also be select()ed and support O_NONBLOCK. +Asynchronous I/O and some ioctls are currently unimplemented, but implementing +them shouldn't be very hard. Do it yourself or contact me if you can't live +without. + +There is another limitation imposed by the Darwin 8 kernel. It concerns the +poll() system call; Darwin currently does *not* support that for (character) +devices. Use select() instead. + +The interfaces can be configured using ifconfig, the tap devices also support +setting the MAC address to be used. Both tun and tap should be ready for IPv6. +Just setup addresses and routing as you would do with other interfaces. + +Please contact me if you find any bugs or have suggestions. + +Enjoy! + +Mattias +<mattias.nissler@gmx.de> + + +Uninstalling +============ + +The installer packages for OS X currently don't have support for uninstall as +the installer doesn't provide it. Remove the following files and directories if +you want to completely remove all the files installed: + +/Library/Extensions/tap.kext +/Library/Extensions/tun.kext +/Library/LaunchDaemons/net.sf.tuntaposx.tap.plist +/Library/LaunchDaemons/net.sf.tuntaposx.tun.plist + +Unload the the kernel extensions or reboot and you're done. diff --git a/README.installer b/README.installer new file mode 100644 index 0000000..c71551f --- /dev/null +++ b/README.installer @@ -0,0 +1,6 @@ +tun/tap driver installer +======================== + +This binary distribution contains a single installer package. Just open it to +install TunTap on your computer. The installer allows to customize which parts +of the package are installed in case you only need either tun or tap. diff --git a/package/build.macos b/package/build.macos new file mode 100755 index 0000000..604a748 --- /dev/null +++ b/package/build.macos @@ -0,0 +1,55 @@ +#!/bin/bash -xe +# clean +clean() +{ + cd "$SRCDIR" + make clean + rm -rf "$SRCDIR"/*.zip + rm -rf "$SRCDIR"/*.tar.gz +} + +# build +build() +{ + cd "$SRCDIR" + make tap.kext + if [ $? -eq 0 ] + then + echo "build success" + else + echo "build failure" + exit 1 + fi +} + +# install +install() +{ + TOOL_ETC_DIR="$SRCDIR/package/tuntaposx.package.${TARGET_OS}/data/tools/emulator/etc" + + mkdir -p "$TOOL_ETC_DIR" + + cd "$SRCDIR" + + make + + mv tap.kext "$TOOL_ETC_DIR/" + + codesign --deep -f -s "$DEVID_SE_KEXT" -v "$TOOL_ETC_DIR/tap.kext" + CODESIGN_RET=$? + echo $CODESIGN_RET + if [ "$CODESIGN_RET" = "0" ]; then + echo "The signature is valid" + else + echo "The signature is invalid : return value = $CODESIGN_RET" + exit 1 + fi + ditto -c -k --sequesterRsrc --keepParent "$TOOL_ETC_DIR/tap.kext" "$TOOL_ETC_DIR/tap.zip" + rm -rf "$TOOL_ETC_DIR/tap.kext" +} + +[ "$1" = "clean" ] && clean +[ "$1" = "build" ] && build +[ "$1" = "install" ] && install + +echo "success" diff --git a/package/changelog b/package/changelog new file mode 100644 index 0000000..9bb560d --- /dev/null +++ b/package/changelog @@ -0,0 +1,27 @@ +* 1.1.5 +- add license +== Kyoungwon Park <kw0712.park@samsung.com> 2017-09-01 +* 1.1.4 +- update version for new build environment +== Munkyu Im <munkyu.im@samsung.com> 2017-05-12 +* 1.1.3 +- update version to sync up +== Munkyu Im <munkyu.im@samsung.com> 2016-11-22 +* 1.1.2 +- change plist files +== Munkyu Im <munkyu.im@samsung.com> 2016-06-22 +* 1.1.1 +- revert install script +== Munkyu Im <munkyu.im@samsung.com> 2016-06-17 +* 1.0.7 +- add ditto job +== Munkyu Im <munkyu.im@samsung.com> 2015-11-17 +* 1.0.6 +- modify codesign +== Munkyu Im <munkyu.im@samsung.com> 2015-08-31 +* 1.0.5 +- add codesign +== Munkyu Im <munkyu.im@samsung.com> 2015-08-19 +* 1.0.4 +- initialize tuntaposx +== Munkyu Im <munkyu.im@samsung.com> 2015-07-09 diff --git a/package/pkginfo.manifest b/package/pkginfo.manifest new file mode 100644 index 0000000..5b7379b --- /dev/null +++ b/package/pkginfo.manifest @@ -0,0 +1,8 @@ +Version: 1.1.5 +Maintainer: Munkyu Im <munkyu.im@samsung.com> +Source: emulator + +Package: tuntaposx +OS: macos-64 +Build-host-os: macos-64 +Description: tuntap for supporting bridged network diff --git a/package/tuntaposx.install.macos-64 b/package/tuntaposx.install.macos-64 new file mode 100755 index 0000000..88287d8 --- /dev/null +++ b/package/tuntaposx.install.macos-64 @@ -0,0 +1,16 @@ +#!/bin/sh -e +TIZEN_SDK_INSTALL_PATH="`echo $INSTALLED_PATH`" +TIZEN_TOOL_ETC_PATH=$TIZEN_SDK_INSTALL_PATH/tools/emulator/etc + +if [ -f "${TIZEN_TOOL_ETC_PATH}/tap.zip" ];then + ditto -x -k "${TIZEN_TOOL_ETC_PATH}/tap.zip" "${TIZEN_TOOL_ETC_PATH}" + rm -f "${TIZEN_TOOL_ETC_PATH}/tap.zip" +else + echo "\"${TIZEN_TOOL_ETC_PATH}\"/tap.zip does not exist!" + exit 1 +fi + +if [ ! -d "${TIZEN_TOOL_ETC_PATH}/tap.kext" ];then + echo "tap.kext directory does not exist!" + exit 1 +fi diff --git a/pkg/components/tap.plist b/pkg/components/tap.plist new file mode 100644 index 0000000..2433358 --- /dev/null +++ b/pkg/components/tap.plist @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<array> + <dict> + <key>BundleIsVersionChecked</key> + <true/> + <key>BundleOverwriteAction</key> + <string>upgrade</string> + <key>RootRelativeBundlePath</key> + <string>Library/Extensions/tap.kext</string> + </dict> +</array> +</plist> diff --git a/pkg/components/tun.plist b/pkg/components/tun.plist new file mode 100644 index 0000000..1e81a28 --- /dev/null +++ b/pkg/components/tun.plist @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<array> + <dict> + <key>BundleIsVersionChecked</key> + <true/> + <key>BundleOverwriteAction</key> + <string>upgrade</string> + <key>RootRelativeBundlePath</key> + <string>Library/Extensions/tun.kext</string> + </dict> +</array> +</plist> diff --git a/pkg/distribution.xml b/pkg/distribution.xml new file mode 100644 index 0000000..9f2956e --- /dev/null +++ b/pkg/distribution.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8" standalone="no"?> +<installer-gui-script minSpecVersion="1"> + <title>TunTap Installer package</title> + <options customize="allow" require-scripts="false" hostArchitectures="x86_64"/> + <domains enable_anywhere="false" enable_currentUserHome="false" enable_localSystem="true"/> + <os-version min="10.9"/> + <welcome file="welcome.rtfd" mime="text/rtfd"/> + <license file="license.rtfd" mime="text/rtfd"/> + <pkg-ref id="tap" auth="root">tap.pkg</pkg-ref> + <pkg-ref id="tun" auth="root">tun.pkg</pkg-ref> + <choices-outline> + <line choice="tap"/> + <line choice="tun"/> + </choices-outline> + <choice id="tap" title="Ethertap kernel extension" description="The ethertap kernel extensions allows applications to connect simulated ethernet segments to the kernel via virtual ethernet interfaces."> + <pkg-ref id="tap"/> + </choice> + <choice id="tun" title="IP Tunnel kernel extension" description="Provides virtual network interfaces allowing applications to exchange IP packets with the kernel."> + <pkg-ref id="tun"/> + </choice> +</installer-gui-script> diff --git a/pkg/launchd/net.sf.tuntaposx.tap.plist b/pkg/launchd/net.sf.tuntaposx.tap.plist new file mode 100644 index 0000000..f4d7cb7 --- /dev/null +++ b/pkg/launchd/net.sf.tuntaposx.tap.plist @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>Label</key> + <string>net.sf.tuntaposx.tap</string> + <key>ProgramArguments</key> + <array> + <string>/sbin/kextload</string> + <string>/Library/Extensions/tap.kext</string> + </array> + <key>KeepAlive</key> + <false/> + <key>RunAtLoad</key> + <true/> + <key>UserName</key> + <string>root</string> +</dict> +</plist> diff --git a/pkg/launchd/net.sf.tuntaposx.tun.plist b/pkg/launchd/net.sf.tuntaposx.tun.plist new file mode 100644 index 0000000..97a5009 --- /dev/null +++ b/pkg/launchd/net.sf.tuntaposx.tun.plist @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>Label</key> + <string>net.sf.tuntaposx.tun</string> + <key>ProgramArguments</key> + <array> + <string>/sbin/kextload</string> + <string>/Library/Extensions/tun.kext</string> + </array> + <key>KeepAlive</key> + <false/> + <key>RunAtLoad</key> + <true/> + <key>UserName</key> + <string>root</string> +</dict> +</plist> diff --git a/pkg/res.dummy/license.rtfd b/pkg/res.dummy/license.rtfd new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/pkg/res.dummy/license.rtfd diff --git a/pkg/res.dummy/welcome.rtfd b/pkg/res.dummy/welcome.rtfd new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/pkg/res.dummy/welcome.rtfd diff --git a/pkg/res/license.rtfd/TXT.rtf b/pkg/res/license.rtfd/TXT.rtf new file mode 100644 index 0000000..79b50dc --- /dev/null +++ b/pkg/res/license.rtfd/TXT.rtf @@ -0,0 +1,18 @@ +{\rtf1\ansi\ansicpg1252\cocoartf949 +{\fonttbl\f0\fswiss\fcharset0 Helvetica;} +{\colortbl;\red255\green255\blue255;} +{\*\listtable{\list\listtemplateid1\listhybrid{\listlevel\levelnfc0\levelnfcn0\leveljc2\leveljcn2\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{decimal\}.}{\leveltext\leveltemplateid0\'02\'05.;}{\levelnumbers\'01;}}{\listname ;}\listid1}} +{\*\listoverridetable{\listoverride\listid1\listoverridecount0\ls1}} +\paperw11900\paperh16840\margl1440\margr1440\vieww9000\viewh8400\viewkind0 +\deftab720 +\pard\pardeftab720\sa320\ql\qnatural + +\f0\fs28 \cf0 tun/tap driver for Mac OS X\uc0\u8232 Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de>\ +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:\ +\pard\tx220\tx720\pardeftab720\li720\fi-720\ql\qnatural +\ls1\ilvl0\cf0 {\listtext 1. }Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.\ +{\listtext 2. }Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.\ +{\listtext 3. }The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.\ +\ +\pard\pardeftab720\sa320\ql\qnatural +\cf0 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.} diff --git a/pkg/res/welcome.rtfd/TXT.rtf b/pkg/res/welcome.rtfd/TXT.rtf new file mode 100644 index 0000000..feba31f --- /dev/null +++ b/pkg/res/welcome.rtfd/TXT.rtf @@ -0,0 +1,14 @@ +{\rtf1\ansi\ansicpg1252\cocoartf949 +{\fonttbl\f0\fswiss\fcharset0 Helvetica;} +{\colortbl;\red255\green255\blue255;} +\paperw11900\paperh16840\margl1440\margr1440\vieww9000\viewh8400\viewkind0 +\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\tx9000\ri500\ql\qnatural\pardirnatural + +\f0\fs28 \cf0 This will install the TunTap software on your computer. It provides IP Tunnel and ethertap kernel extensions.\ +\ +TunTap software is free (as in "free beer" as well as "freedom"). If you like it, you can support further development by donating money. In order to do so just click the image below.\ +\ +\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural\pardirnatural +{\field{\*\fldinst{HYPERLINK "https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=mattias%2enissler%40gmx%2ede&item_name=TunTap%20driver%20development%20donations&no_shipping=1&no_note=1&tax=0¤cy_code=EUR&bn=PP%2dDonationsBF&charset=UTF%2d8"}}{\fldrslt +\fs24 \cf0 {{\NeXTGraphic paypal_button.gif \width1240 \height620 +}¬}}}} diff --git a/pkg/res/welcome.rtfd/paypal_button.gif b/pkg/res/welcome.rtfd/paypal_button.gif Binary files differnew file mode 100644 index 0000000..14c37d3 --- /dev/null +++ b/pkg/res/welcome.rtfd/paypal_button.gif diff --git a/pkg/scripts/tap/postinstall b/pkg/scripts/tap/postinstall new file mode 100755 index 0000000..73a2da4 --- /dev/null +++ b/pkg/scripts/tap/postinstall @@ -0,0 +1,15 @@ +#!/bin/sh + +# Old versions resided in /System/Library, remove. +rm -rf /System/Library/Extensions/tap.kext + +# Remove startup item installed by old versions. +rm -rf /Library/StartupItems/tap + +# Unload an old extension (might fail). +kextunload -b foo.tap +kextunload -b net.sf.tuntaposx.tap + +# Load the new version. +kextload /Library/Extensions/tap.kext + diff --git a/pkg/scripts/tun/postinstall b/pkg/scripts/tun/postinstall new file mode 100755 index 0000000..195c362 --- /dev/null +++ b/pkg/scripts/tun/postinstall @@ -0,0 +1,15 @@ +#!/bin/sh + +# Old versions resided in /System/Library, remove. +rm -rf /System/Library/Extensions/tun.kext + +# Remove startup item installed by old versions. +rm -rf /Library/StartupItems/tun + +# Unload an old extension (might fail). +kextunload -b foo.tun +kextunload -b net.sf.tuntaposx.tun + +# Load the new version. +kextload /Library/Extensions/tun.kext + diff --git a/src/lock.cc b/src/lock.cc new file mode 100644 index 0000000..9c78783 --- /dev/null +++ b/src/lock.cc @@ -0,0 +1,206 @@ +/* + * ip tunnel/ethertap device for MacOSX. + * + * Locking implementation. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "lock.h" + +extern "C" { + +#include <kern/clock.h> + +#include <sys/syslog.h> +#include <sys/proc.h> + +} + +#if 0 +#define dprintf(...) log(LOG_INFO, __VA_ARGS__) +#else +#define dprintf(...) +#endif + +/* class tt_lock */ +lck_grp_t *tt_lock::tt_lck_grp = NULL; + +bool +tt_lock::initialize() +{ + /* init if necessary */ + if (tt_lck_grp == NULL) { + dprintf("initing lock group\n"); + tt_lck_grp = lck_grp_alloc_init("tuntap locks", LCK_GRP_ATTR_NULL); + + if (tt_lck_grp == NULL) { + /* if something fails, the lock won't work */ + log(LOG_ERR, "tuntap: could not allocate locking group\n"); + return false; + } + } + + return true; +} + +void +tt_lock::shutdown() +{ + /* free the locking group */ + if (tt_lck_grp != NULL) { + dprintf("freeing lock group\n"); + lck_grp_free(tt_lck_grp); + tt_lck_grp = NULL; + } +} + +/* tt_mutex */ +tt_mutex::tt_mutex() +{ + /* fail if locking group not initialized */ + if (tt_lck_grp == NULL) + return; + + /* allocate the lock */ + lck = lck_rw_alloc_init(tt_lck_grp, NULL); + + if (lck == NULL) + log(LOG_ERR, "tuntap: could not allocate mutex\n"); +} + +tt_mutex::~tt_mutex() +{ + /* if the lock doesn't exist, this will be a no-op */ + if (lck == NULL) + return; + + /* free the lock */ + lck_rw_free(lck, tt_lck_grp); +} + +void +tt_mutex::lock() +{ + if (lck != NULL) + lck_rw_lock_exclusive(lck); +} + +void +tt_mutex::unlock() +{ + if (lck != NULL) + lck_rw_unlock_exclusive(lck); +} + +void +tt_mutex::sleep(void *cond) +{ + if (lck != NULL) + lck_rw_sleep(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE); +} + +void +tt_mutex::sleep(void *cond, uint64_t nanoseconds) +{ + if (lck != NULL) { + uint64_t abstime; + nanoseconds_to_absolutetime(nanoseconds, &abstime); + lck_rw_sleep_deadline(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE, abstime); + } +} + +void +tt_mutex::wakeup(void *cond) +{ + if (lck != NULL) + ::wakeup(cond); +} + +/* tt_gate */ +tt_gate::tt_gate() + : ticket_number(0), + population(0) +{ +} + +void +tt_gate::enter() +{ + /* just try to grab the lock, increase the ticket number and the population */ + auto_lock l(&slock); + ticket_number++; + population++; +} + +void +tt_gate::exit() +{ + auto_lock l(&slock); + ticket_number--; + population--; +} + +bool +tt_gate::is_anyone_in() +{ + return population != 0; +} + +unsigned int +tt_gate::get_ticket_number() +{ + return ticket_number; +} + +void +tt_gate::lock() +{ + slock.lock(); +} + +void +tt_gate::unlock() +{ + slock.unlock(); +} + +void +tt_gate::sleep(void* cond) +{ + slock.sleep(cond); +} + +void +tt_gate::sleep(void* cond, uint64_t nanoseconds) +{ + slock.sleep(cond, nanoseconds); +} + +void +tt_gate::wakeup(void* cond) +{ + slock.wakeup(cond); +} + diff --git a/src/lock.h b/src/lock.h new file mode 100644 index 0000000..51d3299 --- /dev/null +++ b/src/lock.h @@ -0,0 +1,160 @@ +/* + * ip tunnel/ethertap device for MacOSX. + * + * Locking is not as straightforward for Tiger. So declare our own locking class. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __LOCK_H__ +#define __LOCK_H__ + +extern "C" { + +#include <kern/locks.h> +#include <sys/param.h> + +} + +/* our own locking class. declares the common interface of the locking primitives. */ +class tt_lock { + + protected: + /* locking group */ + static lck_grp_t *tt_lck_grp; + + public: + /* be virtual */ + virtual ~tt_lock() { }; + + /* static intialization (inits the locking group) */ + static bool initialize(); + static void shutdown(); + + /* locking */ + virtual void lock() = 0; + virtual void unlock() = 0; + + /* monitor primitives */ + virtual void sleep(void* cond) = 0; + virtual void sleep(void* cond, uint64_t) = 0; + virtual void wakeup(void* cond) = 0; +}; + +/* simple mutex */ +class tt_mutex : public tt_lock { + + private: + /* underlying darwin lock */ + lck_rw_t *lck; + + public: + tt_mutex(); + virtual ~tt_mutex(); + + void lock(); + void unlock(); + + /* monitor primitives */ + void sleep(void* cond); + void sleep(void* cond, uint64_t); + void wakeup(void* cond); +}; + +/* A very special locking class that we use to track threads that enter and leave the character + * device service functions. They call enter() before entering the actual service routinge and + * exit() when done. enter() only permits them to pass when the gate isn't locked. Furthermore, the + * gate assigns ticket numbers to everyone that passes the gate, so you can check whether more + * threads came through. See tuntap_mgr::shutdown() for how we use that stuff. + */ +class tt_gate : public tt_lock { + + private: + /* synchronization lock */ + tt_mutex slock; + /* ticket number */ + unsigned int ticket_number; + /* count of threads that are in */ + unsigned int population; + + public: + /* construct a new gate */ + tt_gate(); + + /* enter - pass the gate */ + void enter(); + /* exit - pass the gate */ + void exit(); + + /* check whether anyone is in */ + bool is_anyone_in(); + /* gets the next ticket number */ + unsigned int get_ticket_number(); + + /* lock the gate */ + void lock(); + /* unlock the gate */ + void unlock(); + + /* monitor primitives */ + void sleep(void* cond); + void sleep(void* cond, uint64_t); + void wakeup(void* cond); +}; + +/* auto_lock and auto_rwlock serve as automatic lock managers: Create an object, passing the + * tt_[rw]lock you want to lock to have it grab the lock. When the object goes out of scope, the + * destructor of the class will release the lock. + */ +class auto_lock { + + protected: + /* the lock we hold */ + tt_lock *l; + + public: + auto_lock(tt_lock *m) + : l(m) + { + lock(); + } + + ~auto_lock() + { + unlock(); + } + + void lock() + { + l->lock(); + } + + void unlock() + { + l->unlock(); + } +}; + +#endif /* __LOCK_H__ */ + diff --git a/src/mem.cc b/src/mem.cc new file mode 100644 index 0000000..cd3264f --- /dev/null +++ b/src/mem.cc @@ -0,0 +1,76 @@ +/* + * ip tunnel/ethertap device for MacOSX. Common functionality of tap_interface and tun_interface. + * + * Memory management implementation. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "mem.h" + +extern "C" { + +#include <libkern/OSMalloc.h> + +} + +#if 0 +#define dprintf(...) log(LOG_INFO, __VA_ARGS__) +#else +#define dprintf(...) +#endif + +static int inited = 0; +static OSMallocTag tag; + +void +mem_initialize(const char* name) { + + if (!inited) { + tag = OSMalloc_Tagalloc(name, OSMT_DEFAULT); + inited = 1; + } +} + +void +mem_shutdown() { + + if (inited) { + OSMalloc_Tagfree(tag); + inited = 0; + } +} + +void * +mem_alloc(uint32_t size) { + + return OSMalloc(size, tag); +} + +void +mem_free(void *addr, uint32_t size) { + + OSFree(addr, size, tag); +} + diff --git a/src/mem.h b/src/mem.h new file mode 100644 index 0000000..4d06fd8 --- /dev/null +++ b/src/mem.h @@ -0,0 +1,48 @@ +/* + * ip tunnel/ethertap device for MacOSX. Common functionality of tap_interface and tun_interface. + * + * Memory management. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __MEM_H__ +#define __MEM_H__ + +extern "C" { + +#include <stdint.h> + +} + +/* Memory manager initalization and shutdown */ +void mem_initialize(const char *name); +void mem_shutdown(); + +/* Memory allocation functions */ +void *mem_alloc(uint32_t size); +void mem_free(void *addr, uint32_t size); + +#endif /* __MEM_H__ */ + diff --git a/src/tap/Info.plist b/src/tap/Info.plist new file mode 100644 index 0000000..7e9b768 --- /dev/null +++ b/src/tap/Info.plist @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>CFBundleDevelopmentRegion</key> + <string>@@CFBUNDLEDEVELOPMENTREGION@@</string> + <key>CFBundleExecutable</key> + <string>@@CFBUNDLEEXECUTABLE@@</string> + <key>CFBundleIdentifier</key> + <string>@@CFBUNDLEIDENTIFIER@@</string> + <key>CFBundleInfoDictionaryVersion</key> + <string>6.0</string> + <key>CFBundleName</key> + <string>@@CFBUNDLEEXECUTABLE@@</string> + <key>CFBundlePackageType</key> + <string>@@CFBUNDLEPACKAGETYPE@@</string> + <key>CFBundleShortVersionString</key> + <string>@@CFBUNDLEVERSION@@</string> + <key>CFBundleSignature</key> + <string>@@CFBUNDLESIGNATURE@@</string> + <key>CFBundleVersion</key> + <string>1.0</string> + <key>CFBundlePackageType</key> + <string>APPL</string> + <key>OSBundleLibraries</key> + <dict> + <key>com.apple.kpi.mach</key> + <string>8.0</string> + <key>com.apple.kpi.bsd</key> + <string>8.0</string> + <key>com.apple.kpi.libkern</key> + <string>8.0</string> + <key>com.apple.kpi.unsupported</key> + <string>8.0</string> + </dict> +</dict> +</plist> + diff --git a/src/tap/Makefile b/src/tap/Makefile new file mode 100644 index 0000000..6fc1e20 --- /dev/null +++ b/src/tap/Makefile @@ -0,0 +1,60 @@ +# +# ethertap driver for MacOSX +# +# Makefile +# +# (c) 2004, 2005, 2006, 2007, 2008 Mattias Nissler +# + +OBJS = ../tuntap.o ../tuntap_mgr.o ../lock.o ../mem.o kmod.o tap.o +KMOD_BIN = tap +BUNDLE_DIR = ../.. +BUNDLE_NAME = tap.kext + +TAP_KEXT_VERSION = $(TUNTAP_VERSION) + +BUNDLE_REGION = English +BUNDLE_IDENTIFIER = net.sf.tuntaposx.tap +BUNDLE_SIGNATURE = ???? +BUNDLE_PACKAGETYPE = KEXT +BUNDLE_VERSION = $(TAP_KEXT_VERSION) + +INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Versions/A/Headers +CFLAGS = -Wall -Werror -mkernel -force_cpusubtype_ALL \ + -nostdinc -fno-builtin -fno-stack-protector -msoft-float -fno-common \ + -arch x86_64 \ + -DKERNEL -DAPPLE -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \ + -DTAP_KEXT_VERSION=\"$(TAP_KEXT_VERSION)\" +CCFLAGS = $(CFLAGS) +LDFLAGS = -Wall -Werror -arch x86_64 -Xlinker -kext -nostdlib -lkmodc++ -lkmod -lcc_kext + +CCP = clang -x c++ +CC = clang -x c +LD = clang + +all: $(KMOD_BIN) bundle + +.c.o: + $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ +.cc.o: + $(CCP) $(CCFLAGS) $(INCLUDE) -c $< -o $@ + +$(KMOD_BIN): $(OBJS) + $(LD) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS) + +bundle: $(KMOD_BIN) + rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME) + mkdir -p $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/MacOS + cp $(KMOD_BIN) $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/MacOS + sed -e "s/@@CFBUNDLEEXECUTABLE@@/$(KMOD_BIN)/" \ + -e "s/@@CFBUNDLEDEVELOPMENTREGION@@/$(BUNDLE_REGION)/" \ + -e "s/@@CFBUNDLEIDENTIFIER@@/$(BUNDLE_IDENTIFIER)/" \ + -e "s/@@CFBUNDLESIGNATURE@@/$(BUNDLE_SIGNATURE)/" \ + -e "s/@@CFBUNDLEPACKAGETYPE@@/$(BUNDLE_PACKAGETYPE)/" \ + -e "s/@@CFBUNDLEVERSION@@/$(BUNDLE_VERSION)/" \ + Info.plist > $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/Info.plist + +clean: + -rm -f $(OBJS) $(KMOD_BIN) + -rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME) + diff --git a/src/tap/kmod.cc b/src/tap/kmod.cc new file mode 100644 index 0000000..f9c4a40 --- /dev/null +++ b/src/tap/kmod.cc @@ -0,0 +1,93 @@ +/* + * ethertap device for MacOSX. + * + * Kext definition (it is a mach kmod really...) + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tap.h" +#include "mem.h" + +extern "C" { + +#include <sys/param.h> + +#include <mach/kmod.h> + +static tap_manager *mgr; + +/* + * start function. called when the kext gets loaded. + */ +static kern_return_t tap_module_start(struct kmod_info *ki, void *data) +{ + mem_initialize(TAP_FAMILY_NAME); + + /* initialize locking */ + if (!tt_lock::initialize()) + return KMOD_RETURN_FAILURE; + + /* create a tap manager that will handle the rest */ + mgr = new tap_manager(); + + if (mgr != NULL) { + if (mgr->initialize(TAP_IF_COUNT, (char *) TAP_FAMILY_NAME)) + return KMOD_RETURN_SUCCESS; + + delete mgr; + mgr = NULL; + /* clean up locking */ + tt_lock::shutdown(); + } + + return KMOD_RETURN_FAILURE; +} + +/* + * stop function. called when the kext should be unloaded. unloading can be prevented by + * returning failure + */ +static kern_return_t tap_module_stop(struct kmod_info *ki, void *data) +{ + if (mgr != NULL) { + if (!mgr->shutdown()) + return KMOD_RETURN_FAILURE; + + delete mgr; + mgr = NULL; + } + + /* clean up locking */ + tt_lock::shutdown(); + + mem_shutdown(); + + return KMOD_RETURN_SUCCESS; +} + +KMOD_DECL(tap, TAP_KEXT_VERSION) + +} + diff --git a/src/tap/tap.cc b/src/tap/tap.cc new file mode 100644 index 0000000..b348a85 --- /dev/null +++ b/src/tap/tap.cc @@ -0,0 +1,533 @@ +/* + * ethertap device for macosx. + * + * tap_interface class definition + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tap.h" + +extern "C" { + +#include <sys/systm.h> +#include <sys/syslog.h> +#include <sys/param.h> +#include <sys/sockio.h> +#include <sys/random.h> +#include <sys/kern_event.h> + +#include <mach/thread_policy.h> + +#include <net/if_types.h> +#include <net/if_arp.h> +#include <net/if_dl.h> +#include <net/if_media.h> +#include <net/dlil.h> +#include <net/ethernet.h> + +} + +#if 0 +#define dprintf(...) log(LOG_INFO, __VA_ARGS__) +#else +#define dprintf(...) +#endif + +// These declarations are missing in the Kernel.framework headers, put present in userspace :-/ +#pragma pack(4) +struct ifmediareq { + char ifm_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + int ifm_current; /* current media options */ + int ifm_mask; /* don't care mask */ + int ifm_status; /* media status */ + int ifm_active; /* active options */ + int ifm_count; /* # entries in ifm_ulist array */ + int *ifm_ulist; /* media words */ +}; + +struct ifmediareq64 { + char ifm_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + int ifm_current; /* current media options */ + int ifm_mask; /* don't care mask */ + int ifm_status; /* media status */ + int ifm_active; /* active options */ + int ifm_count; /* # entries in ifm_ulist array */ + user64_addr_t ifmu_ulist __attribute__((aligned(8))); +}; + +struct ifmediareq32 { + char ifm_name[IFNAMSIZ]; /* if name, e.g. "en0" */ + int ifm_current; /* current media options */ + int ifm_mask; /* don't care mask */ + int ifm_status; /* media status */ + int ifm_active; /* active options */ + int ifm_count; /* # entries in ifm_ulist array */ + user32_addr_t ifmu_ulist; /* 32-bit pointer */ +}; +#pragma pack() + +#define SIOCGIFMEDIA32 _IOWR('i', 56, struct ifmediareq32) /* get net media */ +#define SIOCGIFMEDIA64 _IOWR('i', 56, struct ifmediareq64) /* get net media (64-bit) */ + +/* thread_policy_set is exported in Mach.kext, but commented in mach/thread_policy.h in the + * Kernel.Framework headers (why?). Add a local declaration to work around that. + */ +extern "C" { +kern_return_t thread_policy_set( + thread_t thread, + thread_policy_flavor_t flavor, + thread_policy_t policy_info, + mach_msg_type_number_t count); +} + +static unsigned char ETHER_BROADCAST_ADDR[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; + +/* members */ +tap_interface::tap_interface() { + bzero(attached_protos, sizeof(attached_protos)); + input_thread = THREAD_NULL; +} + +bool +tap_interface::initialize(unsigned short major, unsigned short unit) +{ + this->unit = unit; + this->family_name = TAP_FAMILY_NAME; + this->family = IFNET_FAMILY_ETHERNET; + this->type = IFT_ETHER; + bzero(unique_id, UIDLEN); + snprintf(unique_id, UIDLEN, "%s%d", family_name, unit); + + dprintf("tap: starting interface %s%d\n", TAP_FAMILY_NAME, unit); + + /* register character device */ + if (!tuntap_interface::register_chardev(major)) + return false; + + return true; +} + +void +tap_interface::shutdown() +{ + dprintf("tap: shutting down tap interface %s%d\n", TAP_FAMILY_NAME, unit); + + unregister_chardev(); +} + +int +tap_interface::initialize_interface() +{ + struct sockaddr_dl lladdr; + lladdr.sdl_len = sizeof(lladdr); + lladdr.sdl_family = AF_LINK; + lladdr.sdl_alen = ETHER_ADDR_LEN; + lladdr.sdl_nlen = lladdr.sdl_slen = 0; + + /* generate a random MAC address */ + read_random(LLADDR(&lladdr), ETHER_ADDR_LEN); + + /* clear multicast bit and set local assignment bit (see IEEE 802) */ + (LLADDR(&lladdr))[0] &= 0xfe; + (LLADDR(&lladdr))[0] |= 0x02; + + dprintf("tap: random tap address: %02x:%02x:%02x:%02x:%02x:%02x\n", + (LLADDR(&lladdr))[0] & 0xff, + (LLADDR(&lladdr))[1] & 0xff, + (LLADDR(&lladdr))[2] & 0xff, + (LLADDR(&lladdr))[3] & 0xff, + (LLADDR(&lladdr))[4] & 0xff, + (LLADDR(&lladdr))[5] & 0xff); + + /* register interface */ + if (!tuntap_interface::register_interface(&lladdr, ETHER_BROADCAST_ADDR, ETHER_ADDR_LEN)) + return EIO; + + /* Set link level address. Yes, we need to do that again. Darwin sucks. */ + errno_t err = ifnet_set_lladdr(ifp, LLADDR(&lladdr), ETHER_ADDR_LEN); + if (err) + dprintf("tap: failed to set lladdr on %s%d: %d\n", family_name, unit, err); + + /* set mtu */ + ifnet_set_mtu(ifp, TAP_MTU); + /* set header length */ + ifnet_set_hdrlen(ifp, sizeof(struct ether_header)); + /* add the broadcast flag */ + ifnet_set_flags(ifp, IFF_BROADCAST, IFF_BROADCAST); + + /* we must call bpfattach(). Otherwise we deadlock BPF while unloading. Seems to be a bug in + * the kernel, see bpfdetach() in net/bpf.c, it will return without releasing the lock if + * the interface wasn't attached. I wonder what they were smoking while writing it ;-) + */ + bpfattach(ifp, DLT_EN10MB, ifnet_hdrlen(ifp)); + + /* Inject an empty packet to trigger the input thread calling demux(), which will unblock + * thread_sync_lock. This is part of a hack to avoid a kernel crash on re-attaching + * interfaces, see comment in shutdown_interface for more information. + */ + mbuf_t empty_mbuf; + mbuf_gethdr(MBUF_WAITOK, MBUF_TYPE_DATA, &empty_mbuf); + if (empty_mbuf != NULL) { + mbuf_pkthdr_setrcvif(empty_mbuf, ifp); + mbuf_pkthdr_setlen(empty_mbuf, 0); + mbuf_pkthdr_setheader(empty_mbuf, mbuf_data(empty_mbuf)); + mbuf_set_csum_performed(empty_mbuf, 0, 0); + if (ifnet_input(ifp, empty_mbuf, NULL) == 0) { + auto_lock l(&thread_sync_lock); + for (int i = 0; i < 100 && input_thread == THREAD_NULL; ++i) { + dprintf("input thread not found, waiting...\n"); + thread_sync_lock.sleep(&input_thread, 10000000); + } + } else { + mbuf_freem(empty_mbuf); + } + } + if (input_thread == THREAD_NULL) + dprintf("Failed to determine input thread!\n"); + + return 0; +} + +void +tap_interface::shutdown_interface() +{ + dprintf("tap: shutting down network interface of device %s%d\n", TAP_FAMILY_NAME, unit); + + /* detach all protocols */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].used) { + errno_t err = ifnet_detach_protocol(ifp, attached_protos[i].proto); + if (err) + log(LOG_WARNING, "tap: could not detach protocol %d from %s%d\n", + attached_protos[i].proto, TAP_FAMILY_NAME, unit); + } + } + + cleanup_interface(); + unregister_interface(); + + /* There's a race condition in the kernel that may cause crashes when quickly re-attaching + * interfaces. The crash happens when the interface gets re-attached before the input thread + * for the interface managed to terminate, in which case an assert on the input_waiting flag + * to be clear triggers in ifnet_attach. The bug is really that there's no synchronization + * for terminating the input thread. To work around this, the following code does add the + * missing synchronization to wait for the input thread to terminate. Of course, threading + * primitives available to kexts are few, and I'm not aware of a way to wait for a thread to + * terminate. Hence, the code calls thread_policy_set (passing bogus parameters) in a loop, + * until it returns KERN_TERMINATED. Since this is all rather fragile, there's an upper + * limit on the loop iteratations we're willing to make, so this terminates eventually even + * if things change on the kernel side eventually. + */ + if (input_thread != THREAD_NULL) { + dprintf("Waiting for input thread...\n"); + kern_return_t result = 0; + for (int i = 0; i < 100; ++i) { + result = thread_policy_set(input_thread, -1, NULL, 0); + dprintf("thread_policy_set result: %d\n", result); + if (result == KERN_TERMINATED) { + dprintf("Input thread terminated.\n"); + thread_deallocate(input_thread); + input_thread = THREAD_NULL; + break; + } + + auto_lock l(&thread_sync_lock); + thread_sync_lock.sleep(&input_thread, 10000000); + } + } +} + +errno_t +tap_interface::if_ioctl(u_int32_t cmd, void *arg) +{ + dprintf("tap: if_ioctl cmd: %d (%x)\n", cmd & 0xff, cmd); + + switch (cmd) { + case SIOCSIFLLADDR: + { + /* set ethernet address */ + struct sockaddr *ea = &(((struct ifreq *) arg)->ifr_addr); + + dprintf("tap: SIOCSIFLLADDR family %d len %d\n", + ea->sa_family, ea->sa_len); + + /* check if it is really an ethernet address */ + if (ea->sa_family != AF_LINK || ea->sa_len != ETHER_ADDR_LEN) + return EINVAL; + + /* ok, copy */ + errno_t err = ifnet_set_lladdr(ifp, ea->sa_data, ETHER_ADDR_LEN); + if (err) { + dprintf("tap: failed to set lladdr on %s%d: %d\n", + family_name, unit, err); + return err; + } + + /* Generate a LINK_ON event. This necessary for configd to re-read + * the interface data and refresh the MAC address. Not doing so + * would result in the DHCP client using a stale MAC address... + */ + generate_link_event(KEV_DL_LINK_ON); + + return 0; + } + + case SIOCGIFMEDIA32: + case SIOCGIFMEDIA64: + { + struct ifmediareq *ifmr = (struct ifmediareq*) arg; + user_addr_t list = USER_ADDR_NULL; + + ifmr->ifm_current = IFM_ETHER; + ifmr->ifm_mask = 0; + ifmr->ifm_status = IFM_AVALID | IFM_ACTIVE; + ifmr->ifm_active = IFM_ETHER; + ifmr->ifm_count = 1; + + if (cmd == SIOCGIFMEDIA64) + list = ((struct ifmediareq64*) ifmr)->ifmu_ulist; + else + list = CAST_USER_ADDR_T( + ((struct ifmediareq32*) ifmr)->ifmu_ulist); + + if (list != USER_ADDR_NULL) + return copyout(&ifmr->ifm_current, list, sizeof(int)); + + return 0; + } + + default: + /* let our superclass handle it */ + return tuntap_interface::if_ioctl(cmd, arg); + } + + return EOPNOTSUPP; +} + +errno_t +tap_interface::if_demux(mbuf_t m, char *header, protocol_family_t *proto) +{ + struct ether_header *eh = (struct ether_header *) header; + unsigned char lladdr[ETHER_ADDR_LEN]; + + dprintf("tap: if_demux\n"); + + /* Make note of what input thread this interface is running on. This is part of a hack to + * avoid a crash on re-attaching interfaces, see comment in shutdown_interface for details. + */ + if (input_thread == THREAD_NULL) { + auto_lock l(&thread_sync_lock); + input_thread = current_thread(); + thread_reference(input_thread); + thread_sync_lock.wakeup(&input_thread); + } + + /* size check */ + if (mbuf_len(m) < sizeof(struct ether_header)) + return ENOENT; + + /* catch broadcast and multicast (stolen from bsd/net/ether_if_module.c) */ + if (eh->ether_dhost[0] & 1) { + if (memcmp(ETHER_BROADCAST_ADDR, eh->ether_dhost, ETHER_ADDR_LEN) == 0) { + /* broadcast */ + dprintf("tap: broadcast packet.\n"); + mbuf_setflags_mask(m, MBUF_BCAST, MBUF_BCAST); + } else { + /* multicast */ + dprintf("tap: multicast packet.\n"); + mbuf_setflags_mask(m, MBUF_MCAST, MBUF_MCAST); + } + } else { + /* check wether the packet has our address */ + ifnet_lladdr_copy_bytes(ifp, lladdr, ETHER_ADDR_LEN); + if (memcmp(lladdr, eh->ether_dhost, ETHER_ADDR_LEN) != 0) + mbuf_setflags_mask(m, MBUF_PROMISC, MBUF_PROMISC); + } + + /* find the protocol */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].used && attached_protos[i].type == eh->ether_type) { + *proto = attached_protos[i].proto; + return 0; + } + } + + dprintf("tap: if_demux() failed to find proto.\n"); + + /* no matching proto found */ + return ENOENT; +} + +errno_t +tap_interface::if_framer(mbuf_t *m, const struct sockaddr *dest, const char *dest_linkaddr, + const char *frame_type) +{ + struct ether_header *eh; + mbuf_t nm = *m; + errno_t err; + + dprintf("tap: if_framer\n"); + + /* prepend the ethernet header */ + err = mbuf_prepend(&nm, sizeof (struct ether_header), MBUF_WAITOK); + if (err) { + dprintf("tap: could not prepend data to mbuf: %d\n", err); + return err; + } + *m = nm; + + /* fill the header */ + eh = (struct ether_header *) mbuf_data(*m); + memcpy(eh->ether_dhost, dest_linkaddr, ETHER_ADDR_LEN); + ifnet_lladdr_copy_bytes(ifp, eh->ether_shost, ETHER_ADDR_LEN); + eh->ether_type = *((u_int16_t *) frame_type); + + return 0; +} + +errno_t +tap_interface::if_add_proto(protocol_family_t proto, const struct ifnet_demux_desc *desc, + u_int32_t ndesc) +{ + errno_t err; + + dprintf("tap: if_add_proto proto %d\n", proto); + + for (unsigned int i = 0; i < ndesc; i++) { + /* try to add the protocol */ + err = add_one_proto(proto, desc[i]); + if (err != 0) { + /* if that fails, remove everything stored so far */ + if_del_proto(proto); + return err; + } + } + + return 0; +} + +errno_t +tap_interface::if_del_proto(protocol_family_t proto) +{ + dprintf("tap: if_del_proto proto %d\n", proto); + + /* delete all matching entries in attached_protos */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].proto == proto) + attached_protos[i].used = false; + } + + return 0; +} + +errno_t +tap_interface::if_check_multi(const struct sockaddr *maddr) +{ + dprintf("tap: if_check_multi family %d\n", maddr->sa_family); + + /* see whether it is a ethernet address with the multicast bit set */ + if (maddr->sa_family == AF_LINK) { + struct sockaddr_dl *dlmaddr = (struct sockaddr_dl *) maddr; + if (LLADDR(dlmaddr)[0] & 0x01) + return 0; + else + return EADDRNOTAVAIL; + } + + return EOPNOTSUPP; +} + +errno_t +tap_interface::add_one_proto(protocol_family_t proto, const struct ifnet_demux_desc &dd) +{ + int free = -1; + u_int16_t dt; + + /* we only support DLIL_DESC_ETYPE2 */ + if (dd.type != DLIL_DESC_ETYPE2 || dd.datalen != 2) { + log(LOG_WARNING, "tap: tap only supports DLIL_DESC_ETYPE2 protocols.\n"); + return EINVAL; + } + + dt = *((u_int16_t *) (dd.data)); + + /* see if the protocol is already registered */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].used) { + if (dt == attached_protos[i].type) { + /* already registered */ + if (attached_protos[i].proto == proto) { + /* matches the old entry */ + return 0; + } else + return EEXIST; + } + } else if (free == -1) + free = i; + } + + /* did we find a free entry? */ + if (free == -1) + /* is ENOBUFS correct? */ + return ENOBUFS; + + /* ok, save information */ + attached_protos[free].used = true; + attached_protos[free].type = dt; + attached_protos[free].proto = proto; + + return 0; +} + +/* This code is shamelessly stolen from if_bond.c */ +void +tap_interface::generate_link_event(u_int32_t code) +{ + struct { + struct kern_event_msg header; + u_int32_t unit; + char if_name[IFNAMSIZ]; + } event; + + bzero(&event, sizeof(event)); + event.header.total_size = sizeof(event); + event.header.vendor_code = KEV_VENDOR_APPLE; + event.header.kev_class = KEV_NETWORK_CLASS; + event.header.kev_subclass = KEV_DL_SUBCLASS; + event.header.event_code = code; + event.header.event_data[0] = family; + event.unit = (u_int32_t) unit; + strncpy(event.if_name, ifnet_name(ifp), IFNAMSIZ); + + ifnet_event(ifp, &event.header); +} + +/* tap_manager members */ +tuntap_interface * +tap_manager::create_interface() +{ + return new tap_interface(); +} + diff --git a/src/tap/tap.h b/src/tap/tap.h new file mode 100644 index 0000000..d744c57 --- /dev/null +++ b/src/tap/tap.h @@ -0,0 +1,111 @@ +/* + * ethertap device for MacOSX. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TAP_H__ +#define __TAP_H__ + +#include "tuntap.h" + +extern "C" { + +#include <kern/thread.h> + +} + +#define TAP_FAMILY_NAME ((char *) "tap") +#define TAP_IF_COUNT 10 /* max number of tap interfaces */ +#define TAP_MTU 1500 +#define TAP_LLADDR tap_lladdr + +/* the mac address of our interfaces. note that the last byte will be replaced by the unit number */ +extern u_char tap_lladdr[]; + +/* tap manager */ +class tap_manager : public tuntap_manager { + + protected: + /* just define the interface creation method */ + virtual tuntap_interface *create_interface(); + +}; + +/* the tap network interface */ +class tap_interface : public tuntap_interface { + public: + tap_interface(); + + protected: + /* maximum number of protocols that can be attached */ + static const unsigned int MAX_ATTACHED_PROTOS = 8; + + /* information about attached protocols for demuxing is stored here */ + struct { + /* whether this entry is used */ + bool used; + /* type in the ethernet header */ + u_int16_t type; + /* protocol passed to add_proto */ + protocol_family_t proto; + } attached_protos[MAX_ATTACHED_PROTOS]; + + /* The input thread for the network interface. */ + thread_t input_thread; + + /* initializes the interface */ + virtual bool initialize(unsigned short major, unsigned short unit); + + /* shuts the interface down */ + virtual void shutdown(); + + /* called when the character device is opened in order to intialize the network + * interface. + */ + virtual int initialize_interface(); + /* called when the character device is closed to shutdown the network interface */ + virtual void shutdown_interface(); + + /* override interface routines */ + virtual errno_t if_ioctl(u_int32_t cmd, void *arg); + virtual errno_t if_demux(mbuf_t m, char *header, protocol_family_t *proto); + virtual errno_t if_framer(mbuf_t *m, const struct sockaddr *dest, + const char *dest_linkaddr, const char *frame_type); + virtual errno_t if_add_proto(protocol_family_t proto, + const struct ifnet_demux_desc *ddesc, u_int32_t ndesc); + virtual errno_t if_del_proto(protocol_family_t proto); + virtual errno_t if_check_multi(const struct sockaddr *maddr); + + /* if_add_proto helper */ + errno_t add_one_proto(protocol_family_t proto, const struct ifnet_demux_desc &dd); + + /* generates a kernel event */ + void generate_link_event(u_int32_t code); + + friend class tap_manager; +}; + +#endif /* __TAP_H__ */ + diff --git a/src/tun/Info.plist b/src/tun/Info.plist new file mode 100644 index 0000000..7e9b768 --- /dev/null +++ b/src/tun/Info.plist @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>CFBundleDevelopmentRegion</key> + <string>@@CFBUNDLEDEVELOPMENTREGION@@</string> + <key>CFBundleExecutable</key> + <string>@@CFBUNDLEEXECUTABLE@@</string> + <key>CFBundleIdentifier</key> + <string>@@CFBUNDLEIDENTIFIER@@</string> + <key>CFBundleInfoDictionaryVersion</key> + <string>6.0</string> + <key>CFBundleName</key> + <string>@@CFBUNDLEEXECUTABLE@@</string> + <key>CFBundlePackageType</key> + <string>@@CFBUNDLEPACKAGETYPE@@</string> + <key>CFBundleShortVersionString</key> + <string>@@CFBUNDLEVERSION@@</string> + <key>CFBundleSignature</key> + <string>@@CFBUNDLESIGNATURE@@</string> + <key>CFBundleVersion</key> + <string>1.0</string> + <key>CFBundlePackageType</key> + <string>APPL</string> + <key>OSBundleLibraries</key> + <dict> + <key>com.apple.kpi.mach</key> + <string>8.0</string> + <key>com.apple.kpi.bsd</key> + <string>8.0</string> + <key>com.apple.kpi.libkern</key> + <string>8.0</string> + <key>com.apple.kpi.unsupported</key> + <string>8.0</string> + </dict> +</dict> +</plist> + diff --git a/src/tun/Makefile b/src/tun/Makefile new file mode 100644 index 0000000..4437dc0 --- /dev/null +++ b/src/tun/Makefile @@ -0,0 +1,61 @@ +# +# ip tunnel/ethertap driver for MacOSX +# +# Makefile +# +# (c) 2004, 2005, 2006, 2007, 2008 Mattias Nissler +# + +OBJS = ../tuntap.o ../tuntap_mgr.o ../lock.o ../mem.o \ + kmod.o tun_inet_proto.o tun_inet6_proto.o tun.o +KMOD_BIN = tun +BUNDLE_DIR = ../.. +BUNDLE_NAME = tun.kext + +TUN_KEXT_VERSION = $(TUNTAP_VERSION) + +BUNDLE_REGION = English +BUNDLE_IDENTIFIER = net.sf.tuntaposx.tun +BUNDLE_SIGNATURE = ???? +BUNDLE_PACKAGETYPE = KEXT +BUNDLE_VERSION = $(TUN_KEXT_VERSION) + +INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Versions/A/Headers +CFLAGS = -Wall -Werror -mkernel -force_cpusubtype_ALL \ + -nostdinc -fno-builtin -fno-stack-protector -msoft-float -fno-common \ + -arch x86_64 \ + -DKERNEL -DAPPLE -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \ + -DTUN_KEXT_VERSION=\"$(TUN_KEXT_VERSION)\" +CCFLAGS = $(CFLAGS) +LDFLAGS = -Wall -Werror -arch x86_64 -Xlinker -kext -nostdlib -lkmodc++ -lkmod -lcc_kext + +CCP = clang -x c++ +CC = clang -x c +LD = clang + +all: $(KMOD_BIN) bundle + +.c.o: + $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ +.cc.o: + $(CCP) $(CCFLAGS) $(INCLUDE) -c $< -o $@ + +$(KMOD_BIN): $(OBJS) + $(LD) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS) + +bundle: $(KMOD_BIN) + rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME) + mkdir -p $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/MacOS + cp $(KMOD_BIN) $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/MacOS + sed -e "s/@@CFBUNDLEEXECUTABLE@@/$(KMOD_BIN)/" \ + -e "s/@@CFBUNDLEDEVELOPMENTREGION@@/$(BUNDLE_REGION)/" \ + -e "s/@@CFBUNDLEIDENTIFIER@@/$(BUNDLE_IDENTIFIER)/" \ + -e "s/@@CFBUNDLESIGNATURE@@/$(BUNDLE_SIGNATURE)/" \ + -e "s/@@CFBUNDLEPACKAGETYPE@@/$(BUNDLE_PACKAGETYPE)/" \ + -e "s/@@CFBUNDLEVERSION@@/$(BUNDLE_VERSION)/" \ + Info.plist > $(BUNDLE_DIR)/$(BUNDLE_NAME)/Contents/Info.plist + +clean: + -rm -f $(OBJS) $(KMOD_BIN) + -rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME) + diff --git a/src/tun/kmod.cc b/src/tun/kmod.cc new file mode 100644 index 0000000..1c08550 --- /dev/null +++ b/src/tun/kmod.cc @@ -0,0 +1,93 @@ +/* + * ip tunnel device for MacOSX. + * + * Kext definition (it is a mach kmod really...) + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tun.h" +#include "mem.h" + +extern "C" { + +#include <sys/param.h> + +#include <mach/kmod.h> + +static tun_manager *mgr; + +/* + * start function. called when the kext gets loaded. + */ +static kern_return_t tun_module_start(struct kmod_info *ki, void *data) +{ + mem_initialize(TUN_FAMILY_NAME); + + /* initialize locking */ + if (!tt_lock::initialize()) + return KMOD_RETURN_FAILURE; + + /* create a tun manager that will handle the rest */ + mgr = new tun_manager(); + + if (mgr != NULL) { + if (mgr->initialize(TUN_IF_COUNT, TUN_FAMILY_NAME)) + return KMOD_RETURN_SUCCESS; + + delete mgr; + mgr = NULL; + /* clean up locking */ + tt_lock::shutdown(); + } + + return KMOD_RETURN_FAILURE; +} + +/* + * stop function. called when the kext should be unloaded. unloading can be prevented by + * returning failure + */ +static kern_return_t tun_module_stop(struct kmod_info *ki, void *data) +{ + if (mgr != NULL) { + if (!mgr->shutdown()) + return KMOD_RETURN_FAILURE; + + delete mgr; + mgr = NULL; + } + + /* clean up locking */ + tt_lock::shutdown(); + + mem_shutdown(); + + return KMOD_RETURN_SUCCESS; +} + +KMOD_DECL(tun, TUN_KEXT_VERSION) + +} + diff --git a/src/tun/tun.cc b/src/tun/tun.cc new file mode 100644 index 0000000..9169438 --- /dev/null +++ b/src/tun/tun.cc @@ -0,0 +1,424 @@ +/* + * ip tunnel device for MacOSX. + * + * tun_interface class definition + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tun.h" + +extern "C" { + +#include <sys/syslog.h> +#include <sys/param.h> + +#include <net/if_types.h> +#include <net/kpi_protocol.h> + +#include <netinet/ip.h> + +} + +#if 0 +#define dprintf(...) log(LOG_INFO, __VA_ARGS__) +#else +#define dprintf(...) +#endif + +/* members */ +bool +tun_interface::initialize(unsigned short major, unsigned short unit) +{ + this->unit = unit; + this->family_name = TUN_FAMILY_NAME; + this->family = IFNET_FAMILY_TUN; + this->type = IFT_OTHER; + bzero(unique_id, UIDLEN); + snprintf(unique_id, UIDLEN, "%s%d", family_name, unit); + + dprintf("tun: starting interface %s%d\n", family_name, unit); + + /* register character device */ + if (!tuntap_interface::register_chardev(major)) + return false; + + return true; +} + +void +tun_interface::shutdown() +{ + dprintf("tun: shutting down interface %s%d\n", family_name, unit); + + unregister_chardev(); +} + +int +tun_interface::initialize_interface() +{ + prepend_af = false; + + /* register interface */ + if (!tuntap_interface::register_interface(NULL, NULL, 0)) + return EIO; + + /* set mtu */ + ifnet_set_mtu(ifp, TUN_MTU); + /* set header length */ + ifnet_set_hdrlen(ifp, 0); + /* add the pointopoint flag */ + ifnet_set_flags(ifp, IFF_POINTOPOINT, IFF_POINTOPOINT); + + /* we must call bpfattach(). Otherwise we deadlock BPF while unloading. Seems to be a bug in + * the kernel, see bpfdetach() in net/bpf.c, it will return without releasing the lock if + * the interface wasn't attached. I wonder what they were smoking while writing it ;-) + */ + bpfattach(ifp, DLT_NULL, sizeof(u_int32_t)); + + return 0; +} + +void +tun_interface::shutdown_interface() +{ + dprintf("tun: shutting down network interface of %s%d\n", family_name, unit); + + /* detach all protocols */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].used) { + errno_t err = ifnet_detach_protocol(ifp, attached_protos[i].proto); + if (err) + log(LOG_WARNING, "tun: could not detach protocol %d from %s%d\n", + attached_protos[i].proto, family_name, unit); + } + } + + cleanup_interface(); + unregister_interface(); +} + +void +tun_interface::notify_bpf(mbuf_t mb, bool out) +{ + auto_lock l(&bpf_lock); + + if ((out && bpf_mode == BPF_MODE_OUTPUT) + || (!out && bpf_mode == BPF_MODE_INPUT) + || (bpf_mode == BPF_MODE_INPUT_OUTPUT)) { + /* see wether AF is prepended */ + if (!prepend_af) { + mbuf_t dummy_mb; + struct ip *iphdr; + u_int32_t af; + u_int8_t ipv; + errno_t err; + + /* see what we have: IPv4 or IPv6 */ + iphdr = (struct ip*) mbuf_data(mb); +#ifdef _IP_VHL + ipv = IP_VHL_V(iphdr->ip_vhl); +#else + ipv = iphdr->ip_v; +#endif + if (ipv == 4) + af = AF_INET; + else if (ipv == 6) + af = AF_INET6; + else { + /* what to do? */ + log(LOG_WARNING, "tun: unsupported IP version %d.\n", ipv); + return; + } + + /* prepend a dummy header */ + err = mbuf_get(MBUF_WAITOK, MBUF_TYPE_DATA, &dummy_mb); + if (err) { + log(LOG_WARNING, "tun: could not allocate temporary mbuf: %d\n", + err); + return; + } + + mbuf_setnext(dummy_mb, mb); + mbuf_setlen(dummy_mb, sizeof(u_int32_t)); + *((u_int32_t *) mbuf_data(dummy_mb)) = htonl(af); + + /* call bpf */ + (*bpf_callback)(ifp, dummy_mb); + + /* free the dummy mbuf */ + mbuf_free(dummy_mb); + } else { + /* just pass it through */ + (*bpf_callback)(ifp, mb); + } + } +} + +int +tun_interface::cdev_ioctl(u_long cmd, caddr_t data, int fflag, proc_t p) +{ + int error; + + /* if the superclass handles it, we're done */ + error = tuntap_interface::cdev_ioctl(cmd, data, fflag, p); + if (!error) + return 0; + + switch (cmd) { + case TUNSIFHEAD: + prepend_af = *((int *) data) ? true : false; + /* adjust header length. see tuntap_interface::cdev_write */ + ifnet_set_hdrlen(ifp, prepend_af ? sizeof(u_int32_t) : 0); + return 0; + case TUNGIFHEAD: + *((int *) data) = prepend_af; + return 0; + } + + return ENOTTY; +} + +errno_t +tun_interface::if_demux(mbuf_t m, char *header, protocol_family_t *proto) +{ + u_int32_t family; + + dprintf("tun: demux\n"); + + /* size check */ + if (mbuf_len(m) < sizeof(u_int32_t)) + return ENOENT; + + /* if we are prepending AF for output, we expect to also have it at the beginning of + * incoming packets */ + if (!prepend_af) { + struct ip *iphdr = (struct ip*) mbuf_data(m); + u_int8_t ipv; + + dprintf("tun_demux: m: %p data: %p\n", m, mbuf_data(m)); + +#ifdef _IPVHL + ipv = IP_VHL_V(iphdr->ip_vhl); +#else + ipv = iphdr->ip_v; +#endif + + if (ipv == 4) + family = AF_INET; + else if (ipv == 6) + family = AF_INET6; + else { + /* what to do? */ + log(LOG_WARNING, "tun: unsupported IP version %d\n", ipv); + return ENOENT; + } + } else { + family = ntohl(*((u_int32_t *) header)); + } + + /* find the protocol entry */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].used && attached_protos[i].family == family) { + *proto = attached_protos[i].proto; + return 0; + } + } + + log(LOG_WARNING, "tun: no protocol found for family %d\n", family); + + return ENOENT; +} + +errno_t +tun_interface::if_framer(mbuf_t *m, const struct sockaddr *dest, const char *dest_linkaddr, + const char *frame_type) +{ + dprintf("tun: framer\n"); + + /* check whether to prepend family field */ + if (prepend_af) { + errno_t err; + mbuf_t nm = *m; + + /* get space */ + err = mbuf_prepend(&nm, sizeof(u_int32_t), MBUF_WAITOK); + if (err) { + dprintf("tun: could not prepend data to mbuf: %d\n", err); + return err; + } + *m = nm; + + *((u_int32_t *) mbuf_data(*m)) = htonl(dest->sa_family); + } + + return 0; +} + +errno_t +tun_interface::if_add_proto(protocol_family_t proto, const struct ifnet_demux_desc *desc, + u_int32_t ndesc) +{ + errno_t err; + + dprintf("tun: if_add_proto proto %d\n", proto); + + for (unsigned int i = 0; i < ndesc; i++) { + /* try to add the protocol */ + err = add_one_proto(proto, desc[i]); + if (err != 0) { + /* if that fails, remove everything stored so far */ + if_del_proto(proto); + return err; + } + } + + return 0; +} + +errno_t +tun_interface::if_del_proto(protocol_family_t proto) +{ + dprintf("tun: if_del_proto proto %d\n", proto); + + /* delete all matching entries in attached_protos */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].proto == proto) + attached_protos[i].used = false; + } + + return 0; +} + +errno_t +tun_interface::if_check_multi(const struct sockaddr *maddr) +{ + dprintf("tun: check_multi family %d\n", maddr->sa_family); + + /* see whether it is an IPv4 multicast address */ + if (maddr->sa_family == AF_INET) { + struct sockaddr_in *imaddr = (struct sockaddr_in *) maddr; + + if (IN_MULTICAST(ntohl(imaddr->sin_addr.s_addr))) + return 0; + else + return EADDRNOTAVAIL; + } else if (maddr->sa_family == AF_INET6) { + struct sockaddr_in6 *imaddr = (struct sockaddr_in6 *) maddr; + + if (IN6_IS_ADDR_MULTICAST(&imaddr->sin6_addr)) + return 0; + else + return EADDRNOTAVAIL; + } + + return EOPNOTSUPP; +} + +errno_t +tun_interface::add_one_proto(protocol_family_t proto, const struct ifnet_demux_desc &dd) +{ + int free = -1; + + /* see if the protocol is already registered */ + for (unsigned int i = 0; i < MAX_ATTACHED_PROTOS; i++) { + if (attached_protos[i].used) { + if (dd.type == attached_protos[i].family) { + /* already registered */ + if (attached_protos[i].proto == proto) { + /* matches the old entry */ + return 0; + } else + return EEXIST; + } + } else if (free == -1) + free = i; + } + + /* did we find a free entry? */ + if (free == -1) + /* is ENOBUFS correct? */ + return ENOBUFS; + + dprintf("tun: adding proto family %d proto %d\n", dd.type, proto); + + /* ok, save information */ + attached_protos[free].used = true; + attached_protos[free].family = dd.type; + attached_protos[free].proto = proto; + + return 0; +} + +/* tun_manager members */ +tuntap_interface * +tun_manager::create_interface() +{ + return new tun_interface(); +} + +bool +tun_manager::shutdown() +{ + if (tuntap_inited) { + if (tuntap_manager::shutdown()) + tuntap_inited = false; + else + return false; + } + + /* unregister INET and INET6 protocol families */ + proto_unregister_plumber(PF_INET, IFNET_FAMILY_TUN); + proto_unregister_plumber(PF_INET6, IFNET_FAMILY_TUN); + + return true; +} + +bool +tun_manager::initialize(unsigned int count, char *family) +{ + errno_t err; + + tuntap_inited = false; + + /* register INET and INET6 protocol families */ + err = proto_register_plumber(PF_INET, IFNET_FAMILY_TUN, tun_inet_attach, tun_inet_detach); + if (err) { + log(LOG_ERR, "tun: could not register PF_INET protocol family: %d\n", err); + return false; + } + + err = proto_register_plumber(PF_INET6, IFNET_FAMILY_TUN, tun_inet6_attach, + tun_inet6_detach); + if (err) { + log(LOG_ERR, "tun: could not register PF_INET6 protocol family: %d\n", err); + return false; + } + + tuntap_inited = true; + + /* have the superclass handle the rest */ + return tuntap_manager::initialize(count, family); +} + diff --git a/src/tun/tun.h b/src/tun/tun.h new file mode 100644 index 0000000..8546dc8 --- /dev/null +++ b/src/tun/tun.h @@ -0,0 +1,123 @@ +/* + * ip tunnel device for MacOSX. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TUN_H__ +#define __TUN_H__ + +#include "tuntap.h" + +#define TUN_FAMILY_NAME ((char *) "tun") +#define TUN_IF_COUNT 16 /* max number of tun interfaces */ +#define TUN_MTU 1500 + +#include "tun_ioctls.h" + +extern "C" { + +errno_t tun_inet_attach(ifnet_t ifp, protocol_family_t proto); +void tun_inet_detach(ifnet_t ifp, protocol_family_t proto); +errno_t tun_inet6_attach(ifnet_t ifp, protocol_family_t proto); +void tun_inet6_detach(ifnet_t ifp, protocol_family_t proto); + +} + +/* tun_manager */ +class tun_manager : public tuntap_manager { + + protected: + /* create an interface */ + virtual tuntap_interface *create_interface(); + + /* whether we need to call tuntap_manager::shutdown() */ + bool tuntap_inited; + + public: + /* special initalize */ + virtual bool initialize(unsigned int count, char *family); + + /* special shutdown */ + virtual bool shutdown(); + +}; + +/* the tun network interface */ +class tun_interface : public tuntap_interface { + + protected: + /* maximum number of protocols that can be attached */ + static const unsigned int MAX_ATTACHED_PROTOS = 8; + + /* information about attached protocols for demuxing is stored here */ + struct { + /* whether this entry is used */ + bool used; + /* protocol family (this is equal to proto, but keep it seperated from + * Apple's KPI stuff...) */ + u_int32_t family; + /* protocol passed to add_proto */ + protocol_family_t proto; + } attached_protos[MAX_ATTACHED_PROTOS]; + + /* whether the address family field is prepended to each packet */ + bool prepend_af; + + /* intializes the interface */ + virtual bool initialize(unsigned short major, unsigned short int unit); + + /* shutdown the interface */ + virtual void shutdown(); + + /* called when the character device is opened in order to intialize the network + * interface. + */ + virtual int initialize_interface(); + /* called when the character device is closed to shutdown the network interface */ + virtual void shutdown_interface(); + + /* override interface routines */ + virtual errno_t if_demux(mbuf_t m, char *header, protocol_family_t *proto); + virtual errno_t if_framer(mbuf_t *m, const struct sockaddr *dest, + const char *dest_linkaddr, const char *frame_type); + virtual errno_t if_add_proto(protocol_family_t proto, + const struct ifnet_demux_desc *desc, u_int32_t ndesc); + virtual errno_t if_del_proto(protocol_family_t proto); + virtual errno_t if_check_multi(const struct sockaddr *maddr); + + /* helper to if_add_proto */ + virtual errno_t add_one_proto(protocol_family_t proto, + const struct ifnet_demux_desc &dd); + + /* override notify_bpf because we might need to prepend an address header */ + virtual void notify_bpf(mbuf_t mb, bool out); + + /* need to override cdev_ioctl to get our special ioctls */ + virtual int cdev_ioctl(u_long cmd, caddr_t data, int fflag, proc_t p); + +}; + +#endif /* __TUN_H__ */ + diff --git a/src/tun/tun_inet6_proto.c b/src/tun/tun_inet6_proto.c new file mode 100644 index 0000000..4461d4d --- /dev/null +++ b/src/tun/tun_inet6_proto.c @@ -0,0 +1,87 @@ +/* + * ip tunnel device for MacOSX. This is the protocol module for PF_INET. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/kpi_mbuf.h> +#include <sys/socket.h> +#include <sys/errno.h> +#include <sys/param.h> + +#include <net/kpi_protocol.h> +#include <net/kpi_interface.h> + +static errno_t +tun_inet6_input(ifnet_t ifp, protocol_family_t protocol, mbuf_t m, char *header) +{ + /* input the packet */ + return proto_input(PF_INET6, m); +} + +static errno_t +tun_inet6_pre_output(ifnet_t ifp, protocol_family_t proto, mbuf_t *packet, + const struct sockaddr *dest, void *route, char *frame_type, char *dst_addr) +{ + + /* check wether the destination address is an inet address */ + if (dest->sa_family != AF_INET6) + return EAFNOSUPPORT; + + /* place the address family as frame type */ + *((uint32_t *) frame_type) = htonl(AF_INET6); + + return 0; +} + +errno_t +tun_inet6_attach(ifnet_t ifp, protocol_family_t proto) +{ + struct ifnet_attach_proto_param pr; + struct ifnet_demux_desc ddesc[1]; + + /* fill out pr and attach the protocol */ + ddesc[0].type = AF_INET6; + ddesc[0].data = NULL; + ddesc[0].datalen = 0; + pr.demux_array = ddesc; + pr.demux_count = 1; + pr.input = tun_inet6_input; + pr.pre_output = tun_inet6_pre_output; + pr.event = NULL; + pr.ioctl = NULL; + pr.detached = NULL; + pr.resolve = NULL; + pr.send_arp = NULL; + + return ifnet_attach_protocol(ifp, proto, &pr); +} + +void +tun_inet6_detach(ifnet_t ifp, protocol_family_t proto) +{ + /* just detach the protocol */ + ifnet_detach_protocol(ifp, proto); +} + diff --git a/src/tun/tun_inet_proto.c b/src/tun/tun_inet_proto.c new file mode 100644 index 0000000..38ecd26 --- /dev/null +++ b/src/tun/tun_inet_proto.c @@ -0,0 +1,87 @@ +/* + * ip tunnel device for MacOSX. This is the protocol module for PF_INET. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/kpi_mbuf.h> +#include <sys/socket.h> +#include <sys/errno.h> +#include <sys/param.h> + +#include <net/kpi_protocol.h> +#include <net/kpi_interface.h> + +static errno_t +tun_inet_input(ifnet_t ifp, protocol_family_t protocol, mbuf_t m, char *header) +{ + /* input the packet */ + return proto_input(PF_INET, m); +} + +static errno_t +tun_inet_pre_output(ifnet_t ifp, protocol_family_t proto, mbuf_t *packet, + const struct sockaddr *dest, void *route, char *frame_type, char *dst_addr) +{ + + /* check wether the destination address is an inet address */ + if (dest->sa_family != AF_INET) + return EAFNOSUPPORT; + + /* place the address family as frame type */ + *((uint32_t *) frame_type) = htonl(AF_INET); + + return 0; +} + +errno_t +tun_inet_attach(ifnet_t ifp, protocol_family_t proto) +{ + struct ifnet_attach_proto_param pr; + struct ifnet_demux_desc ddesc[1]; + + /* fill out pr and attach the protocol */ + ddesc[0].type = AF_INET; + ddesc[0].data = NULL; + ddesc[0].datalen = 0; + pr.demux_array = ddesc; + pr.demux_count = 1; + pr.input = tun_inet_input; + pr.pre_output = tun_inet_pre_output; + pr.event = NULL; + pr.ioctl = NULL; + pr.detached = NULL; + pr.resolve = NULL; + pr.send_arp = NULL; + + return ifnet_attach_protocol(ifp, proto, &pr); +} + +void +tun_inet_detach(ifnet_t ifp, protocol_family_t proto) +{ + /* just detach the protocol */ + ifnet_detach_protocol(ifp, proto); +} + diff --git a/src/tun/tun_ioctls.h b/src/tun/tun_ioctls.h new file mode 100644 index 0000000..13501e5 --- /dev/null +++ b/src/tun/tun_ioctls.h @@ -0,0 +1,38 @@ +/* + * ip tunnel device for MacOSX. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TUN_IOCTLS_H__ +#define __TUN_IOCTLS_H__ + +/* Tun supports prepending a four byte address family field to each packet. These ioctls allow you + * to switch it on/off. Pass 1 as parameter to switch it on, pass 0 for off. + */ +#define TUNSIFHEAD _IOW('t', 96, int) +#define TUNGIFHEAD _IOR('t', 97, int) + +#endif /* __TUN_IOCTLS_H__ */ + diff --git a/src/tuntap.cc b/src/tuntap.cc new file mode 100644 index 0000000..61abd13 --- /dev/null +++ b/src/tuntap.cc @@ -0,0 +1,963 @@ +/* + * ip tunnel/ethertap device for MacOSX. Common functionality of tap_interface and tun_interface. + * + * tuntap_interface class definition + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tuntap.h" + +#if 0 +#define dprintf(...) log(LOG_INFO, __VA_ARGS__) +#else +#define dprintf(...) +#endif + +extern "C" { + +#include <sys/conf.h> +#include <sys/syslog.h> +#include <sys/param.h> +#include <sys/filio.h> +#include <sys/sockio.h> +#include <sys/fcntl.h> +#include <sys/kpi_socket.h> + +#include <vm/vm_kern.h> + +#include <net/if_types.h> +#include <net/if_var.h> +#include <net/if_dl.h> +#include <net/if_arp.h> + +#include <miscfs/devfs/devfs.h> + +} + +extern "C" { + +/* interface service functions that delegate to the appropriate tuntap_interface instance */ +errno_t +tuntap_if_output(ifnet_t ifp, mbuf_t m) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_output(m); + } + + if (m != NULL) + mbuf_freem_list(m); + + return ENODEV; +} + +errno_t +tuntap_if_ioctl(ifnet_t ifp, long unsigned int cmd, void *arg) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_ioctl(cmd, arg); + } + + return ENODEV; +} + +errno_t +tuntap_if_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t)) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_set_bpf_tap(mode, cb); + } + + return ENODEV; +} + +errno_t +tuntap_if_demux(ifnet_t ifp, mbuf_t m, char *header, protocol_family_t *proto) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_demux(m, header, proto); + } + + return ENODEV; +} + +errno_t +tuntap_if_framer(ifnet_t ifp, mbuf_t *m, const struct sockaddr *dest, const char *dest_linkaddr, + const char *frame_type) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_framer(m, dest, dest_linkaddr, frame_type); + } + + return ENODEV; +} + +errno_t +tuntap_if_add_proto(ifnet_t ifp, protocol_family_t proto, const struct ifnet_demux_desc *ddesc, + u_int32_t ndesc) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_add_proto(proto, ddesc, ndesc); + } + + return ENODEV; +} + +errno_t +tuntap_if_del_proto(ifnet_t ifp, protocol_family_t proto) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_del_proto(proto); + } + + return ENODEV; +} + +errno_t +tuntap_if_check_multi(ifnet_t ifp, const struct sockaddr* maddr) +{ + if (ifp != NULL) + { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + return ttif->if_check_multi(maddr); + } + + return ENODEV; +} + +void +tuntap_if_detached(ifnet_t ifp) +{ + if (ifp != NULL) { + tuntap_interface *ttif = (tuntap_interface *) ifnet_softc(ifp); + if (ttif != NULL) + ttif->if_detached(); + } +} + +errno_t +tuntap_if_noop_output(ifnet_t, mbuf_t) +{ + return ENODEV; +} + +errno_t +tuntap_if_noop_demux(ifnet_t, mbuf_t, char*, protocol_family_t*) +{ + return ENODEV; +} + +errno_t +tuntap_if_noop_add_proto(ifnet_t, protocol_family_t, const struct ifnet_demux_desc*, u_int32_t) +{ + return ENODEV; +} + +errno_t +tuntap_if_noop_del_proto(ifnet_t, protocol_family_t) +{ + return ENODEV; +} + +} /* extern "C" */ + +/* tuntap_mbuf_queue */ +tuntap_mbuf_queue::tuntap_mbuf_queue() +{ + head = tail = NULL; + size = 0; +} + +tuntap_mbuf_queue::~tuntap_mbuf_queue() +{ + clear(); +} + +bool +tuntap_mbuf_queue::enqueue(mbuf_t mb) +{ + if (size == QUEUE_SIZE) + return false; + + mbuf_setnextpkt(mb, NULL); + + if (head == NULL) + head = tail = mb; + else { + mbuf_setnextpkt(tail, mb); + tail = mb; + } + size++; + + return true; +} + +mbuf_t +tuntap_mbuf_queue::dequeue() +{ + mbuf_t ret; + + /* check wether there is a packet in the queue */ + if (head == NULL) + return NULL; + + /* fetch it */ + ret = head; + head = mbuf_nextpkt(head); + mbuf_setnextpkt(ret, NULL); + size--; + + return ret; +} + +void +tuntap_mbuf_queue::clear() +{ + /* free mbufs that are in the queue */ + if (head != NULL) + mbuf_freem_list(head); + + head = NULL; + tail = NULL; + size = 0; +} + +/* tuntap_interface members */ +tuntap_interface::tuntap_interface() +{ + /* initialize the members */ + ifp = NULL; + open = false; + block_io = true; + dev_handle = NULL; + pid = 0; + selthreadclear(&rsel); + bpf_mode = BPF_MODE_DISABLED; + bpf_callback = NULL; + bzero(unique_id, UIDLEN); + in_ioctl = false; +} + +tuntap_interface::~tuntap_interface() +{ +} + +bool +tuntap_interface::register_chardev(unsigned short major) +{ + /* register character device */ + dev_handle = devfs_make_node(makedev(major, unit), DEVFS_CHAR, 0, 0, 0666, "%s%d", + family_name, (int) unit); + + if (dev_handle == NULL) { + log(LOG_ERR, "tuntap: could not make /dev/%s%d\n", family_name, (int) unit); + return false; + } + + return true; +} + +void +tuntap_interface::unregister_chardev() +{ + dprintf("unregistering character device\n"); + + /* unregister character device */ + if (dev_handle != NULL) + devfs_remove(dev_handle); + dev_handle = NULL; +} + +bool +tuntap_interface::register_interface(const struct sockaddr_dl* lladdr, void *bcaddr, + u_int32_t bcaddrlen) +{ + struct ifnet_init_params ip; + errno_t err; + + dprintf("register_interface\n"); + + /* initialize an initialization info struct */ + ip.uniqueid_len = UIDLEN; + ip.uniqueid = unique_id; + ip.name = family_name; + ip.unit = unit; + ip.family = family; + ip.type = type; + ip.output = tuntap_if_output; + ip.demux = tuntap_if_demux; + ip.add_proto = tuntap_if_add_proto; + ip.del_proto = tuntap_if_del_proto; + ip.check_multi = tuntap_if_check_multi; + ip.framer = tuntap_if_framer; + ip.softc = this; + ip.ioctl = tuntap_if_ioctl; + ip.set_bpf_tap = tuntap_if_set_bpf_tap; + ip.detach = tuntap_if_detached; + ip.event = NULL; + ip.broadcast_addr = bcaddr; + ip.broadcast_len = bcaddrlen; + + dprintf("tuntap: tuntap_if_check_multi is at 0x%08x\n", (void*) tuntap_if_check_multi); + + /* allocate the interface */ + err = ifnet_allocate(&ip, &ifp); + if (err) { + log(LOG_ERR, "tuntap: could not allocate interface for %s%d: %d\n", family_name, + (int) unit, err); + ifp = NULL; + return false; + } + + /* activate the interface */ + err = ifnet_attach(ifp, lladdr); + if (err) { + log(LOG_ERR, "tuntap: could not attach interface %s%d: %d\n", family_name, + (int) unit, err); + ifnet_release(ifp); + ifp = NULL; + return false; + } + + dprintf("setting interface flags\n"); + + /* set interface flags */ + ifnet_set_flags(ifp, IFF_RUNNING | IFF_MULTICAST | IFF_SIMPLEX, (u_int16_t) ~0UL); + + dprintf("flags: %x\n", ifnet_flags(ifp)); + + return true; +} + +void +tuntap_interface::unregister_interface() +{ + errno_t err; + + dprintf("unregistering network interface\n"); + + if (ifp != NULL) { + interface_detached = false; + + /* detach interface */ + err = ifnet_detach(ifp); + if (err) + log(LOG_ERR, "tuntap: error detaching interface %s%d: %d\n", + family_name, unit, err); + + dprintf("interface detaching\n"); + + /* Wait until the interface has completely been detached. */ + thread_sync_lock.lock(); + while (!interface_detached) + thread_sync_lock.sleep(&interface_detached); + thread_sync_lock.unlock(); + + dprintf("interface detached\n"); + + /* release the interface */ + ifnet_release(ifp); + + ifp = NULL; + } + + dprintf("network interface unregistered\n"); +} + +void +tuntap_interface::cleanup_interface() +{ + errno_t err; + ifaddr_t *addrs; + ifaddr_t *a; + struct ifreq ifr; + + /* mark the interface down */ + ifnet_set_flags(ifp, 0, IFF_UP | IFF_RUNNING); + + /* Unregister all interface addresses. This works around a deficiency in the Darwin kernel. + * If we don't remove all IP addresses that are attached to the interface it can happen that + * the IP code fails to clean them up itself. When the interface is recycled, the IP code + * might then think some addresses are still attached to the interface... + */ + + err = ifnet_get_address_list(ifp, &addrs); + if (!err) { + + /* Execute a SIOCDIFADDR ioctl for each address. For technical reasons, we can only + * do that with a socket of the appropriate family. So try to create a dummy socket. + * I know this is a little expensive, but better than crashing... + * + * This really sucks. + */ + for (a = addrs; *a != NULL; a++) { + /* initialize the request parameters */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", + ifnet_name(ifp), ifnet_unit(ifp)); + ifaddr_address(*a, &(ifr.ifr_addr), sizeof(ifr.ifr_addr)); + if (ifr.ifr_addr.sa_family != AF_INET) + continue; + + dprintf("trying to delete address of family %d\n", ifr.ifr_addr.sa_family); + + do_sock_ioctl(ifr.ifr_addr.sa_family, SIOCDIFADDR, &ifr); + } + + /* release the address list */ + ifnet_free_address_list(addrs); + } +} + +bool +tuntap_interface::idle() +{ + return !(open); +} + +void +tuntap_interface::notify_bpf(mbuf_t mb, bool out) +{ + auto_lock l(&bpf_lock); + + if ((out && bpf_mode == BPF_MODE_OUTPUT) + || (!out && bpf_mode == BPF_MODE_INPUT) + || (bpf_mode == BPF_MODE_INPUT_OUTPUT)) + (*bpf_callback)(ifp, mb); +} + +void +tuntap_interface::do_sock_ioctl(sa_family_t af, unsigned long cmd, void* arg) { + if (in_ioctl) { + log(LOG_ERR, "tuntap: ioctl recursion detected, aborting.\n"); + return; + } + + socket_t sock; + errno_t err = sock_socket(af, SOCK_RAW, 0, NULL, NULL, &sock); + if (err) { + log(LOG_ERR, "tuntap: failed to create socket: %d\n", err); + return; + } + + in_ioctl = true; + + /* issue the ioctl */ + err = sock_ioctl(sock, cmd, arg); + if (err) + log(LOG_ERR, "tuntap: socket ioctl %d failed: %d\n", cmd, err); + + in_ioctl = false; + + /* get rid of the socket */ + sock_close(sock); +} + +/* character device service methods */ +int +tuntap_interface::cdev_open(int flags, int devtype, proc_t p) +{ + dprintf("tuntap: cdev_open()\n"); + + /* grab the lock so that there can only be one thread inside */ + auto_lock l(&lock); + + /* check wether it is already open */ + if (open) + return EBUSY; + + /* bring the network interface up */ + int error = initialize_interface(); + if (error) + return error; + + open = true; + pid = proc_pid(p); + + return 0; +} + +int +tuntap_interface::cdev_close(int flags, int devtype, proc_t p) +{ + dprintf("tuntap: cdev_close()\n"); + + auto_lock l(&lock); + + if (open) { + open = false; + + /* shut down the network interface */ + shutdown_interface(); + + /* clear the queue */ + send_queue.clear(); + + /* wakeup the cdev thread and notify selects */ + wakeup(this); + selwakeup(&rsel); + + return 0; + } + + return EBADF; +} + +int +tuntap_interface::cdev_read(uio_t uio, int ioflag) +{ + auto_lock l(&lock); + + unsigned int nb = 0; + int error; + + dprintf("tuntap: cdev read\n"); + + if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP)) + return EIO; + + /* fetch a new mbuf from the queue if necessary */ + mbuf_t cur_mbuf = NULL; + while (cur_mbuf == NULL) { + dprintf("tuntap: fetching new mbuf\n"); + + cur_mbuf = send_queue.dequeue(); + if (cur_mbuf == NULL) { + /* nothing in queue, block or return */ + if (!block_io) { + dprintf("tuntap: aborting (nbio)\n"); + return EWOULDBLOCK; + } else { + /* block */ + dprintf("tuntap: waiting\n"); + /* release the lock while waiting */ + l.unlock(); + error = msleep(this, NULL, PZERO | PCATCH, "tuntap", NULL); + + l.lock(); + + if (error) + return error; + + /* see whether the device was closed in the meantime */ + if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP)) + return EIO; + + } + } + } + + /* notify bpf */ + notify_bpf(cur_mbuf, true); + + /* output what we have */ + do { + dprintf("tuntap: got new mbuf: %p uio_resid: %d\n", cur_mbuf, uio_resid(uio)); + + /* now we have an mbuf */ + int chunk_len = min(mbuf_len(cur_mbuf), uio_resid(uio)); + error = uiomove((char *) mbuf_data(cur_mbuf), chunk_len, uio); + if (error) { + mbuf_freem(cur_mbuf); + return error; + } + nb += chunk_len; + + dprintf("tuntap: moved %d bytes to userspace uio_resid: %d\n", chunk_len, + uio_resid(uio)); + + /* update cur_mbuf */ + cur_mbuf = mbuf_free(cur_mbuf); + + } while (uio_resid(uio) > 0 && cur_mbuf != NULL); + + /* update statistics */ + ifnet_stat_increment_out(ifp, 1, nb, 0); + + /* still data left? forget about that ;-) */ + if (cur_mbuf != NULL) + mbuf_freem(cur_mbuf); + + dprintf("tuntap: read done\n"); + + return 0; +} + +int +tuntap_interface::cdev_write(uio_t uio, int ioflag) +{ + auto_lock l(&lock); + + if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP)) + return EIO; + + dprintf("tuntap: cdev write. uio_resid: %d\n", uio_resid(uio)); + + /* pack the data into an mbuf chain */ + mbuf_t first, mb; + + /* first we need an mbuf having a header */ + mbuf_gethdr(MBUF_WAITOK, MBUF_TYPE_DATA, &first); + if (first == NULL) { + log(LOG_ERR, "tuntap: could not get mbuf.\n"); + return ENOMEM; + } + mbuf_setlen(first, 0); + + unsigned int mlen = mbuf_maxlen(first); + unsigned int chunk_len; + unsigned int copied = 0; + unsigned int max_data_len = ifnet_mtu(ifp) + ifnet_hdrlen(ifp); + int error; + + /* stuff the data into the mbuf(s) */ + mb = first; + while (uio_resid(uio) > 0) { + /* copy a chunk. enforce mtu (don't know if this is correct behaviour) */ + chunk_len = min(max_data_len - copied, min(uio_resid(uio), mlen)); + error = uiomove((caddr_t) mbuf_data(mb), chunk_len, uio); + if (error) { + log(LOG_ERR, "tuntap: could not copy data from userspace: %d\n", error); + mbuf_freem(first); + return error; + } + + dprintf("tuntap: copied %d bytes, uio_resid %d\n", chunk_len, + uio_resid(uio)); + + mlen -= chunk_len; + mbuf_setlen(mb, mbuf_len(mb) + chunk_len); + copied += chunk_len; + + /* if done, break the loop */ + if (uio_resid(uio) <= 0 || copied >= max_data_len) + break; + + /* allocate a new mbuf if the current is filled */ + if (mlen == 0) { + mbuf_t next; + mbuf_get(MBUF_WAITOK, MBUF_TYPE_DATA, &next); + if (next == NULL) { + log(LOG_ERR, "tuntap: could not get mbuf.\n"); + mbuf_freem(first); + return ENOMEM; + } + mbuf_setnext(mb, next); + mb = next; + mbuf_setlen(mb, 0); + mlen = mbuf_maxlen(mb); + } + } + + /* fill in header info */ + mbuf_pkthdr_setrcvif(first, ifp); + mbuf_pkthdr_setlen(first, copied); + mbuf_pkthdr_setheader(first, mbuf_data(first)); + mbuf_set_csum_performed(first, 0, 0); + + /* update statistics */ + ifnet_stat_increment_in(ifp, 1, copied, 0); + + dprintf("tuntap: mbuf chain constructed. first: %p mb: %p len: %d data: %p\n", + first, mb, mbuf_len(first), mbuf_data(first)); + + /* notify bpf */ + notify_bpf(first, false); + + /* need to adjust the data pointer to point directly behind the linklevel header. The header + * itself is later accessed via m_pkthdr.header. Well, if something is ugly, here is it. + */ + mbuf_adj(first, ifnet_hdrlen(ifp)); + + /* pass the packet over to the network stack */ + error = ifnet_input(ifp, first, NULL); + + if (error) { + log(LOG_ERR, "tuntap: could not input packet into network stack.\n"); + mbuf_freem(first); + return error; + } + + return 0; +} + +int +tuntap_interface::cdev_ioctl(u_long cmd, caddr_t data, int fflag, proc_t p) +{ + auto_lock l(&lock); + + dprintf("tuntap: cdev ioctl: %d\n", (int) (cmd & 0xff)); + + switch (cmd) { + case FIONBIO: + /* set i/o mode */ + block_io = *((int *) data) ? false : true; + return 0; + case FIOASYNC: + /* don't allow switching it on */ + if (*((int *) data)) + return ENOTTY; + return 0; + } + + return ENOTTY; +} + +int +tuntap_interface::cdev_select(int which, void *wql, proc_t p) +{ + auto_lock l(&lock); + + int ret = 0; + + dprintf("tuntap: select. which: %d\n", which); + + switch (which) { + case FREAD: + /* check wether data is available */ + { + if (!send_queue.empty()) + ret = 1; + else { + dprintf("tuntap: select: waiting\n"); + selrecord(p, &rsel, wql); + } + } + break; + case FWRITE: + /* we are always writeable */ + ret = 1; + } + + return ret; +} + +/* interface service methods */ +errno_t +tuntap_interface::if_output(mbuf_t m) +{ + mbuf_t pkt; + + dprintf("tuntap: if output\n"); + + /* just to be sure */ + if (m == NULL) + return 0; + + if (!open || ifp == NULL || !(ifnet_flags(ifp) & IFF_UP)) { + mbuf_freem_list(m); + return EHOSTDOWN; + } + + /* check whether packet has a header */ + if ((mbuf_flags(m) & MBUF_PKTHDR) == 0) { + log(LOG_ERR, "tuntap: packet to be output has no mbuf header.\n"); + mbuf_freem_list(m); + return EINVAL; + } + + /* put the packet(s) into the output queue */ + while (m != NULL) { + /* keep pointer, iterate */ + pkt = m; + m = mbuf_nextpkt(m); + mbuf_setnextpkt(pkt, NULL); + + auto_lock l(&lock); + + if (!send_queue.enqueue(pkt)) { + mbuf_freem(pkt); + mbuf_freem_list(m); + return ENOBUFS; + } + } + + /* protect the wakeup calls with the lock, not sure they are safe. */ + { + auto_lock l(&lock); + + /* wakeup the cdev thread and notify selects */ + wakeup(this); + selwakeup(&rsel); + } + + return 0; +} + +errno_t +tuntap_interface::if_ioctl(u_int32_t cmd, void *arg) +{ + dprintf("tuntap: if ioctl: %d\n", (int) (cmd & 0xff)); + + switch (cmd) { + case SIOCSIFADDR: + { + dprintf("tuntap: if_ioctl: SIOCSIFADDR\n"); + + /* Unfortunately, ifconfig sets the address family field of an INET + * netmask to zero, which makes early mDNSresponder versions ignore + * the interface. Fix that here. This one is of the category "ugly + * workaround". Dumb Darwin... + * + * Meanwhile, Apple has fixed mDNSResponder, and recent versions of + * Leopard don't need this hack anymore. However, Tiger still has a + * broken version so we leave the hack in for now. + * + * TODO: Revisit when dropping Tiger support. + * + * Btw. If you configure other network interfaces using ifconfig, + * you run into the same problem. I still don't know how to make the + * tap devices show up in the network configuration panel... + */ + ifaddr_t ifa = (ifaddr_t) arg; + if (ifa == NULL) + return 0; + + sa_family_t af = ifaddr_address_family(ifa); + if (af != AF_INET) + return 0; + + struct ifaliasreq ifra; + int sa_size = sizeof(struct sockaddr); + if (ifaddr_address(ifa, &ifra.ifra_addr, sa_size) + || ifaddr_dstaddress(ifa, &ifra.ifra_broadaddr, sa_size) + || ifaddr_netmask(ifa, &ifra.ifra_mask, sa_size)) { + log(LOG_WARNING, + "tuntap: failed to parse interface address.\n"); + return 0; + } + + // Check that the address family fields match. If not, issue another + // SIOCAIFADDR to fix the entry. + if (ifra.ifra_addr.sa_family != af + || ifra.ifra_broadaddr.sa_family != af + || ifra.ifra_mask.sa_family != af) { + log(LOG_INFO, "tuntap: Fixing address family for %s%d\n", + family_name, unit); + + snprintf(ifra.ifra_name, sizeof(ifra.ifra_name), "%s%d", + family_name, unit); + ifra.ifra_addr.sa_family = af; + ifra.ifra_broadaddr.sa_family = af; + ifra.ifra_mask.sa_family = af; + + do_sock_ioctl(af, SIOCAIFADDR, &ifra); + } + + return 0; + } + + case SIOCSIFFLAGS: + return 0; + + case SIOCGIFSTATUS: + { + struct ifstat *stat = (struct ifstat *) arg; + int len; + char *p; + + if (stat == NULL) + return EINVAL; + + /* print status */ + len = strlen(stat->ascii); + p = stat->ascii + len; + if (open) { + snprintf(p, IFSTATMAX - len, "\topen (pid %u)\n", pid); + } else { + snprintf(p, IFSTATMAX - len, "\tclosed\n"); + } + + return 0; + } + + case SIOCSIFMTU: + { + struct ifreq *ifr = (struct ifreq *) arg; + + if (ifr == NULL) + return EINVAL; + + ifnet_set_mtu(ifp, ifr->ifr_mtu); + + return 0; + } + + case SIOCDIFADDR: + return 0; + + } + + return EOPNOTSUPP; +} + +errno_t +tuntap_interface::if_set_bpf_tap(bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t)) +{ + dprintf("tuntap: mode %d\n", mode); + + auto_lock l(&bpf_lock); + + bpf_callback = cb; + bpf_mode = mode; + + return 0; +} + +errno_t +tuntap_interface::if_check_multi(const struct sockaddr *maddr) +{ + dprintf("tuntap: if_check_multi\n"); + + return EOPNOTSUPP; +} + +void +tuntap_interface::if_detached() +{ + dprintf("tuntap: if_detached\n"); + + /* wake unregister_interface() */ + thread_sync_lock.lock(); + interface_detached = true; + thread_sync_lock.wakeup(&interface_detached); + thread_sync_lock.unlock(); + + dprintf("if_detached done\n"); +} + diff --git a/src/tuntap.h b/src/tuntap.h new file mode 100644 index 0000000..d5f398d --- /dev/null +++ b/src/tuntap.h @@ -0,0 +1,301 @@ +/* + * ip tunnel/ethertap device for MacOSX. + * + * The class tuntaptap_interface contains the common functionality of tuntap_interface and + * tap_interface. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TUNTAP_H__ +#define __TUNTAP_H__ + +#include "util.h" +#include "lock.h" + +extern "C" { + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/select.h> +#include <sys/systm.h> +#include <sys/kpi_mbuf.h> + +#include <kern/locks.h> + +#include <net/if.h> +#include <net/bpf.h> +#include <net/kpi_interface.h> + +} + +extern "C" { + +errno_t tuntap_if_output(ifnet_t ifp, mbuf_t m); +errno_t tuntap_if_ioctl(ifnet_t ifp, long unsigned int cmd, void *arg); +errno_t tuntap_if_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t)); +errno_t tuntap_if_demux(ifnet_t ifp, mbuf_t m, char *header, protocol_family_t *proto); +errno_t tuntap_if_framer(ifnet_t ifp, mbuf_t *m, const struct sockaddr *dest, + const char *dest_linkaddr, const char *frame_type); +errno_t tuntap_if_add_proto(ifnet_t ifp, protocol_family_t proto, + const struct ifnet_demux_desc *ddesc, u_int32_t ndesc); +errno_t tuntap_if_del_proto(ifnet_t ifp, protocol_family_t proto); +errno_t tuntap_if_check_multi(ifnet_t ifp, const struct sockaddr *maddr); +void tuntap_if_detached(ifnet_t ifp); + +} + +/* forward declaration */ +class tuntap_interface; + +/* both interface families have their manager object that will create, initialize, shutdown and + * delete interfaces. This is (mostly) generic so it can be used both for tun and tap. The only + * exception is the interface creation, therefore this class is abstract. tun and tap have their own + * versions that simply fill in create_interface(). + */ +class tuntap_manager { + + protected: + /* manager cdev gate */ + tt_gate cdev_gate; + /* interface count */ + unsigned int count; + /* an array holding all the interface instances */ + tuntap_interface **tuntaps; + /* the major device number */ + int dev_major; + /* family name */ + char *family; + + /* wether static members are initialized */ + static bool statics_initialized; + + /* major-to-manager-map */ + static const int MAX_CDEV = 256; + static tuntap_manager *mgr_map[MAX_CDEV]; + + /* initializes static members */ + void initialize_statics(); + + public: + /* sets major device number, allocates the interface table. */ + bool initialize(unsigned int count, char *family); + + /* tries to shutdown the family. returns true if successful. the manager object may + * not be deleted if this wasn't called successfully. + */ + bool shutdown(); + + /* the destructor deletes allocated memory and unregisters the character device + * switch */ + virtual ~tuntap_manager(); + + /* here are the cdev routines for the class. They will figure out the manager object + * and call the service methods declared below. + */ + static int cdev_open(dev_t dev, int flags, int devtype, proc_t p); + static int cdev_close(dev_t dev, int flags, int devtype, proc_t p); + static int cdev_read(dev_t dev, uio_t uio, int ioflag); + static int cdev_write(dev_t dev, uio_t uio, int ioflag); + static int cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, + proc_t p); + static int cdev_select(dev_t dev, int which, void *wql, proc_t p); + + protected: + /* Here are the actual service routines that will do the required things (creating + * interfaces and such) and forward to the interface's implementation. + */ + int do_cdev_open(dev_t dev, int flags, int devtype, proc_t p); + int do_cdev_close(dev_t dev, int flags, int devtype, proc_t p); + int do_cdev_read(dev_t dev, uio_t uio, int ioflag); + int do_cdev_write(dev_t dev, uio_t uio, int ioflag); + int do_cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, proc_t p); + int do_cdev_select(dev_t dev, int which, void *wql, proc_t p); + + /* abstract method that will create an interface. Implemented by tun and tap */ + virtual tuntap_interface *create_interface() = 0; + + /* makes sure there is one idle interface available (if nothing fails */ + void ensure_idle_device(); + +}; + +/* a class implementing a mbuf packet queue. On Darwin 7 we had struct ifqueue, but that is now + * internal to the kernel for Darwin 8. So lets have our own. + */ +class tuntap_mbuf_queue { + + private: + /* output end of the queue. dequeueing takes mbufs from here */ + mbuf_t head; + /* input end. new mbufs are appended here. */ + mbuf_t tail; + + /* size */ + unsigned int size; + + /* maximum queue size */ + static const unsigned int QUEUE_SIZE = 128; + + public: + /* initialize new empty queue */ + tuntap_mbuf_queue(); + ~tuntap_mbuf_queue(); + + /* is the queue full? */ + bool full() { return size == QUEUE_SIZE; } + /* is it emtpy? */ + bool empty() { return size == 0; } + + /* enqueue an mbuf. returns true if there was space left, so the mbuf could be + * queued, false otherwise */ + bool enqueue(mbuf_t mb); + + /* tries to dequeue the next mbuf. If the queue is empty, NULL is returned */ + mbuf_t dequeue(); + + /* makes the queue empty, discarding any queue packets */ + void clear(); +}; + +class tuntap_interface { + + protected: + /* interface number */ + unsigned int unit; + /* family name */ + char *family_name; + /* family identifier */ + ifnet_family_t family; + /* interface type */ + u_int32_t type; + /* id string */ + static const unsigned int UIDLEN = 20; + char unique_id[UIDLEN]; + + /* synchronization */ + tt_mutex lock; + tt_mutex bpf_lock; + tt_mutex thread_sync_lock; + + /* the interface structure registered */ + ifnet_t ifp; + /* whether the device has been opened */ + bool open; + /* whether we are doing blocking i/o */ + bool block_io; + /* whether the interface has properly been detached */ + bool interface_detached; + /* handle to the devfs node for the character device */ + void *dev_handle; + /* the pid of the process that opened the cdev, if any */ + pid_t pid; + /* read select info */ + struct selinfo rsel; + /* bpf mode, wether filtering is on or off */ + bpf_tap_mode bpf_mode; + /* bpf callback. called when packet arrives/leaves */ + int (*bpf_callback)(ifnet_t, mbuf_t); + /* pending packets queue (for output), must be accessed with the lock held */ + tuntap_mbuf_queue send_queue; + /* whether an ioctl that we issued is currently being processed */ + bool in_ioctl; + + /* protected constructor. initializes most of the members */ + tuntap_interface(); + virtual ~tuntap_interface(); + + /* initialize the device */ + virtual bool initialize(unsigned short major, unsigned short unit) = 0; + + /* character device management */ + virtual bool register_chardev(unsigned short major); + virtual void unregister_chardev(); + + /* network interface management */ + virtual bool register_interface(const struct sockaddr_dl *lladdr, + void *bcaddr, u_int32_t bcaddrlen); + virtual void unregister_interface(); + virtual void cleanup_interface(); + + /* called when the character device is opened in order to intialize the network + * interface. + */ + virtual int initialize_interface() = 0; + /* called when the character device is closed to shutdown the network interface */ + virtual void shutdown_interface() = 0; + + /* check wether the interface is idle (so it can be brought down) */ + virtual bool idle(); + + /* shut it down */ + virtual void shutdown() = 0; + + /* notifies BPF of a packet coming through */ + virtual void notify_bpf(mbuf_t mb, bool out); + + /* executes a socket ioctl through a temporary socket */ + virtual void do_sock_ioctl(sa_family_t af, unsigned long cmd, void* arg); + + /* character device service methods. Called by the manager */ + virtual int cdev_open(int flags, int devtype, proc_t p); + virtual int cdev_close(int flags, int devtype, proc_t p); + virtual int cdev_read(uio_t uio, int ioflag); + virtual int cdev_write(uio_t uio, int ioflag); + virtual int cdev_ioctl(u_long cmd, caddr_t data, int fflag, proc_t p); + virtual int cdev_select(int which, void *wql, proc_t p); + + /* interface functions. friends and implementation methods */ + friend errno_t tuntap_if_output(ifnet_t ifp, mbuf_t m); + friend errno_t tuntap_if_ioctl(ifnet_t ifp, long unsigned int cmd, void *arg); + friend errno_t tuntap_if_set_bpf_tap(ifnet_t ifp, bpf_tap_mode mode, + int (*cb)(ifnet_t, mbuf_t)); + friend errno_t tuntap_if_demux(ifnet_t ifp, mbuf_t m, char *header, + protocol_family_t *proto); + friend errno_t tuntap_if_framer(ifnet_t ifp, mbuf_t *m, const struct sockaddr *dest, + const char *dest_linkaddr, const char *frame_type); + friend errno_t tuntap_if_add_proto(ifnet_t ifp, protocol_family_t proto, + const struct ifnet_demux_desc *ddesc, u_int32_t ndesc); + friend errno_t tuntap_if_del_proto(ifnet_t ifp, protocol_family_t proto); + friend errno_t tuntap_if_check_multi(ifnet_t ifp, const struct sockaddr *maddr); + friend void tuntap_if_detached(ifnet_t ifp); + + virtual errno_t if_output(mbuf_t m); + virtual errno_t if_ioctl(u_int32_t cmd, void *arg); + virtual errno_t if_set_bpf_tap(bpf_tap_mode mode, int (*cb)(ifnet_t, mbuf_t)); + virtual errno_t if_demux(mbuf_t m, char *header, protocol_family_t *proto) = 0; + virtual errno_t if_framer(mbuf_t *m, const struct sockaddr *dest, + const char *dest_linkaddr, const char *frame_type) = 0; + virtual errno_t if_add_proto(protocol_family_t proto, + const struct ifnet_demux_desc *ddesc, u_int32_t ndesc) = 0; + virtual errno_t if_del_proto(protocol_family_t proto) = 0; + virtual errno_t if_check_multi(const struct sockaddr *maddr); + virtual void if_detached(); + + /* tuntap_manager feeds us with cdev input, so it is our friend */ + friend class tuntap_manager; +}; + +#endif /* __TUNTAP_H__ */ + diff --git a/src/tuntap_mgr.cc b/src/tuntap_mgr.cc new file mode 100644 index 0000000..f41394e --- /dev/null +++ b/src/tuntap_mgr.cc @@ -0,0 +1,372 @@ +/* + * ip tunnel/ethertap device for MacOSX. + * + * tuntap_manager definition. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "tuntap.h" +#include "mem.h" + +extern "C" { + +#include <sys/conf.h> +#include <sys/param.h> +#include <sys/syslog.h> +#include <sys/systm.h> + +#include <vm/vm_kern.h> + +#include <miscfs/devfs/devfs.h> + +} + +#if 0 +#define dprintf(...) log(LOG_INFO, __VA_ARGS__) +#else +#define dprintf(...) +#endif + +/* cdevsw for tuntap_manager */ +static struct cdevsw mgr_cdevsw = +{ + tuntap_manager::cdev_open, + tuntap_manager::cdev_close, + tuntap_manager::cdev_read, + tuntap_manager::cdev_write, + tuntap_manager::cdev_ioctl, + eno_stop, + eno_reset, + NULL, + tuntap_manager::cdev_select, + eno_mmap, + eno_strat, + eno_getc, + eno_putc, + 0 +}; + +/* tuntap_manager members */ +tuntap_manager *tuntap_manager::mgr_map[MAX_CDEV]; + +bool tuntap_manager::statics_initialized = false; + +/* static initializer */ +void +tuntap_manager::initialize_statics() +{ + dprintf("initializing mgr_map\n"); + + /* initialize the major-to-manager map */ + for (int i = 0; i < MAX_CDEV; i++) + mgr_map[i] = NULL; + + statics_initialized = true; +} + +bool +tuntap_manager::initialize(unsigned int count, char *family) +{ + this->count = count; + this->family = family; + this->tuntaps = NULL; + + if (!statics_initialized) + initialize_statics(); + + /* make sure noone can access the character devices until we are done */ + auto_lock l(&cdev_gate); + + /* register the switch for the tap character devices */ + dev_major = cdevsw_add(-1, &mgr_cdevsw); + if (dev_major == -1) { + log(LOG_ERR, "%s: could not register character device switch.\n", family); + return false; + } + + /* allocate memory for the interface instance table */ + tuntaps = (tuntap_interface **) mem_alloc(count * sizeof(tuntap_interface *)); + if (tuntaps == NULL) + { + log(LOG_ERR, "%s: no memory!\n", family); + return false; + } + + bzero(tuntaps, count * sizeof(tuntap_interface *)); + + /* Create the interfaces. This will only add the character devices. The network devices will + * be created upon open()ing the corresponding character devices. + */ + for (int i = 0; i < (int) count; i++) + { + tuntaps[i] = create_interface(); + + if (tuntaps[i] != NULL) + { + if (tuntaps[i]->initialize(dev_major, i)) + { + continue; + } + + /* error here. current interface needs to be shut down */ + i++; + } + + /* something went wrong. clean up. */ + while (--i >= 0) + { + tuntaps[i]->shutdown(); + delete tuntaps[i]; + } + + return false; + } + + /* register the new family in the mgr switch */ + mgr_map[dev_major] = this; + + log(LOG_INFO, "%s kernel extension version %s <mattias.nissler@gmx.de>\n", + family, TUNTAP_VERSION); + + return true; +} + +bool +tuntap_manager::shutdown() +{ + bool ok = true; + + /* we halt the whole thing while we check whether we can shutdown */ + auto_lock l(&cdev_gate); + + /* anyone in? */ + if (cdev_gate.is_anyone_in()) { + dprintf("tuntap_mgr: won't shutdown, threads still behind the gate."); + ok = false; + } else { + /* query the interfaces to see if shutting down is ok */ + if (tuntaps != NULL) { + for (unsigned int i = 0; i < count; i++) { + if (tuntaps[i] != NULL) + ok &= tuntaps[i]->idle(); + } + + /* if yes, do it now */ + if (ok) { + for (unsigned int i = 0; i < count; i++) { + if (tuntaps[i] != NULL) { + tuntaps[i]->shutdown(); + delete tuntaps[i]; + tuntaps[i] = NULL; + } + } + } + } + } + + /* unregister the character device switch */ + if (ok) { + if (dev_major != -1 && cdevsw_remove(dev_major, &mgr_cdevsw) == -1) { + log(LOG_WARNING, + "%s: character device switch got lost. strange.\n", family); + } + mgr_map[dev_major] = NULL; + dev_major = -1; + + /* at this point there is still a chance that some thread hangs at the cdev_gate in + * one of the cdev service functions. I can't imagine any way that would aviod this. + * So lets unblock the gate such that they fail. + */ + unsigned int old_number; + do { + old_number = cdev_gate.get_ticket_number(); + + dprintf("tuntap_manager: waiting for other threads to give up.\n"); + + /* wait one second */ + cdev_gate.sleep(&cdev_gate, 1000000); + + } while (cdev_gate.get_ticket_number() != old_number); + + /* I hope it is safe to unload now. */ + + } else { + log(LOG_WARNING, "%s: won't unload, at least one interface is busy.\n", family); + } + + dprintf("tuntap manager: shutdown %s\n", ok ? "ok" : "failed"); + + return ok; +} + +tuntap_manager::~tuntap_manager() +{ + dprintf("freeing interface table\n"); + + /* free memory */ + if (tuntaps != NULL) + mem_free(tuntaps, count * sizeof(tuntap_interface *)); +} + +/* service method dispatchers */ +int +tuntap_manager::cdev_open(dev_t dev, int flags, int devtype, proc_t p) +{ + return (mgr_map[major(dev)] == NULL ? ENOENT + : mgr_map[major(dev)]->do_cdev_open(dev, flags, devtype, p)); +} + +int +tuntap_manager::cdev_close(dev_t dev, int flags, int devtype, proc_t p) +{ + return (mgr_map[major(dev)] == NULL ? EBADF + : mgr_map[major(dev)]->do_cdev_close(dev, flags, devtype, p)); +} + +int +tuntap_manager::cdev_read(dev_t dev, uio_t uio, int ioflag) +{ + return (mgr_map[major(dev)] == NULL ? EBADF + : mgr_map[major(dev)]->do_cdev_read(dev, uio, ioflag)); +} + +int +tuntap_manager::cdev_write(dev_t dev, uio_t uio, int ioflag) +{ + return (mgr_map[major(dev)] == NULL ? EBADF + : mgr_map[major(dev)]->do_cdev_write(dev, uio, ioflag)); +} + +int +tuntap_manager::cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, proc_t p) +{ + return (mgr_map[major(dev)] == NULL ? EBADF + : mgr_map[major(dev)]->do_cdev_ioctl(dev, cmd, data, fflag, p)); +} + +int +tuntap_manager::cdev_select(dev_t dev, int which, void *wql, proc_t p) +{ + return (mgr_map[major(dev)] == NULL ? EBADF + : mgr_map[major(dev)]->do_cdev_select(dev, which, wql, p)); +} + +/* character device service methods */ +int +tuntap_manager::do_cdev_open(dev_t dev, int flags, int devtype, proc_t p) +{ + int dmin = minor(dev); + int error = ENOENT; + + cdev_gate.enter(); + + if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL) + error = tuntaps[dmin]->cdev_open(flags, devtype, p); + + cdev_gate.exit(); + + return error; +} + +int +tuntap_manager::do_cdev_close(dev_t dev, int flags, int devtype, proc_t p) +{ + int dmin = minor(dev); + int error = EBADF; + + cdev_gate.enter(); + + if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL) + error = tuntaps[dmin]->cdev_close(flags, devtype, p); + + cdev_gate.exit(); + + return error; +} + +int +tuntap_manager::do_cdev_read(dev_t dev, uio_t uio, int ioflag) +{ + int dmin = minor(dev); + int error = EBADF; + + cdev_gate.enter(); + + if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL) + error = tuntaps[dmin]->cdev_read(uio, ioflag); + + cdev_gate.exit(); + + return error; +} + +int +tuntap_manager::do_cdev_write(dev_t dev, uio_t uio, int ioflag) +{ + int dmin = minor(dev); + int error = EBADF; + + cdev_gate.enter(); + + if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL) + error = tuntaps[dmin]->cdev_write(uio, ioflag); + + cdev_gate.exit(); + + return error; +} + +int +tuntap_manager::do_cdev_ioctl(dev_t dev, u_long cmd, caddr_t data, int fflag, proc_t p) +{ + int dmin = minor(dev); + int error = EBADF; + + cdev_gate.enter(); + + if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL) + error = tuntaps[dmin]->cdev_ioctl(cmd, data, fflag, p); + + cdev_gate.exit(); + + return error; +} + +int +tuntap_manager::do_cdev_select(dev_t dev, int which, void *wql, proc_t p) +{ + int dmin = minor(dev); + int error = EBADF; + + cdev_gate.enter(); + + if (dmin < (int) count && dmin >= 0 && tuntaps[dmin] != NULL) + error = tuntaps[dmin]->cdev_select(which, wql, p); + + cdev_gate.exit(); + + return error; +} + diff --git a/src/util.h b/src/util.h new file mode 100644 index 0000000..0f6955e --- /dev/null +++ b/src/util.h @@ -0,0 +1,46 @@ +/* + * ip tunnel/ethertap device for MacOSX. + * + * Some utilities and misc stuff. + */ +/* + * Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> + * + * Redistribution and use in source and binary forms, with or without modification, are permitted + * provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this list of + * conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other materials provided + * with the distribution. + * 3. The name of the author may not be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __UTIL_H__ +#define __UTIL_H__ + +extern "C" { + +/* In Darwin 8 (OS X Tiger) there is a problem with struct selinfo. It was made `private' to the + * kernel, so its definition is not available from the headers in Kernel.framework. However, we need + * to declare something :-( + */ +struct selinfo { + char data[128]; /* should be enough... */ +}; + +} /* extern "C" */ + +#endif /* __UTIL_H__ */ + diff --git a/test/tuntap/__init__.py b/test/tuntap/__init__.py new file mode 100644 index 0000000..664bdaa --- /dev/null +++ b/test/tuntap/__init__.py @@ -0,0 +1,21 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/test/tuntap/char_dev_harness.py b/test/tuntap/char_dev_harness.py new file mode 100644 index 0000000..515e50b --- /dev/null +++ b/test/tuntap/char_dev_harness.py @@ -0,0 +1,173 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import errno +import fcntl +import io +import os +import struct +from tuntap import ioctl + +class CharDevHarness(object): + """ + Base class for the tun and tap character device harnesses. Manages a single character + interface, keeps the file descriptor and handles I/O. + """ + + _MAX_CHAR_DEV = 16 + _MAX_PACKET_SIZE = 4096 + + def __init__(self, class_name, unit = None): + """ + Initializes the harness. + + Args: + class_name: Path name pattern. + unit: The character device number. + """ + self._class_name = class_name + self._unit = unit + self._dev = None + + def _openCharDev(self, unit): + """ + Opens the character device. + + Args: + unit: The character device number. + """ + assert not self._dev + + name = self._class_name % unit + self._dev = os.open(name, os.O_RDWR) + + def open(self): + """ + Opens the character device. + """ + if self._unit != None: + self._openCharDev(self._unit) + return + + # Try to open character devices in turn. + for i in xrange(0, self._MAX_CHAR_DEV): + try: + self._openCharDev(i) + self._unit = i + return + except OSError as e: + if e.errno != errno.EBUSY: + raise e + + # All devices busy. + raise OSError(errno.EBUSY) + + def close(self): + """ + Closes the character device. + """ + assert self._dev + os.close(self._dev) + self._dev = None + + def fileno(self): + assert self._dev + return self._dev + + def send(self, packet): + assert self._dev + os.write(self._dev, packet) + + def ioctl(self, cmd, format, arg): + """ + Performs an ioctl on the character device. + + Args: + cmd: the ioctl cmd identifier. + format: argument format. + arg: argument data tuple. + + Returns: + Output argument tuple. + """ + assert self._dev + return struct.unpack(format, fcntl.ioctl(self._dev, cmd, struct.pack(format, arg))) + + @property + def unit(self): + """ + Returns the interface unit, if known. + """ + return self._unit + + +class TunCharDevHarness(CharDevHarness): + """ + Character device harness for tun devices. + """ + + TUNSIFHEAD = ioctl.IOC(ioctl.OUT, 't', 96, 'i') + TUNGIFHEAD = ioctl.IOC(ioctl.IN, 't', 97, 'i') + + def __init__(self, unit = None): + """ + Initializes the harness. + + Args: + unit: Character device index + """ + super(TunCharDevHarness, self).__init__('/dev/tun%d', unit = unit) + + @property + def prependAF(self): + """ + Gets the AF prepending flag. + + Returns: + A flag indicating whether packets on the char dev are prefixed with the AF number. + """ + return self.ioctl(self.TUNGIFHEAD, 'i', (0))[0] + + @prependAF.setter + def prependAF(self, prependAF): + """ + Sets the AF prepending flag. + + Args: + prependAF: whether the packets on the char dev are prefixed with the AF number. + """ + self.ioctl(self.TUNSIFHEAD, 'i', (prependAF)) + + +class TapCharDevHarness(CharDevHarness): + """ + Character device harness for tap devices. + """ + + def __init__(self, unit = None): + """ + Initializes the harness. + + Args: + unit: Character device index + """ + super(TapCharDevHarness, self).__init__('/dev/tap%d', unit = unit) diff --git a/test/tuntap/interface_harness.py b/test/tuntap/interface_harness.py new file mode 100644 index 0000000..bbdade2 --- /dev/null +++ b/test/tuntap/interface_harness.py @@ -0,0 +1,292 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import ctypes +import ctypes.util +import errno +import fcntl +import socket +import struct + +from tuntap import ioctl +from tuntap.sockaddr import SockaddrDl, SockaddrIn, SockaddrIn6 + +libc = ctypes.CDLL(ctypes.util.find_library('c')) + +class struct_sockaddr(ctypes.Structure): + _fields_ = [ ('sa_len', ctypes.c_uint8), + ('sa_family', ctypes.c_uint8) ] + +class struct_ifaddrs(ctypes.Structure): + pass + +struct_ifaddrs._fields_ = [ ('ifa_next', ctypes.POINTER(struct_ifaddrs)), + ('ifa_name', ctypes.c_char_p), + ('ifa_flags', ctypes.c_uint), + ('ifa_addr', ctypes.POINTER(struct_sockaddr)), + ('ifa_netmask', ctypes.POINTER(struct_sockaddr)), + ('ifa_dstaddr', ctypes.POINTER(struct_sockaddr)), + ('ifa_data', ctypes.c_void_p) ] + +def decodeSockaddr(sockaddr): + if not sockaddr: + return None + + data = ctypes.string_at(sockaddr, max(sockaddr.contents.sa_len, 16)) + if sockaddr.contents.sa_family == SockaddrDl.AF_LINK: + return SockaddrDl.decode(data) + elif sockaddr.contents.sa_family == socket.AF_INET: + return SockaddrIn.decode(data) + elif sockaddr.contents.sa_family == socket.AF_INET6: + return SockaddrIn6.decode(data) + + return None + +def getIfAddrs(ifname): + ifaddrs = (ctypes.POINTER(struct_ifaddrs))() + assert not libc.getifaddrs(ctypes.byref(ifaddrs)) + + addrs = [] + try: + entry = ifaddrs + while entry: + ia = entry.contents + entry = ia.ifa_next + if ia.ifa_name != ifname: + continue + + addrs.append((decodeSockaddr(ia.ifa_addr), + decodeSockaddr(ia.ifa_netmask), + decodeSockaddr(ia.ifa_dstaddr))) + return addrs + finally: + libc.freeifaddrs(ifaddrs) + + +def ifNameToIndex(ifname): + libc.if_nametoindex.restype = ctypes.c_uint + index = libc.if_nametoindex(ifname) + if not index: + raise OSError(ctypes.get_errno) + return index + + +class Address(object): + """ + Wraps address parameters for an interface. + """ + + def __init__(self, af, local, remote, dst, mask): + self.af = af + self.local = local + self.remote = remote + self.dst = dst + self.mask = mask + + def __makeSaProperty(name): + def get(self): + addrmap = { socket.AF_INET: SockaddrIn, + socket.AF_INET6: SockaddrIn6 } + addr = getattr(self, name) + if self.af not in addrmap: + return None + if addr == None: + return addrmap[self.af](af = 0, addr = None) + return addrmap[self.af](af = self.af, addr = addr) + + return property(get) + + sa_local = __makeSaProperty('local') + sa_remote = __makeSaProperty('remote') + sa_dst = __makeSaProperty('dst') + sa_mask = __makeSaProperty('mask') + + +class InterfaceHarness(object): + """ + Base class for network interface harnesses. Provides helpers to configure the interface. + """ + + SIOCSIFFLAGS = ioctl.IOC(ioctl.OUT, 'i', 16, '16s16s') + SIOCGIFFLAGS = ioctl.IOC(ioctl.INOUT, 'i', 17, '16s16s') + + SIOCAIFADDR = ioctl.IOC(ioctl.OUT, 'i', 26, '16s16s16s16s') + SIOCAIFADDR_IN6 = ioctl.IOC(ioctl.OUT, 'i', 26, '16s28s28s28sIiiII') + SIOCSIFLLADDR = ioctl.IOC(ioctl.OUT, 'i', 60, '16s16s') + + SIOCGIFMTU = ioctl.IOC(ioctl.INOUT, 'i', 51, '16s16s') + + IFF_UP = 0x1 + IFF_BROADCAST = 0x2 + IFF_DEBUG = 0x4 + IFF_LOOPBACK = 0x8 + IFF_POINTOPOINT = 0x10 + IFF_NOTRAILERS = 0x20 + IFF_RUNNING = 0x40 + IFF_NOARP = 0x80 + IFF_PROMISC = 0x100 + IFF_ALLMULTI = 0x200 + IFF_OACTIVE = 0x400 + IFF_SIMPLEX = 0x800 + IFF_LINK0 = 0x1000 + IFF_LINK1 = 0x2000 + IFF_LINK2 = 0x4000 + IFF_MULTICAST = 0x8000 + + def __init__(self, class_name, unit): + """ + Initializes the harness. + + Args: + class_name: Interface class name. + unit: The interface number. + """ + self._class_name = class_name + self._unit = unit + + def _ioctl(self, af, cmd, format, arg): + """ + Performs a socket ioctl. + + Args: + af: address family. + cmd: the ioctl cmd. + format: argument format description. + arg: argument data tuple. + + Returns: + Output data tuple. + """ + s = socket.socket(af, socket.SOCK_DGRAM) + try: + return struct.unpack(format, fcntl.ioctl(s, cmd, struct.pack(format, *arg))) + finally: + s.close() + + @property + def flags(self): + """ + Retrieves the interface flags. + + Returns: + The interface flags. + """ + return self._ioctl(socket.AF_INET, InterfaceHarness.SIOCGIFFLAGS, + '16sH', (self.name, 0))[1] + + @flags.setter + def flags(self, flags): + """ + Sets new interface flags. + + Args: + flags: new interface flags. + """ + self._ioctl(socket.AF_INET, InterfaceHarness.SIOCSIFFLAGS, + '16sH', (self.name, flags)) + + @property + def mtu(self): + """ + Retrieves the interface MTU. + + Returns: + The interface MTU. + """ + return self._ioctl(socket.AF_INET, InterfaceHarness.SIOCGIFMTU, + '16si', (self.name, 0))[1] + + @property + def name(self): + """ + Gets the interface name. + + Returns: + Full interface name. + """ + return "%s%d" % (self._class_name, self._unit) + + @property + def index(self): + """ + Gets the interface index. + + Returns: + Interface index. + """ + return ifNameToIndex(self.name) + + def getAddrs(self, af = None): + def check(addr): + if addr and addr.af == af: + return addr + else: + return None + return filter(lambda (a, n, d): a != None, + map(lambda (a, n, d): (check(a), check(n), check(d)), getIfAddrs(self.name))) + + @property + def lladdr(self): + entry = self.getAddrs(SockaddrDl.AF_LINK) + if entry: + return entry[0][0] + return None + + @lladdr.setter + def lladdr(self, addr): + self._ioctl(socket.AF_INET, InterfaceHarness.SIOCSIFLLADDR, + '16sBB14s', (self.name, len(addr.addr), addr.af, addr.addr)) + + def addIfAddr(self, local, dst, mask): + """ + Set an interface address. + + Args: + local: local address. + dst: broadcast address or destination address, respectively. + mask: the netmask. + """ + self._ioctl(socket.AF_INET, InterfaceHarness.SIOCAIFADDR, + '16s16s16s16s', (self.name, local.encode(), dst.encode(), mask.encode())) + + def addIfAddr6(self, local, dst, mask): + """ + Set an INET6 address for the interface. + + Args: + local: local address. + dst: destination address. + mask: the netmask. + """ + # This sometimes fails on Tiger with ENOBUFS. Just retry... + ntries = 0 + while True: + try: + self._ioctl(socket.AF_INET6, InterfaceHarness.SIOCAIFADDR_IN6, + '16s28s28s28sIiiII', + (self.name, local.encode(), dst.encode(), mask.encode(), + 0, 0, 0, 0xffffffff, 0xffffffff)) + break + except IOError as e: + if e.errno != errno.ENOBUFS or ntries > 10: + raise e + ntries += 1 diff --git a/test/tuntap/ioctl.py b/test/tuntap/ioctl.py new file mode 100644 index 0000000..641ddf2 --- /dev/null +++ b/test/tuntap/ioctl.py @@ -0,0 +1,31 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import struct + +VOID = 0x20000000 +IN = 0x40000000 +OUT = 0x80000000 +INOUT = IN | OUT + +def IOC(inout, group, num, format): + return inout | ((struct.calcsize(format) & 0x1fff) << 16) | (ord(group) << 8) | num diff --git a/test/tuntap/packet.py b/test/tuntap/packet.py new file mode 100644 index 0000000..6fbbb73 --- /dev/null +++ b/test/tuntap/packet.py @@ -0,0 +1,531 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import socket + +class BinStruct(object): + """ + Handles packing and unpacking of binary data. It is vaguely inspired by the struct module but + taylored for bit-granular fields. Also, it's probably not very fast :) + """ + + @staticmethod + def str2num(data, width): + if not data: + return 0 + len, rem = divmod(width, 8) + val = 0 + for i in range(len): + val = (val << 8) | ord(data[i]) + if rem: + val = (val << rem) | (ord(data[len]) & ((1 << rem) - 1)) + return val + + @staticmethod + def num2str(val, width): + result = bytearray((width + 7) / 8) + p, rem = divmod(width, 8) + if rem: + result[p] = chr(val & ((1 << rem) - 1)) + val >>= rem + while p > 0: + p -= 1 + result[p] = chr(val & 0xff) + val >>= 8 + return str(result) + + def __init__(self, format): + """ + Initializes a BinStruct object that can encode and decode the binary structure specified in + the format parameters. + + Args: + format: Specifies the format of the binary data. The syntax is + + (<width><type>)* + + where: + width is the width of a component in number of bits + type is indicates the type of the component and may be one of: + s: binary data + n: number + """ + self._format = [] + id = lambda x, width : x or 0 + typemap = { + 'n': (id, id), + 's': (BinStruct.num2str, BinStruct.str2num), + } + pos = 0 + self._width = 0 + while pos < len(format): + start = pos + while str.isdigit(format[pos]): + pos += 1 + width = int(format[start:pos]) + self._width += width + codec = typemap[format[pos]] + self._format.insert(0, (width, codec[0], codec[1])) + pos += 1 + + @property + def size(self): + return (self._width + 7) / 8 + + def pack(self, *values): + """ + Encodes the passed values according to this BinStruct's format definition. + + Args: + values: The values to encode. + Returns: + The encoded struct as a binary string. + """ + assert len(values) == len(self._format) + val = 0 + pos = len(self._format) + for value in values: + pos -= 1 + (width, decode, encode) = self._format[pos] + val = (val << width) | (encode(value, width) & ((1 << width) - 1)) + return BinStruct.num2str(val, self._width) + + def unpack(self, data): + """ + Decodes a binary string according to the format definition. + + Args: + data: The binary string to decode. + Returns: + A value tuple. + """ + assert len(data) >= self.size + val = BinStruct.str2num(data, self._width) + pos = len(self._format) + result = [ None for i in range(pos) ] + for (width, decode, encode) in self._format: + pos -= 1 + result[pos] = decode(val & ((1 << width) - 1), width) + val >>= width + return tuple(result) + + +class Packet(object): + """ + Base class for packet encoding and decoding. + """ + + def __init__(self, format, names, data = None, **initializer): + """ + Initializes the packet. + + Args: + format: Binary format description. + names: Names for the packet fields. + data: Optional binary packet to decode. + initializer: Optional initialization values for the packet fields. + """ + self._struct = BinStruct(format) + self._names = names + self.__dict__.update(dict.fromkeys(self._names, None)) + self.payload = None + + if isinstance(data, str): + self.decode(data) + elif isinstance(data, Packet): + self.update(data) + + self.__dict__.update(initializer) + + def __repr__(self): + return repr(dict(map(lambda x : (x, getattr(self, x)), self._names + ('payload',)))) + + def _payloadPos(self): + """ + Returns: The payload position in the data buffer. + """ + return self._struct.size + + def _decodePayload(self, data): + """ + Decodes the payload data. + + Args: + data: Payload data buffer. + Returns: + The payload object. + """ + return data + + def _encodePayload(self): + """ + Encodes the payload data. + + Args: + payload: Payload object. + Returns: + Encoded payload byte string. + """ + if issubclass(self.payload.__class__, Packet): + return self.payload.encode() + return str(self.payload) + + def _encodeFields(self, *fields): + """ + Takes a fields tuple and returns encoded field data. + + Args: + fields: Field values. + Returns: + Tuple of encoded fields. + """ + return self._struct.pack(*fields) + + def decode(self, data): + """ + Decode a binary packet. + + Args: + data: Binary packet data to decode. + """ + fields = self._struct.unpack(data) + assert len(fields) == len(self._names) + self.__dict__.update(dict(zip(self._names, fields))) + self.payload = self._decodePayload(data[self._payloadPos():]) + + def update(self, data): + """ + Update the packet from a dictionary. + + Args: + data: The dictionary to update from. + """ + self.__dict__.update(map(lambda x : (x, getattr(data, x)), self._names + ('payload',))) + if isinstance(self.payload, str): + self.payload = self._decodePayload(self.payload) + + + def encode(self): + """ + Encodes the packet into binary format. + + Returns: + The packet data. + """ + fields = map(lambda x : getattr(self, x), self._names) + return self._encodeFields(*fields) + self._encodePayload() + + @property + def headerLen(self): + """ + The size of the header according to the format. + + Returns: + The header length. + """ + return self._struct.size + + +class TunAFFrame(Packet): + + def __init__(self, data = None, **initializer): + super(TunAFFrame, self).__init__('32n', ('af',), data, **initializer) + + def _decodePayload(self, data): + if self.af == socket.AF_INET: + return IPv4Packet(data) + elif self.af == socket.AF_INET6: + return IPv6Packet(data) + return data + + +class EthernetFrame(Packet): + + TYPE_IPV4 = 0x0800 + TYPE_ARP = 0x0806 + TYPE_IPV6 = 0x86dd + + def __init__(self, data = None, **initializer): + super(EthernetFrame, self).__init__('48s48s16n', ('dst', 'src', 'type'), + data, **initializer) + + def _decodePayload(self, data): + if self.type == EthernetFrame.TYPE_IPV4: + return IPv4Packet(data) + elif self.type == EthernetFrame.TYPE_ARP: + return ARPPacket(data) + elif self.type == EthernetFrame.TYPE_IPV6: + return IPv6Packet(data) + return data + + +class ARPPacket(Packet): + + HTYPE_ETHERNET = 0x01 + HLEN_ETHERNET = 6 + PTYPE_IPV4 = 0x0800 + PLEN_IPV4 = 4 + OPER_REQUEST = 1 + OPER_REPLY = 2 + + def __init__(self, data = None, **initializer): + super(ARPPacket, self).__init__('16n16n8n8n16n48s32s48s32s', + ('htype', 'ptype', 'hlen', 'plen', 'oper', + 'sha', 'spa', 'tha', 'tpa'), + data, **initializer) + + +class IPv4Packet(Packet): + + PROTO_ICMP = 0x01 + PROTO_TCP = 0x06 + PROTO_UDP = 0x11 + + class UDPPseudoHeader(Packet): + + def __init__(self, data = None, **initializer): + super(IPv4Packet.UDPPseudoHeader, self).__init__('32s32s8s8n16n', + ('src', 'dst', + 'padding', 'proto', 'length'), + data, **initializer) + + + def __init__(self, data = None, **initializer): + super(IPv4Packet, self).__init__('4n4n6n2n16n16n2n14n8n8n16n32s32s', + ('version', 'hdrlen', 'dscp', 'ecn', + 'len', 'id', 'flags', 'fragoffset', + 'ttl', 'proto', 'checksum', 'src', 'dst'), + data, **initializer) + + def _payloadPos(self): + return self.hdrlen * 4 + + def _decodePayload(self, data): + if self.proto == IPv4Packet.PROTO_UDP: + return UDPPacket(data) + return data + + @staticmethod + def computeChecksum(data): + """ + Computes the IPv4 header checksum. + + Args: + Header in binary. + Returns: + The header checksum. + """ + sum = 0 + for i in range(0, len(data) - 1, 2): + sum += ord(data[i]) << 8 | ord(data[i + 1]) + if len(data) % 2 == 1: + sum += ord(data[-1]) << 8 | 0 + return ~((sum & 0xffff) + (sum >> 16)) + + def encode(self): + payload = self._encodePayload() + hdrlen = self.hdrlen or 5 + payloadlen = self.len or len(payload) + fields = [self.version or 4, hdrlen, self.dscp or 0, self.ecn or 0, + payloadlen + hdrlen * 4, self.id or 0, self.flags or 0, + self.fragoffset or 0, self.ttl or 255, self.proto, self.checksum or 0, + self.src, self.dst] + + # Need to compute UDP checksum here since it includes the IPv4 pseudo header. + if (self.proto == IPv4Packet.PROTO_UDP and + issubclass(self.payload.__class__, UDPPacket) and + self.payload.checksum == None): + + header = IPv4Packet.UDPPseudoHeader(src = self.src, dst = self.dst, + proto = IPv4Packet.PROTO_UDP, length = payloadlen, + payload = payload) + payload = UDPPacket(data = self.payload, + checksum = IPv4Packet.computeChecksum(header.encode())).encode() + + header = self._encodeFields(*tuple(fields)) + if self.checksum == None: + fields[10] = IPv4Packet.computeChecksum(header) + header = self._encodeFields(*tuple(fields)) + return header + payload + +class IPv6Packet(Packet): + + PROTO_ICMP = 1 + PROTO_TCP = 6 + PROTO_UDP = 17 + PROTO_ICMPV6 = 58 + + class UDPPseudoHeader(Packet): + + def __init__(self, data = None, **initializer): + super(IPv6Packet.UDPPseudoHeader, self).__init__('128s128s32n24s8n', + ('src', 'dst', + 'length', 'padding', 'proto'), + data, **initializer) + + + def __init__(self, data = None, **initializer): + super(IPv6Packet, self).__init__('4n8n20n16n8n8n128s128s', + ('version', 'traffic_class', 'flow_label', + 'len', 'proto', 'hop_limit', + 'src', 'dst'), + data, **initializer) + + def _decodePayload(self, data): + if self.proto == IPv6Packet.PROTO_UDP: + return UDPPacket(data) + elif self.proto == IPv6Packet.PROTO_ICMPV6: + return ICMPV6Packet(data) + return data + + def encode(self): + payload = self._encodePayload() + fields = [self.version or 6, self.traffic_class or 0, self.flow_label or 0, + self.len or len(payload), self.proto, self.hop_limit or 255, + self.src, self.dst] + + # Need to compute checksum for UDP, ICMPV6 here since it includes the IPv6 pseudo header. + checksummedProtos = { IPv6Packet.PROTO_UDP: UDPPacket, + IPv6Packet.PROTO_ICMPV6: ICMPV6Packet } + payloadClass = checksummedProtos.get(self.proto) + if (payloadClass != None and + issubclass(self.payload.__class__, payloadClass) and + self.payload.checksum == None): + + header = IPv6Packet.UDPPseudoHeader(src = self.src, dst = self.dst, length = fields[3], + proto = self.proto, payload = payload) + payload = payloadClass(data = self.payload, + checksum = IPv4Packet.computeChecksum(header.encode())).encode() + + return self._encodeFields(*tuple(fields)) + payload + + +class ICMPV6Packet(Packet): + + TYPE_NEIGHBOR_SOLICITATION = 135 + TYPE_NEIGHBOR_ADVERTISMENT = 136 + + def __init__(self, data = None, **initializer): + super(ICMPV6Packet, self).__init__('8n8n16n', + ('type', 'code', 'checksum'), + data, **initializer) + + def _decodePayload(self, data): + if self.type == ICMPV6Packet.TYPE_NEIGHBOR_SOLICITATION: + return ICMPV6NeighborSolicitation(data) + elif self.type == ICMPV6Packet.TYPE_NEIGHBOR_ADVERTISMENT: + return ICMPV6NeighborAdvertisement(data) + return data + + +class ICMPV6NeighborDiscoveryOption(Packet): + + TYPE_SOURCE_LINK_LAYER_ADDRESS = 1 + TYPE_TARGET_LINK_LAYER_ADDRESS = 2 + + def __init__(self, data = None, **initializer): + super(ICMPV6NeighborDiscoveryOption, self).__init__('8n8n', + ('type', 'length'), + data, **initializer) + + def encode(self): + payload = self._encodePayload() + length = self.length + if length == None: + length = (len(payload) + 2 + 7) / 8 + payload += '\x00' * (length * 8 - len(payload) - 2) + fields = [self.type, length] + header = self._encodeFields(*tuple(fields)) + return header + payload + + @staticmethod + def decodeOptions(data): + options = [] + while len(data) > 2: + type = ord(data[0]) + length = ord(data[1]) + if len(data) < length * 8: + break + options.append(ICMPV6NeighborDiscoveryOption(type = type, length = length, + payload = data[0:length * 8])) + data = data[length * 8:] + return options + + +class ICMPV6NeighborSolicitation(Packet): + + def __init__(self, data = None, **initializer): + super(ICMPV6NeighborSolicitation, self).__init__('32s128s', + ('reserved', 'target'), + data, **initializer) + self.target_lladdr = initializer.get('src_lladdr') + + def _decodePayload(self, data): + for option in ICMPV6NeighborDiscoveryOption.decodeOptions(data): + if option.type == ICMPV6NeighborDiscoveryOption.TYPE_SOURCE_LINK_LAYER_ADDRESS: + self.src_lladdr = option.payload + return None + + def _encodePayload(self): + if self.src_lladdr: + return ICMPV6NeighborDiscoveryOption( + type = ICMPV6NeighborDiscoveryOption.TYPE_SOURCE_LINK_LAYER_ADDRESS, + payload = self.src_lladdr).encode() + return '' + + +class ICMPV6NeighborAdvertisement(Packet): + + def __init__(self, data = None, **initializer): + super(ICMPV6NeighborAdvertisement, self).__init__('1n1n1n29s128s', + ('router', 'solicited', 'override', + 'reserved', 'target'), + data, **initializer) + self.target_lladdr = initializer.get('target_lladdr') + + def _decodePayload(self, data): + for option in ICMPV6NeighborDiscoveryOptions.decodeOptions(data): + if option.type == ICMPV6NeighborDiscoveryOption.TYPE_TARGET_LINK_LAYER_ADDRESS: + self.target_lladdr = option.payload + return None + + def _encodePayload(self): + if self.target_lladdr: + return ICMPV6NeighborDiscoveryOption( + type = ICMPV6NeighborDiscoveryOption.TYPE_TARGET_LINK_LAYER_ADDRESS, + payload = self.target_lladdr).encode() + return '' + + +class UDPPacket(Packet): + + def __init__(self, data = None, **initializer): + super(UDPPacket, self).__init__('16n16n16n16n', + ('src', 'dst', 'len', 'checksum'), + data, **initializer) + + def encode(self): + payload = self._encodePayload() + packetlen = self.len or (len(payload) + self.headerLen) + fields = [self.src, self.dst, packetlen, self.checksum or 0] + header = self._encodeFields(*tuple(fields)) + return header + payload diff --git a/test/tuntap/packet_codec.py b/test/tuntap/packet_codec.py new file mode 100644 index 0000000..0909596 --- /dev/null +++ b/test/tuntap/packet_codec.py @@ -0,0 +1,244 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import functools +import socket + +from tuntap.tun_tap_harness import TunHarness, TapHarness +from tuntap.packet import ( + ARPPacket, + EthernetFrame, + ICMPV6Packet, + ICMPV6NeighborAdvertisement, + ICMPV6NeighborSolicitation, + IPv4Packet, + IPv6Packet, + TunAFFrame, + UDPPacket +) +from tuntap.packet_reader import PacketReader, SelectPacketSource + +class PacketCodec(object): + """ + Helper for tests that wish to send and receive packets. This provides the interface to send and + receive packets at the IP/IPv6 level on both the network interface and char dev sides. + """ + + def __init__(self, af, listenAddress, newHarness, newPacketSource): + self._af = af + self._listenAddress = listenAddress + self._newHarness = newHarness + self._newPacketSource = newPacketSource + + def __str__(self): + af_map = { socket.AF_INET: 'IN', socket.AF_INET6: 'IN6' } + return '<%s<%s, %s>>' % (self.__class__.__name__, + af_map[self._af], + self._newPacketSource.__name__) + + def _decodePacket(self, packet): + return packet + + def _framePacket(self, payload): + return payload + + def _frameExpectation(self, expectation): + return expectation + + @property + def af(self): + return self._af + + @property + def addr(self): + if self._af == socket.AF_INET: + return self._harness.addr + elif self._af == socket.AF_INET6: + return self._harness.addr6 + assert False + + @property + def UDPPort(self): + return self._recvSock.getsockname()[1] + + def start(self): + self._harness = self._newHarness() + self._harness.start() + self._harness.up() + + self._sendSock = socket.socket(self.addr.af, socket.SOCK_DGRAM) + self._recvSock = socket.socket(self.addr.af, socket.SOCK_DGRAM) + self._recvSock.bind((self._listenAddress or self.addr.local, 0)) + + self._reader = PacketReader(source = self._newPacketSource(self._harness.char_dev.fileno()), + skip = True, + decode = lambda packet : self._decodePacket(packet)) + self._sockReader = PacketReader(source = SelectPacketSource(self._recvSock.fileno())) + + self._reader.start() + self._sockReader.start() + + def stop(self): + self._sockReader.stop() + self._reader.stop() + self._harness.stop() + self._sendSock.close() + self._recvSock.close() + + def sendUDP(self, payload, addr): + self._sendSock.sendto(payload, addr) + + def expectUDP(self, expectation): + self._sockReader.expect(expectation) + + def runUDP(self): + return self._sockReader.run() + + def sendPacket(self, payload): + self._harness.char_dev.send(self._framePacket(payload)) + + def expectPacket(self, expectation): + self._reader.expect(self._frameExpectation(expectation)) + + def runPacket(self): + return self._reader.run() + + +class TunPacketCodec(PacketCodec): + + def __init__(self, af, listenAddress, newPacketSource): + super(TunPacketCodec, self).__init__(af, listenAddress, TunHarness, newPacketSource) + + def _decodePacket(self, packet): + # Look at the first byte to figure out whether it's IPv4 or IPv6. + version = (ord(packet[0]) & 0xf0) >> 4 + if version == 4: + return IPv4Packet(packet) + elif version == 6: + return IPv6Packet(packet) + else: + return packet + + +class TunAFPacketCodec(PacketCodec): + + def __init__(self, af, listenAddress, newPacketSource): + super(TunAFPacketCodec, self).__init__(af, listenAddress, TunHarness, newPacketSource) + + def _decodePacket(self, packet): + return TunAFFrame(packet) + + def _framePacket(self, payload): + return TunAFFrame(af = self.addr.af, payload = payload).encode() + + def _frameExpectation(self, expectation): + return { 'af': self.addr.af, + 'payload': expectation } + + def start(self): + super(TunAFPacketCodec, self).start() + self._harness.char_dev.prependAF = 1 + + +class TapPacketCodec(PacketCodec): + + TYPE_MAP = { socket.AF_INET: EthernetFrame.TYPE_IPV4, + socket.AF_INET6: EthernetFrame.TYPE_IPV6 } + + ETHER_ADDR_ANY = '\xff\xff\xff\xff\xff\xff' + ETHER_ADDR_REMOTE = '\x11\x22\x33\x44\x55\x66' + + def __init__(self, af, listenAddress, newPacketSource): + super(TapPacketCodec, self).__init__(af, listenAddress, TapHarness, newPacketSource) + + def _decodePacket(self, packet): + return EthernetFrame(packet) + + def _framePacket(self, payload): + return EthernetFrame(src = TapPacketCodec.ETHER_ADDR_REMOTE, + dst = self._harness.interface.lladdr.addr, + type = TapPacketCodec.TYPE_MAP[self.addr.af], + payload = payload).encode() + + def _frameExpectation(self, expectation): + return { 'type': TapPacketCodec.TYPE_MAP[self.addr.af], + 'src': self._harness.interface.lladdr.addr, + 'payload': expectation } + + def _sendArpReply(self, packet): + reply = EthernetFrame(dst = packet.src, + src = TapPacketCodec.ETHER_ADDR_ANY, + type = EthernetFrame.TYPE_ARP, + payload = ARPPacket(htype = ARPPacket.HTYPE_ETHERNET, + ptype = ARPPacket.PTYPE_IPV4, + hlen = ARPPacket.HLEN_ETHERNET, + plen = ARPPacket.PLEN_IPV4, + oper = ARPPacket.OPER_REPLY, + sha = TapPacketCodec.ETHER_ADDR_REMOTE, + spa = packet.payload.tpa, + tha = packet.payload.sha, + tpa = packet.payload.spa)) + self._harness.char_dev.send(reply.encode()) + + def _sendNeighborAdvertisement(self, packet): + reply = EthernetFrame( + dst = packet.payload.payload.payload.src_lladdr, + src = TapPacketCodec.ETHER_ADDR_ANY, + type = EthernetFrame.TYPE_IPV6, + payload = IPv6Packet( + src = socket.inet_pton(self.addr.af, self.addr.remote), + dst = packet.payload.src, + proto = IPv6Packet.PROTO_ICMPV6, + payload = ICMPV6Packet( + type = ICMPV6Packet.TYPE_NEIGHBOR_ADVERTISMENT, + payload = ICMPV6NeighborAdvertisement( + solicited = 1, + override = 1, + target = socket.inet_pton(self.addr.af, self.addr.remote), + target_lladdr = TapPacketCodec.ETHER_ADDR_REMOTE)))) + self._harness.char_dev.send(reply.encode()) + + def start(self): + super(TapPacketCodec, self).start() + # Answer ARP resolution requests for the destination address. + self._reader.expect( + expectation = { 'type': EthernetFrame.TYPE_ARP, + 'payload': { 'htype': ARPPacket.HTYPE_ETHERNET, + 'ptype': ARPPacket.PTYPE_IPV4, + 'hlen': ARPPacket.HLEN_ETHERNET, + 'plen': ARPPacket.PLEN_IPV4, + 'oper': ARPPacket.OPER_REQUEST, + 'tpa': socket.inet_pton(self.addr.af, self.addr.remote) }}, + times = None, + action = functools.partial(TapPacketCodec._sendArpReply, self)) + # Answer Neighbor Solicitation requests for IPv6. + self._reader.expect( + expectation = { + 'type': EthernetFrame.TYPE_IPV6, + 'payload': { + 'proto': IPv6Packet.PROTO_ICMPV6, + 'payload': { + 'type': ICMPV6Packet.TYPE_NEIGHBOR_SOLICITATION, + 'payload': { + 'target': socket.inet_pton(self.addr.af, self.addr.remote) }}}}, + times = None, + action = functools.partial(TapPacketCodec._sendNeighborAdvertisement, self)) diff --git a/test/tuntap/packet_reader.py b/test/tuntap/packet_reader.py new file mode 100644 index 0000000..f9b90b6 --- /dev/null +++ b/test/tuntap/packet_reader.py @@ -0,0 +1,271 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import errno +import os +import Queue +import select +import signal +import socket +import pickle +import threading + +MAX_PACKET_SIZE = 4096 + +def handleEAgain(fn, *args, **kwargs): + """ + Wraps a function call in loop, restarting on EAGAIN. + """ + while True: + try: + return fn(*args, **kwargs) + except EnvironmentError as e: + if e.errno != errno.EAGAIN: + raise + except: + raise + + +class BlockingPacketSource(object): + """ + In order to be able to test blocking reads and not hang forever if the expected data never + arrives, we do the blocking read call in a forked subprocess that forwards the data read from + the fd over a domain socket. + """ + + def __init__(self, fd): + (self._rsock, wsock) = socket.socketpair(socket.AF_UNIX, socket.SOCK_DGRAM) + child = os.fork() + if child != 0: + wsock.close() + self._child = child + return + + self._rsock.close() + + # This is the read loop in the forked process and it won't quit until either the process + # gets killed or there is a read error. + try: + while True: + packet = handleEAgain(os.read, fd, MAX_PACKET_SIZE) + handleEAgain(wsock.send, pickle.dumps((0, packet), pickle.HIGHEST_PROTOCOL)) + if len(packet) == 0: + break + except KeyboardInterrupt: + pass + except EnvironmentError as e: + print "Packet source recevied error: %d" % e.errno + handleEAgain(wsock.send, pickle.dumps((e.errno, ''), pickle.HIGHEST_PROTOCOL)) + finally: + os.close(fd) + wsock.close() + os._exit(os.EX_OK) + + def read(self, killpipe): + (r, w, x) = select.select([self._rsock, killpipe], [], []) + if killpipe in r: + return None + if self._rsock in r: + try: + return handleEAgain(self._rsock.recv, MAX_PACKET_SIZE) + except EnvironmentError as e: + # If there's a read error on the subprocess, it'll close the socket. + if e.errno != errno.ECONNRESET: + raise e + return None + + def stop(self): + os.kill(self._child, signal.SIGINT) + os.waitpid(self._child, 0) + self._rsock.close() + + +class SelectPacketSource(object): + """ + Reads data from a file descriptor, waiting for input using select(). + """ + + def __init__(self, fd): + self._fd = fd + + def read(self, killpipe): + (r, w, x) = select.select([self._fd, killpipe], [], []) + if killpipe in r: + return None + if self._fd in r: + packet = handleEAgain(os.read, self._fd, MAX_PACKET_SIZE) + return pickle.dumps((0, packet)) + return None + + def stop(self): + pass + +class Expectation(object): + """ + Describes an expectation. Expectations are specified as dictionaries to match the packet + against. Entries may specify nested dictionaries for recursive matching and callables can be + used as predicates. Any other entry will be compared to the corresponding value in the packet. + """ + + def __init__(self, expectation, times, action): + self._expectation = expectation + self._times = times + self._action = action + + @property + def active(self): + return self._times == None or self.pending + + @property + def pending(self): + return self._times != None and self._times > 0 + + def check(self, packet): + #print 'Matching %s against %s' % (packet, self._expectation) + if self.active and Expectation._matches(packet, self._expectation): + if self._times: + self._times -= 1 + if callable(self._action): + self._action(packet) + return True + return False + + @staticmethod + def _matches(packet, expectation): + if isinstance(expectation, dict): + for (name, entry) in expectation.iteritems(): + try: + val = getattr(packet, name) + except AttributeError: + return False + if not Expectation._matches(val, entry): + return False + return True + elif callable(expectation): + return expectation(packet) + else: + return packet == expectation + + +class PacketReader(object): + """ + Takes care of reading packets and matching them against expectations. + """ + + def __init__(self, source, decode = str, skip = False): + """ + Initializes a new reader. + + Args: + source: packet source to read packets from. + decode: packet decoding function. + skip: whether non-matching packets are to be skipped. + """ + self._source = source + self._decode = decode + self._skip = skip + self._expectations = [] + self._packets = Queue.Queue() + self._shutdownPipe = os.pipe() + self._stop = threading.Event() + + def start(self): + self._readThread = threading.Thread(target = self) + self._readThread.start() + + def stop(self): + self._stop.set() + handleEAgain(os.write, self._shutdownPipe[1], 'stop') + self._readThread.join() + self._source.stop() + os.close(self._shutdownPipe[0]) + os.close(self._shutdownPipe[1]) + + def __call__(self): + """ + Reading service function, runs in a separate thread. + """ + try: + while True: + packet = handleEAgain(self._source.read, self._shutdownPipe[0]) + if not packet: + self._packets.put((0, '')) + break + self._packets.put(pickle.loads(packet)) + except EnvironmentError as e: + # The read() is racing against stop(), ignore these situations. + if e.errno == EIO and self._stop.isSet(): + self._packets.put((0, '')) + self._packets.put((e.errno, '')) + + def expect(self, expectation, times = 1, action = None): + """ + Adds an expectation for a packet to be received. + + Args: + expectation: Dictionary describing the expected packet. + times: Number of packets expected. None for unlimited. + action: A callback to run after the packet has been received. + """ + assert times != 0 + self._expectations.append(Expectation(expectation, times, action)) + + @property + def expectationsPending(self): + for e in self._expectations: + if e.pending: + return True + return False + + def run(self, timeout = 1): + """ + Runs the packet reader, waiting for all limited expectations to be met. + + Args: + timeout: Wait timeout in seconds. + """ + while self.expectationsPending: + try: + (code, payload) = self._packets.get(True, timeout) + except Queue.Empty: + # No packet received. + break + + if code != 0: + # read error, re-raise. + raise OSError((code, os.strerror(code))) + + if len(payload) == 0: + # EOF on read. + break + + # decode the packet and match it against expectation. + matches = False + for e in self._expectations: + if e.check(self._decode(payload)): + matches = True + break + if not matches and not self._skip: + return False + + return not self.expectationsPending + diff --git a/test/tuntap/route.py b/test/tuntap/route.py new file mode 100644 index 0000000..b59707e --- /dev/null +++ b/test/tuntap/route.py @@ -0,0 +1,112 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import socket +import struct + +# from net/route.h +RTM_ADD = 0x1 # Add Route +RTM_DELETE = 0x2 # Delete Route +RTM_CHANGE = 0x3 # Change Metrics or flags +RTM_GET = 0x4 # Report Metrics +RTM_LOSING = 0x5 # Kernel Suspects Partitioning +RTM_REDIRECT = 0x6 # Told to use different route +RTM_MISS = 0x7 # Lookup failed on this address +RTM_LOCK = 0x8 # fix specified metrics +RTM_OLDADD = 0x9 # caused by SIOCADDRT +RTM_OLDDEL = 0xa # caused by SIOCDELRT +RTM_RESOLVE = 0xb # req to resolve dst to LL addr +RTM_NEWADDR = 0xc # address being added to iface +RTM_DELADDR = 0xd # address being removed from iface +RTM_IFINFO = 0xe # iface going up/down etc. +RTM_NEWMADDR = 0xf # mcast group membership being added to if +RTM_DELMADDR = 0x10 # mcast group membership being deleted + +RTF_UP = 0x1 # route usable +RTF_GATEWAY = 0x2 # destination is a gateway +RTF_HOST = 0x4 # host entry (net otherwise) +RTF_REJECT = 0x8 # host or net unreachable +RTF_DYNAMIC = 0x10 # created dynamically (by redirect) +RTF_MODIFIED = 0x20 # modified dynamically (by redirect) +RTF_DONE = 0x40 # message confirmed +RTF_DELCLONE = 0x80 # delete cloned route +RTF_CLONING = 0x100 # generate new routes on use +RTF_XRESOLVE = 0x200 # external daemon resolves name +RTF_LLINFO = 0x400 # generated by link layer (e.g. ARP) +RTF_STATIC = 0x800 # manually added +RTF_BLACKHOLE = 0x1000 # just discard pkts (during updates) +RTF_PROTO2 = 0x4000 # protocol specific routing flag +RTF_PROTO1 = 0x8000 # protocol specific routing flag + +RTF_PRCLONING = 0x10000 # protocol requires cloning +RTF_WASCLONED = 0x20000 # route generated through cloning +RTF_PROTO3 = 0x40000 # protocol specific routing flag +RTF_LOCAL = 0x200000 # route represents a local address +RTF_BROADCAST = 0x400000 # route represents a bcast address +RTF_MULTICAST = 0x800000 # route represents a mcast address +RTF_IFSCOPE = 0x1000000 # has valid interface scope +RTF_CONDEMNED = 0x2000000 # defunct; no longer modifiable + +RTA_DST = 0x1 # destination sockaddr present +RTA_GATEWAY = 0x2 # gateway sockaddr present +RTA_NETMASK = 0x4 # netmask sockaddr present +RTA_GENMASK = 0x8 # cloning mask sockaddr present +RTA_IFP = 0x10 # interface name sockaddr present +RTA_IFA = 0x20 # interface addr sockaddr present +RTA_AUTHOR = 0x40 # sockaddr for author of redirect +RTA_BRD = 0x80 # for NEWADDR, broadcast or p-p dest addr + +RTM_VERSION = 5 + +PF_ROUTE = 17 + +STRUCT_RTMSG = struct.Struct('HBBHiiHiiiI3Ii10I') + +def _sendRouteMsg(type, index = 0, flags = 0, addrs = {}): + def add_addr((addr_flags, payload), (addr, flag)): + if not addr: + return (addr_flags, payload) + + return (addr_flags | flag, payload + addr.encode()) + + (addr_flags, payload) = reduce(add_addr, + [ (addrs['dst'], RTA_DST), + (addrs['gateway'], RTA_GATEWAY), + (addrs['netmask'], RTA_NETMASK) ], + (0, '')) + msglen = STRUCT_RTMSG.size + len(payload) + data = STRUCT_RTMSG.pack(msglen, RTM_VERSION, type, index, flags, addr_flags, *((0,) * 19)) + + sock = socket.socket(PF_ROUTE, socket.SOCK_RAW) + try: + sock.send(data + payload) + finally: + sock.close() + +def addNet(dst = None, gateway = None, netmask = None, interface = None): + flags = RTF_STATIC | RTF_UP + if gateway: + flags |= RTF_GATEWAY + elif interface: + gateway = interface + _sendRouteMsg(type = RTM_ADD, flags = flags, + addrs = dict(dst = dst, gateway = gateway, netmask = netmask)) diff --git a/test/tuntap/sockaddr.py b/test/tuntap/sockaddr.py new file mode 100644 index 0000000..59edbfc --- /dev/null +++ b/test/tuntap/sockaddr.py @@ -0,0 +1,124 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import socket +import struct + +class SockaddrDl(object): + + AF_LINK = 18 + STRUCT = struct.Struct('BBH4B') + + def __init__(self, name, addr, type, index = 0, af = AF_LINK): + self.af = af + self.index = index + self.type = type + self.name = name + self.addr = addr + + def __repr__(self): + return 'SockaddrDl<%d, %d, %d, %s, %s>' % (self.af, self.index, self.type, + self.name, repr(self.addr)) + + def __eq__(self, other): + return (self.af == other.af and self.index == other.index and self.type == other.type and + self.name == other.name and self.addr == other.addr) + + def encode(self): + # It's important to make this size 12 at least to meet sizeof(struct sockaddr_dl), routing + # setup chokes if it's not. + datalen = max(len(self.name) + len(self.addr), 12) + namelen = datalen - len(self.addr) + data = SockaddrDl.STRUCT.pack(SockaddrDl.STRUCT.size + datalen, + self.af, self.index, self.type, + namelen, len(self.addr), 0) + return data + self.name + '\x00' * (namelen - len(self.name)) + self.addr + + @classmethod + def decode(self, data): + fields = SockaddrDl.STRUCT.unpack_from(data) + pname = SockaddrDl.STRUCT.size + paddr = pname + fields[4] + pend = paddr + fields[5] + return SockaddrDl(af = fields[1], index = fields[2], type = fields[3], + name = data[pname:paddr], addr = data[paddr:pend]) + + +class SockaddrIn(object): + """ + Python wrapper for struct sockaddr_in. + """ + + STRUCT = struct.Struct('BBH4s8x') + + def __init__(self, addr, port = 0, af = socket.AF_INET): + self.addr = addr or '0.0.0.0' + self.port = port + self.af = af + + def __repr__(self): + return 'SockaddrIn<%d, %d, %s>' % (self.af, self.port, self.addr) + + def __eq__(self, other): + return self.encode() == other.encode() + + def encode(self): + return SockaddrIn.STRUCT.pack(16, self.af, self.port, socket.inet_aton(self.addr)) + + @classmethod + def decode(cls, data): + t = SockaddrIn.STRUCT.unpack(data) + return SockaddrIn(addr = socket.inet_ntoa(t[3]), port = t[2], af = t[1]) + + +class SockaddrIn6(object): + """ + Python wrapper for struct sockaddr_in6. + """ + + STRUCT = struct.Struct('BBHI16sI') + + def __init__(self, addr, port = 0, af = socket.AF_INET6, flowinfo = 0, scopeid = 0): + self.addr = addr or '::0' + self.port = port + self.af = af + self.flowinfo = flowinfo + self.scopeid = scopeid + + def __repr__(self): + return 'SockaddrIn6<%d, %d, %s, %d, %d>' % (self.af, self.port, self.addr, + self.flowinfo, self.scopeid) + + def __eq__(self, other): + return self.encode() == other.encode() + + def encode(self): + return SockaddrIn6.STRUCT.pack(28, self.af, self.port, self.flowinfo, + socket.inet_pton(socket.AF_INET6, self.addr), self.scopeid) + + @classmethod + def decode(cls, data): + t = SockaddrIn6.STRUCT.unpack(data) + return SockaddrIn6(addr = socket.inet_ntop(socket.AF_INET6, t[4]), port = t[2], af = t[1], + flowinfo = t[3], scopeid = t[5]) + + diff --git a/test/tuntap/test_char_dev.py b/test/tuntap/test_char_dev.py new file mode 100644 index 0000000..ae34bf7 --- /dev/null +++ b/test/tuntap/test_char_dev.py @@ -0,0 +1,86 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import errno +import os +from tuntap.char_dev_harness import TunCharDevHarness, TapCharDevHarness +from unittest import TestCase + +class TestCharDev(TestCase): + + def __init__(self, name, newHarness): + super(TestCharDev, self).__init__(name) + self._newHarness = newHarness + + def setUp(self): + self.char_dev = self._newHarness() + self.char_dev.open() + + def tearDown(self): + self.char_dev.close() + + def test_Open(self): + pass + + def test_OpenTwiceBusy(self): + second = self._newHarness(self.char_dev.unit) + try: + second.open() + second.close() + self.fail() + except OSError as e: + self.assertEqual(errno.EBUSY, e.errno) + + def test_ReadFails(self): + try: + os.read(self.char_dev.fileno(), 1) + self.fail() + except OSError as e: + self.assertEqual(errno.EIO, e.errno) + + def test_WriteFails(self): + try: + os.write(self.char_dev.fileno(), '') + self.fail() + except OSError as e: + self.assertEqual(errno.EIO, e.errno) + + +class TestTunCharDev(TestCharDev): + + def __init__(self, name): + super(TestTunCharDev, self).__init__(name, TunCharDevHarness) + + def test_AFPrepend(self): + self.assertFalse(self.char_dev.prependAF) + + self.char_dev.prependAF = 1 + self.assertTrue(self.char_dev.prependAF) + + self.char_dev.prependAF = 0 + self.assertFalse(self.char_dev.prependAF) + + +class TestTapCharDev(TestCharDev): + + def __init__(self, name): + super(TestTapCharDev, self).__init__(name, TapCharDevHarness) diff --git a/test/tuntap/test_interface.py b/test/tuntap/test_interface.py new file mode 100644 index 0000000..7cf19b2 --- /dev/null +++ b/test/tuntap/test_interface.py @@ -0,0 +1,120 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import errno +import socket +import unittest + +from tuntap.char_dev_harness import TunCharDevHarness, TapCharDevHarness +from tuntap.interface_harness import Address, InterfaceHarness +from tuntap.sockaddr import SockaddrDl, SockaddrIn, SockaddrIn6 +from tuntap.tun_tap_harness import TunHarness, TapHarness + +class TestInterface(unittest.TestCase): + + def __init__(self, name, harness): + super(TestInterface, self).__init__(name) + self.harness = harness + + def setUp(self): + self.harness.start() + + def tearDown(self): + self.harness.stop() + + def test_CloseWhileUp(self): + self.harness.interface.flags |= InterfaceHarness.IFF_UP + self.harness.char_dev.close() + self.harness.start() + + def test_UpDown(self): + self.harness.interface.flags |= InterfaceHarness.IFF_UP + self.assertEquals(InterfaceHarness.IFF_UP, + self.harness.interface.flags & InterfaceHarness.IFF_UP) + self.harness.interface.flags &= ~InterfaceHarness.IFF_UP + self.assertEquals(0, + self.harness.interface.flags & InterfaceHarness.IFF_UP) + + def test_NetmaskAFFix(self): + self.harness.interface.addIfAddr(local = self.harness.addr.sa_local, + dst = self.harness.addr.sa_dst, + mask = SockaddrIn(af = 0, addr = self.harness.addr.mask)) + for addr in self.harness.interface.getAddrs(socket.AF_INET): + if addr[1] == self.harness.addr.sa_mask: + return; + self.fail() + + def test_Address(self): + self.harness.interface.addIfAddr(local = self.harness.addr.sa_local, + dst = self.harness.addr.sa_dst, + mask = self.harness.addr.sa_mask) + for addr in self.harness.interface.getAddrs(socket.AF_INET): + if (addr[0] == self.harness.addr.sa_local and + addr[1] == self.harness.addr.sa_mask and + addr[2] == self.harness.addr.sa_dst): + return + self.fail() + + def test_Address6(self): + def compare(expected, actual): + return (expected or SockaddrIn6(af = 0, addr = None)) == actual + + self.harness.interface.addIfAddr6(local = self.harness.addr6.sa_local, + dst = self.harness.addr6.sa_dst, + mask = self.harness.addr6.sa_mask) + for addr in self.harness.interface.getAddrs(socket.AF_INET6): + if (compare(addr[0], self.harness.addr6.sa_local) and + compare(addr[1], self.harness.addr6.sa_mask) and + compare(addr[2], self.harness.addr6.sa_dst)): + return + self.fail() + + +class TestTunInterface(TestInterface): + + def __init__(self, name): + super(TestTunInterface, self).__init__(name, TunHarness()) + + def test_Flags(self): + self.assertEquals(InterfaceHarness.IFF_POINTOPOINT | + InterfaceHarness.IFF_RUNNING | + InterfaceHarness.IFF_SIMPLEX | + InterfaceHarness.IFF_MULTICAST, + self.harness.interface.flags) + + +class TestTapInterface(TestInterface): + + def __init__(self, name): + super(TestTapInterface, self).__init__(name, TapHarness()) + + def test_Flags(self): + self.assertEquals(InterfaceHarness.IFF_BROADCAST | + InterfaceHarness.IFF_RUNNING | + InterfaceHarness.IFF_SIMPLEX | + InterfaceHarness.IFF_MULTICAST, + self.harness.interface.flags) + + def test_SetLladdr(self): + addr = SockaddrDl(name = '', addr = '\x11\x22\x33\x44\x55\x66', type = 0) + self.harness.interface.lladdr = addr + self.assertEquals(addr.addr, self.harness.interface.lladdr.addr) diff --git a/test/tuntap/test_ip.py b/test/tuntap/test_ip.py new file mode 100644 index 0000000..7043860 --- /dev/null +++ b/test/tuntap/test_ip.py @@ -0,0 +1,234 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import functools +import socket +import struct +from unittest import TestCase + +from tuntap.packet import IPv4Packet, IPv6Packet, UDPPacket +from tuntap.packet_codec import TapPacketCodec +from tuntap.packet_reader import SelectPacketSource + +class TestIO(TestCase): + + def __init__(self, name, af, listenAddress, codec): + super(TestIO, self).__init__(name) + self._codec = codec(af, listenAddress); + + def __str__(self): + return '%s [%s]' % (super(TestIO, self).__str__(), str(self._codec)) + + def setUp(self): + super(TestIO, self).setUp() + self._codec.start() + + def tearDown(self): + self._codec.stop() + super(TestIO, self).tearDown() + + +class TestIp(TestIO): + + def __init__(self, name, codec): + super(TestIp, self).__init__(name, socket.AF_INET, None, codec) + + def test_Send(self): + payload = 'knock, knock!' + port = 12345 + self._codec.sendUDP(payload, (self._codec.addr.remote, port)) + self._codec.expectPacket( + { 'version': 4, + 'src': socket.inet_pton(self._codec.af, self._codec.addr.local), + 'dst': socket.inet_pton(self._codec.af, self._codec.addr.remote), + 'proto': IPv4Packet.PROTO_UDP, + 'payload': { 'dst': port, + 'payload': payload } }) + self.assertTrue(self._codec.runPacket()) + + def test_Recv(self): + srcport = 23456 + payload = 'who\'s there?' + packet = IPv4Packet(proto = IPv4Packet.PROTO_UDP, + src = socket.inet_pton(self._codec.af, self._codec.addr.remote), + dst = socket.inet_pton(self._codec.af, self._codec.addr.local), + payload = UDPPacket(src = srcport, + dst = self._codec.UDPPort, + payload = payload)) + self._codec.sendPacket(packet.encode()) + self._codec.expectUDP(payload) + self.assertTrue(self._codec.runUDP()) + + def test_RecvMTUSize(self): + # Send a payload that's just within the MTU limit. + payload = '\xff' * (self._codec._harness.interface.mtu - + IPv4Packet().headerLen - UDPPacket().headerLen) + srcport = 23456 + packet = IPv4Packet(proto = IPv4Packet.PROTO_UDP, + src = socket.inet_pton(self._codec.af, self._codec.addr.remote), + dst = socket.inet_pton(self._codec.af, self._codec.addr.local), + payload = UDPPacket(src = srcport, + dst = self._codec.UDPPort, + payload = payload)) + assert len(packet.encode()) == self._codec._harness.interface.mtu + self._codec.sendPacket(packet.encode()) + self._codec.expectUDP(payload) + self.assertTrue(self._codec.runUDP()) + + +class TestIp6(TestIO): + + def __init__(self, name, codec): + super(TestIp6, self).__init__(name, socket.AF_INET6, None, codec) + + def test_Send(self): + payload = 'knock, knock!' + port = 12345 + self._codec.sendUDP(payload, (self._codec.addr.remote, port)) + self._codec.expectPacket( + { 'version': 6, + 'src': socket.inet_pton(self._codec.af, self._codec.addr.local), + 'dst': socket.inet_pton(self._codec.af, self._codec.addr.remote), + 'proto': IPv6Packet.PROTO_UDP, + 'payload': { 'dst': port, + 'payload': payload } }) + self.assertTrue(self._codec.runPacket()) + + def test_Recv(self): + srcport = 23456 + payload = 'who\'s there?' + packet = IPv6Packet(proto = IPv6Packet.PROTO_UDP, + src = socket.inet_pton(self._codec.af, self._codec.addr.remote), + dst = socket.inet_pton(self._codec.af, self._codec.addr.local), + payload = UDPPacket(src = srcport, + dst = self._codec.UDPPort, + payload = payload)) + self._codec.sendPacket(packet.encode()) + self._codec.expectUDP(payload) + self.assertTrue(self._codec.runUDP()) + + +class TestMulticast(TestIO): + + MULTICAST_GROUP = '224.1.2.3' + + def __init__(self, name, codec): + super(TestMulticast, self).__init__(name, socket.AF_INET, TestMulticast.MULTICAST_GROUP, + codec) + + def setUp(self): + super(TestMulticast, self).setUp() + mreq = struct.pack('4s4s', + socket.inet_pton(self._codec.af, TestMulticast.MULTICAST_GROUP), + socket.inet_pton(self._codec.af, self._codec.addr.local)) + self._codec._recvSock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq) + self._codec._sendSock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 1) + self._codec._sendSock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_IF, + socket.inet_pton(self._codec.af, self._codec.addr.local)) + + def test_Send(self): + payload = 'knock, knock!' + port = 12345 + self._codec.sendUDP(payload, (TestMulticast.MULTICAST_GROUP, port)) + self._codec.expectPacket( + { 'version': 4, + 'src': socket.inet_pton(self._codec.af, self._codec.addr.local), + 'dst': socket.inet_pton(self._codec.af, TestMulticast.MULTICAST_GROUP), + 'proto': IPv4Packet.PROTO_UDP, + 'payload': { 'dst': port, + 'payload': payload } }) + self.assertTrue(self._codec.runPacket()) + + def test_Recv(self): + srcport = 23456 + payload = 'who\'s there?' + packet = IPv4Packet(proto = IPv4Packet.PROTO_UDP, + src = socket.inet_pton(self._codec.af, self._codec.addr.remote), + dst = socket.inet_pton(self._codec.af, TestMulticast.MULTICAST_GROUP), + payload = UDPPacket(src = srcport, + dst = self._codec.UDPPort, + payload = payload)) + self._codec.sendPacket(packet.encode()) + self._codec.expectUDP(payload) + self.assertTrue(self._codec.runUDP()) + + +class TestMulticast6(TestIO): + + MULTICAST_GROUP = 'ff05::114' + + def __init__(self, name, codec): + super(TestMulticast6, self).__init__(name, socket.AF_INET6, TestMulticast6.MULTICAST_GROUP, + codec) + + def setUp(self): + super(TestMulticast6, self).setUp() + mreq = struct.pack('16sI', + socket.inet_pton(self._codec.af, TestMulticast6.MULTICAST_GROUP), + self._codec._harness.interface.index) + self._codec._recvSock.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_JOIN_GROUP, mreq) + self._codec._sendSock.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_HOPS, 1) + self._codec._sendSock.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_MULTICAST_IF, + self._codec._harness.interface.index) + + def test_Send(self): + payload = 'knock, knock!' + port = 12345 + self._codec.sendUDP(payload, (TestMulticast6.MULTICAST_GROUP, port)) + self._codec.expectPacket( + { 'version': 6, + 'dst': socket.inet_pton(self._codec.af, TestMulticast6.MULTICAST_GROUP), + 'proto': IPv6Packet.PROTO_UDP, + 'payload': { 'dst': port, + 'payload': payload } }) + self.assertTrue(self._codec.runPacket()) + + def test_Recv(self): + srcport = 23456 + payload = 'who\'s there?' + packet = IPv6Packet(proto = IPv6Packet.PROTO_UDP, + src = socket.inet_pton(self._codec.af, self._codec.addr.remote), + dst = socket.inet_pton(self._codec.af, TestMulticast6.MULTICAST_GROUP), + payload = UDPPacket(src = srcport, + dst = self._codec.UDPPort, + payload = payload)) + self._codec.sendPacket(packet.encode()) + self._codec.expectUDP(payload) + self.assertTrue(self._codec.runUDP()) + + +class TestTapLladdr(TestIp): + + def __init__(self, name): + super(TestTapLladdr, self).__init__(name, + lambda af, addr: TapPacketCodec(af, addr, + SelectPacketSource)) + + def setUp(self): + super(TestTapLladdr, self).setUp() + + # Swap out the link-level address with a different address. + lladdr = self._codec._harness.interface.lladdr + mac_addr = list(lladdr.addr) + mac_addr[5] = chr(ord(mac_addr[5]) ^ 0xff) + lladdr.addr = ''.join(mac_addr) + self._codec._harness.interface.lladdr = lladdr diff --git a/test/tuntap/tun_tap_harness.py b/test/tuntap/tun_tap_harness.py new file mode 100644 index 0000000..cb07638 --- /dev/null +++ b/test/tuntap/tun_tap_harness.py @@ -0,0 +1,96 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import errno +import socket + +from tuntap.char_dev_harness import TunCharDevHarness, TapCharDevHarness +from tuntap.interface_harness import Address, InterfaceHarness +import tuntap.route + +class TunTapHarness(object): + + def __init__(self, name, newCharDevHarness, addr, addr6): + self._newCharDevHarness = newCharDevHarness + self.name = name + self.addr = addr + self.addr6 = addr6 + + def start(self): + self.char_dev = self._newCharDevHarness() + self.char_dev.open() + self.interface = InterfaceHarness(self.name, self.char_dev.unit) + + def up(self): + self.interface.addIfAddr(local = self.addr.sa_local, + dst = self.addr.sa_dst, + mask = self.addr.sa_mask) + self.interface.addIfAddr6(local = self.addr6.sa_local, + dst = self.addr6.sa_dst, + mask = self.addr6.sa_mask) + + # Lion automatically creates routes for IPv6 addresses, earlier versions don't. + try: + tuntap.route.addNet(dst = self.addr6.sa_remote, + netmask = self.addr6.sa_mask, + interface = self.interface.lladdr) + except IOError as e: + if e.errno != errno.EEXIST: + raise e + + self.interface.flags |= InterfaceHarness.IFF_UP + + def stop(self): + self.interface.flags &= ~InterfaceHarness.IFF_UP + self.char_dev.close() + + +class TunHarness(TunTapHarness): + + def __init__(self, + addr = Address(af = socket.AF_INET, + local = '10.0.0.1', + remote = '10.0.0.2', + dst = '10.0.0.2', + mask = '255.255.255.255'), + addr6 = Address(af = socket.AF_INET6, + local = 'fd00::1', + remote = 'fd00::2', + dst = 'fd00::2', + mask = 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff')): + super(TunHarness, self).__init__('tun', TunCharDevHarness, addr, addr6) + + +class TapHarness(TunTapHarness): + + def __init__(self, + addr = Address(af = socket.AF_INET, + local = '10.0.0.1', + remote = '10.0.0.2', + dst = '10.255.255.255', + mask = '255.0.0.0'), + addr6 = Address(af = socket.AF_INET6, + local = 'fd00::1', + remote = 'fd00::2', + dst = None, + mask = 'ffff:ffff:ffff:ffff::0')): + super(TapHarness, self).__init__('tap', TapCharDevHarness, addr, addr6) diff --git a/test/tuntap/tun_tap_test_case.py b/test/tuntap/tun_tap_test_case.py new file mode 100644 index 0000000..28edc46 --- /dev/null +++ b/test/tuntap/tun_tap_test_case.py @@ -0,0 +1,40 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +from unittest import TestCase + +class TunTapTestCase(TestCase): + + def __init__(self, name, harness): + super(TunTapTestCase, self).__init__(name) + self.harness = harness + + def __str__(self): + return '%s [%s]' % (super(TunTapTestCase, self).__str__(), + self.harness.__class__.__name__) + + def setUp(self): + self.harness.start() + self.harness.up() + + def tearDown(self): + self.harness.stop() diff --git a/test/tuntap/tuntap_tests.py b/test/tuntap/tuntap_tests.py new file mode 100644 index 0000000..fb5a431 --- /dev/null +++ b/test/tuntap/tuntap_tests.py @@ -0,0 +1,83 @@ +# Copyright (c) 2011 Mattias Nissler <mattias.nissler@gmx.de> +# +# Redistribution and use in source and binary forms, with or without modification, are permitted +# provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of +# conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of +# conditions and the following disclaimer in the documentation and/or other materials provided +# with the distribution. +# 3. The name of the author may not be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +import argparse +import itertools +import re +import sys +import unittest + +from tuntap.packet_codec import TunPacketCodec, TunAFPacketCodec, TapPacketCodec +from tuntap.packet_reader import BlockingPacketSource, SelectPacketSource + +from tuntap.test_char_dev import TestTunCharDev, TestTapCharDev +from tuntap.test_interface import TestTunInterface, TestTapInterface +from tuntap.test_ip import TestIp, TestIp6, TestMulticast, TestMulticast6, TestTapLladdr + +class FilteringTestSuite(unittest.TestSuite): + + def __init__(self, filter): + super(FilteringTestSuite, self).__init__() + self._matcher = re.compile(filter or '.*') + + def __iter__(self): + return itertools.ifilter(lambda test : self._matcher.search(str(test)), + super(FilteringTestSuite, self).__iter__()) + +def loadTestsFromTestCase(testCaseClass, *args, **kwargs): + testCaseNames = unittest.getTestCaseNames(testCaseClass, 'test_') + return unittest.TestSuite(map(lambda n : testCaseClass(n, *args, **kwargs), testCaseNames)) + +def main(argv): + # Parse the command line. + parser = argparse.ArgumentParser(description = 'Run tuntap unit tests.') + parser.add_argument('--tests', type = str, nargs = '?', default = None, + help = 'tests to run') + parser.add_argument('--verbosity', type = int, nargs = '?', default = 2, + help = 'verbosity level') + options = parser.parse_args(argv[1:]) + + # Gather tests and run them. + loader = unittest.TestLoader() + suite = FilteringTestSuite(options.tests) + suite.addTests(loadTestsFromTestCase(TestTunCharDev)) + suite.addTests(loadTestsFromTestCase(TestTapCharDev)) + suite.addTests(loadTestsFromTestCase(TestTunInterface)) + suite.addTests(loadTestsFromTestCase(TestTapInterface)) + + codecs = (TunPacketCodec, TunAFPacketCodec, TapPacketCodec) + sources = (SelectPacketSource, BlockingPacketSource) + tests = (TestIp, TestIp6, TestMulticast, TestMulticast6) + for (test, codec, source) in [ (test, codec, source) for test in tests + for codec in codecs + for source in sources ]: + suite.addTests(loadTestsFromTestCase(test, lambda af, addr: codec(af, addr, source))) + + suite.addTests(loadTestsFromTestCase(TestTapLladdr)) + + runner = unittest.TextTestRunner(stream = sys.stderr, + descriptions = True, + verbosity = options.verbosity) + runner.run(suite) + +if __name__ == '__main__': + main(sys.argv) |
