1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
.\" $OpenBSD: tun.4,v 1.47 2024/11/15 00:32:04 jsg Exp $
.\"
.\" Copyright (c) 2003 Marcus D. Watts All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, and the entire permission notice in its entirety,
.\" including the disclaimer of warranties.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote
.\" products derived from this software without specific prior
.\" written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
.\" MARCUS D. WATTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
.\" OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
.\" TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
.\" USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: November 15 2024 $
.Dt TUN 4
.Os
.Sh NAME
.Nm tun ,
.Nm tap
.Nd network tunnel pseudo-device
.Sh SYNOPSIS
.Cd "pseudo-device tun"
.Pp
.In sys/types.h
.In net/if_tun.h
.Sh DESCRIPTION
The
.Nm tun
pseudo-device driver provides character special devices for
communicating with the kernel network stack via the
.Nm tun
and
.Nm tap
network interfaces.
Packets sent to these interfaces can be read from the device special
file by a userland process and processed as desired.
Packets written to the device special file by the userland process
are injected back into the kernel networking subsystem.
.Pp
.Nm tun
and
.Nm tap
interfaces can be created at runtime using the
.Ic ifconfig iface Ns Ar N Ic create
command, or by opening the character special devices
.Pa /dev/tunN
or
.Pa /dev/tapN
respectively.
.Pp
The minor number of the device special files are associated with
the unit number of the network interfaces.
.Pp
Each device has an exclusive open property: it cannot be opened
if it is already open and in use by another process.
On the last close of the device all queued packets are discarded.
If the device was created by opening a device special file
it will be automatically destroyed.
The last close of a device special file associated with an interface
created via
.Xr ifconfig 8
will be marked as not running and traffic sent out the will be dropped.
.Pp
Each read returns at most one packet; if insufficient
buffer space is provided, the packet is truncated.
Each write supplies exactly one packet.
Writes never block.
If the protocol queue is full, the packet is dropped, a
.Dq collision
is counted, and
.Er ENOBUFS
is returned.
.Pp
The following
.Xr ioctl 2
special commands defined in
.In net/if_tun.h
are supported:
.Pp
.Bl -tag -width indent -compact
.It Dv TUNGIFINFO Fa "struct tuninfo *"
.It Dv TUNSIFINFO Fa "struct tuninfo *"
Get or set the interface characteristics.
.Bd -literal
/* iface info */
struct tuninfo {
u_int mtu;
u_short type;
u_short flags;
u_int baudrate;
};
.Ed
.Pp
.Va flags
and
.Va type
are set by the kernel when an interface is created,
and must be set to the same values that the kernel provided.
.Pp
.It Dv TUNSIFMODE Fa int *
is provided for backwards compatibility.
The flags set must match what the kernel initialised them to.
.El
.Pp
The generic ioctls
.Dv FIONREAD ,
.Dv FIONBIO ,
.Dv FIOASYNC ,
.Dv FIOSETOWN ,
.Dv FIOGETOWN
are also supported.
.Ss Point-to-Point Layer 3 tunnel interface (tun)
Each packet read from or written to a
.Nm tun
interface is prefixed with a tunnel header consisting of
a 4-byte network byte order integer containing the address family of
the packet.
.Nm tun
supports
.Dv AF_INET ,
.Dv AF_INET6 ,
and
.Dv AF_MPLS
packets.
.Ss Ethernet tunnel interface (tap)
Each packet read from or written to a
.Nm tap
interface is an Ethernet packet.
The Ethernet CRC at the end of the frame is not required.
.Pp
The device special files for
.Nm tap
interfaces support the following additional
.Xr ioctl 2
commands:
.Pp
.Bl -tag -width indent -compact
.It Dv SIOCGIFADDR Fa uint8_t Ns [ETHER_ADDR_LEN]
.It Dv SIOCSIFADDR Fa uint8_t Ns [ETHER_ADDR_LEN]
Get or set the link layer address (MAC address) of the interface.
.El
.Sh FILES
.Bl -tag -width /dev/tun* -compact
.It Pa /dev/tun*
.It Pa /dev/tap*
.El
.Sh ERRORS
If open fails,
.Xr errno 2
may be set to one of:
.Bl -tag -width Er
.It Bq Er ENXIO
Not that many devices configured.
.\" The associated interface existed, but is being destroyed.
.It Bq Er EBUSY
Device was already open.
.El
.Pp
If a
.Xr write 2
call fails,
.Xr errno 2
is set to one of:
.Bl -tag -width Er
.It Bq Er EMSGSIZE
The packet supplied was too small or too large.
The maximum sized packet allowed is currently 16384 bytes.
.It Bq Er ENOMEM
There were no mbufs.
.\" .It Bq Er ENOBUFS
.\" The queue for the outgoing protocol is full.
.El
.Pp
.Xr ioctl 2
commands may fail with:
.Bl -tag -width Er
.It Bq Er EINVAL
Invalid parameters were specified.
.It Bq Er ENOTTY
Unrecognized ioctl command.
.El
.Pp
A
.Xr read 2
call may fail because of:
.Bl -tag -width Er
.It Bq Er EIO
The associated interface has been destroyed.
.It Bq Er EWOULDBLOCK
Non-blocking I/O was selected and no packets were available.
.El
.Sh SEE ALSO
.Xr ioctl 2 ,
.Xr inet 4 ,
.Xr intro 4 ,
.Xr netintro 4 ,
.Xr hostname.if 5 ,
.Xr ifconfig 8 ,
.Xr netstart 8
.Sh HISTORY
.Nm tun
interfaces originally supported both Layer 3 and Ethernet packets
by reconfiguring the type of interface with
.Dv TUNSIFINFO .
Ethernet packet support was split into the separate
.Nm tap
interface in
.Ox 5.9 .
.Sh AUTHORS
.Nm tun
was written by
.An Julian Onions Aq Mt Julian.Onions@nexor.co.uk
at Nottingham University.
.Pp
The
.Nm tap
interface functionality was written by
.An Claudio Jeker Aq Mt claudio@openbsd.org .
|
