]>
Commit | Line | Data |
---|---|---|
580fbd88 DW |
1 | /* |
2 | * iptunnel.c "ip tuntap" | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version | |
7 | * 2 of the License, or (at your option) any later version. | |
8 | * | |
9 | * Authors: David Woodhouse <David.Woodhouse@intel.com> | |
10 | * | |
11 | */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <string.h> | |
16 | #include <unistd.h> | |
17 | #include <sys/types.h> | |
18 | #include <sys/socket.h> | |
19 | #include <arpa/inet.h> | |
20 | #include <sys/ioctl.h> | |
21 | #include <linux/if.h> | |
22 | #include <linux/if_tun.h> | |
8960d45f | 23 | #include <linux/if_arp.h> |
580fbd88 DW |
24 | #include <pwd.h> |
25 | #include <grp.h> | |
26 | #include <fcntl.h> | |
27 | #include <dirent.h> | |
28 | #include <errno.h> | |
567e6960 | 29 | #include <glob.h> |
580fbd88 DW |
30 | |
31 | #include "rt_names.h" | |
32 | #include "utils.h" | |
33 | #include "ip_common.h" | |
34 | ||
8960d45f SP |
35 | static const char drv_name[] = "tun"; |
36 | ||
580fbd88 DW |
37 | #define TUNDEV "/dev/net/tun" |
38 | ||
39 | static void usage(void) __attribute__((noreturn)); | |
40 | ||
41 | static void usage(void) | |
42 | { | |
56f5daac | 43 | fprintf(stderr, "Usage: ip tuntap { add | del | show | list | lst | help } [ dev PHYS_DEV ]\n"); |
580fbd88 | 44 | fprintf(stderr, " [ mode { tun | tap } ] [ user USER ] [ group GROUP ]\n"); |
113fab78 | 45 | fprintf(stderr, " [ one_queue ] [ pi ] [ vnet_hdr ] [ multi_queue ] [ name NAME ]\n"); |
580fbd88 DW |
46 | fprintf(stderr, "\n"); |
47 | fprintf(stderr, "Where: USER := { STRING | NUMBER }\n"); | |
48 | fprintf(stderr, " GROUP := { STRING | NUMBER }\n"); | |
49 | exit(-1); | |
50 | } | |
51 | ||
52 | static int tap_add_ioctl(struct ifreq *ifr, uid_t uid, gid_t gid) | |
53 | { | |
1313ceb4 | 54 | int fd; |
580fbd88 DW |
55 | int ret = -1; |
56 | ||
57 | #ifdef IFF_TUN_EXCL | |
58 | ifr->ifr_flags |= IFF_TUN_EXCL; | |
59 | #endif | |
60 | ||
61 | fd = open(TUNDEV, O_RDWR); | |
62 | if (fd < 0) { | |
63 | perror("open"); | |
64 | return -1; | |
65 | } | |
66 | if (ioctl(fd, TUNSETIFF, ifr)) { | |
67 | perror("ioctl(TUNSETIFF)"); | |
68 | goto out; | |
69 | } | |
70 | if (uid != -1 && ioctl(fd, TUNSETOWNER, uid)) { | |
71 | perror("ioctl(TUNSETOWNER)"); | |
72 | goto out; | |
73 | } | |
74 | if (gid != -1 && ioctl(fd, TUNSETGROUP, gid)) { | |
75 | perror("ioctl(TUNSETGROUP)"); | |
76 | goto out; | |
77 | } | |
78 | if (ioctl(fd, TUNSETPERSIST, 1)) { | |
79 | perror("ioctl(TUNSETPERSIST)"); | |
80 | goto out; | |
81 | } | |
82 | ret = 0; | |
83 | out: | |
84 | close(fd); | |
85 | return ret; | |
86 | } | |
87 | ||
88 | static int tap_del_ioctl(struct ifreq *ifr) | |
89 | { | |
90 | int fd = open(TUNDEV, O_RDWR); | |
91 | int ret = -1; | |
92 | ||
93 | if (fd < 0) { | |
94 | perror("open"); | |
95 | return -1; | |
96 | } | |
97 | if (ioctl(fd, TUNSETIFF, ifr)) { | |
98 | perror("ioctl(TUNSETIFF)"); | |
99 | goto out; | |
100 | } | |
101 | if (ioctl(fd, TUNSETPERSIST, 0)) { | |
102 | perror("ioctl(TUNSETPERSIST)"); | |
103 | goto out; | |
104 | } | |
105 | ret = 0; | |
106 | out: | |
107 | close(fd); | |
108 | return ret; | |
109 | ||
110 | } | |
cc28aad1 SH |
111 | static int parse_args(int argc, char **argv, |
112 | struct ifreq *ifr, uid_t *uid, gid_t *gid) | |
580fbd88 DW |
113 | { |
114 | int count = 0; | |
115 | ||
116 | memset(ifr, 0, sizeof(*ifr)); | |
117 | ||
118 | ifr->ifr_flags |= IFF_NO_PI; | |
119 | ||
120 | while (argc > 0) { | |
121 | if (matches(*argv, "mode") == 0) { | |
122 | NEXT_ARG(); | |
123 | if (matches(*argv, "tun") == 0) { | |
124 | if (ifr->ifr_flags & IFF_TAP) { | |
56f5daac | 125 | fprintf(stderr, "You managed to ask for more than one tunnel mode.\n"); |
580fbd88 DW |
126 | exit(-1); |
127 | } | |
128 | ifr->ifr_flags |= IFF_TUN; | |
129 | } else if (matches(*argv, "tap") == 0) { | |
130 | if (ifr->ifr_flags & IFF_TUN) { | |
56f5daac | 131 | fprintf(stderr, "You managed to ask for more than one tunnel mode.\n"); |
580fbd88 DW |
132 | exit(-1); |
133 | } | |
134 | ifr->ifr_flags |= IFF_TAP; | |
135 | } else { | |
56f5daac | 136 | fprintf(stderr, "Unknown tunnel mode \"%s\"\n", *argv); |
580fbd88 DW |
137 | exit(-1); |
138 | } | |
139 | } else if (uid && matches(*argv, "user") == 0) { | |
140 | char *end; | |
141 | unsigned long user; | |
142 | ||
143 | NEXT_ARG(); | |
144 | if (**argv && ((user = strtol(*argv, &end, 10)), !*end)) | |
145 | *uid = user; | |
146 | else { | |
147 | struct passwd *pw = getpwnam(*argv); | |
56f5daac | 148 | |
580fbd88 DW |
149 | if (!pw) { |
150 | fprintf(stderr, "invalid user \"%s\"\n", *argv); | |
151 | exit(-1); | |
152 | } | |
153 | *uid = pw->pw_uid; | |
154 | } | |
155 | } else if (gid && matches(*argv, "group") == 0) { | |
156 | char *end; | |
157 | unsigned long group; | |
158 | ||
159 | NEXT_ARG(); | |
160 | ||
161 | if (**argv && ((group = strtol(*argv, &end, 10)), !*end)) | |
162 | *gid = group; | |
163 | else { | |
164 | struct group *gr = getgrnam(*argv); | |
56f5daac | 165 | |
580fbd88 DW |
166 | if (!gr) { |
167 | fprintf(stderr, "invalid group \"%s\"\n", *argv); | |
168 | exit(-1); | |
169 | } | |
170 | *gid = gr->gr_gid; | |
171 | } | |
172 | } else if (matches(*argv, "pi") == 0) { | |
173 | ifr->ifr_flags &= ~IFF_NO_PI; | |
174 | } else if (matches(*argv, "one_queue") == 0) { | |
175 | ifr->ifr_flags |= IFF_ONE_QUEUE; | |
176 | } else if (matches(*argv, "vnet_hdr") == 0) { | |
177 | ifr->ifr_flags |= IFF_VNET_HDR; | |
c41e038f SN |
178 | } else if (matches(*argv, "multi_queue") == 0) { |
179 | ifr->ifr_flags |= IFF_MULTI_QUEUE; | |
580fbd88 DW |
180 | } else if (matches(*argv, "dev") == 0) { |
181 | NEXT_ARG(); | |
625df645 PS |
182 | if (get_ifname(ifr->ifr_name, *argv)) |
183 | invarg("\"dev\" not a valid ifname", *argv); | |
580fbd88 DW |
184 | } else { |
185 | if (matches(*argv, "name") == 0) { | |
186 | NEXT_ARG(); | |
187 | } else if (matches(*argv, "help") == 0) | |
188 | usage(); | |
189 | if (ifr->ifr_name[0]) | |
190 | duparg2("name", *argv); | |
625df645 PS |
191 | if (get_ifname(ifr->ifr_name, *argv)) |
192 | invarg("\"name\" not a valid ifname", *argv); | |
580fbd88 DW |
193 | } |
194 | count++; | |
195 | argc--; argv++; | |
196 | } | |
197 | ||
f1a505ac | 198 | if (!(ifr->ifr_flags & TUN_TYPE_MASK)) { |
199 | fprintf(stderr, "You failed to specify a tunnel mode\n"); | |
200 | return -1; | |
201 | } | |
202 | ||
580fbd88 DW |
203 | return 0; |
204 | } | |
205 | ||
206 | ||
207 | static int do_add(int argc, char **argv) | |
208 | { | |
209 | struct ifreq ifr; | |
210 | uid_t uid = -1; | |
211 | gid_t gid = -1; | |
212 | ||
213 | if (parse_args(argc, argv, &ifr, &uid, &gid) < 0) | |
214 | return -1; | |
215 | ||
580fbd88 DW |
216 | return tap_add_ioctl(&ifr, uid, gid); |
217 | } | |
218 | ||
219 | static int do_del(int argc, char **argv) | |
220 | { | |
221 | struct ifreq ifr; | |
222 | ||
223 | if (parse_args(argc, argv, &ifr, NULL, NULL) < 0) | |
224 | return -1; | |
225 | ||
226 | return tap_del_ioctl(&ifr); | |
227 | } | |
228 | ||
580fbd88 DW |
229 | static void print_flags(long flags) |
230 | { | |
231 | if (flags & IFF_TUN) | |
232 | printf(" tun"); | |
233 | ||
234 | if (flags & IFF_TAP) | |
235 | printf(" tap"); | |
236 | ||
237 | if (!(flags & IFF_NO_PI)) | |
238 | printf(" pi"); | |
239 | ||
240 | if (flags & IFF_ONE_QUEUE) | |
241 | printf(" one_queue"); | |
242 | ||
243 | if (flags & IFF_VNET_HDR) | |
244 | printf(" vnet_hdr"); | |
245 | ||
246 | flags &= ~(IFF_TUN|IFF_TAP|IFF_NO_PI|IFF_ONE_QUEUE|IFF_VNET_HDR); | |
247 | if (flags) | |
248 | printf(" UNKNOWN_FLAGS:%lx", flags); | |
249 | } | |
250 | ||
567e6960 HFS |
251 | static char *pid_name(pid_t pid) |
252 | { | |
253 | char *comm; | |
254 | FILE *f; | |
255 | int err; | |
256 | ||
257 | err = asprintf(&comm, "/proc/%d/comm", pid); | |
258 | if (err < 0) | |
259 | return NULL; | |
260 | ||
261 | f = fopen(comm, "r"); | |
262 | free(comm); | |
263 | if (!f) { | |
264 | perror("fopen"); | |
265 | return NULL; | |
266 | } | |
267 | ||
268 | if (fscanf(f, "%ms\n", &comm) != 1) { | |
269 | perror("fscanf"); | |
270 | comm = NULL; | |
271 | } | |
272 | ||
273 | ||
274 | if (fclose(f)) | |
275 | perror("fclose"); | |
276 | ||
277 | return comm; | |
278 | } | |
279 | ||
280 | static void show_processes(const char *name) | |
281 | { | |
282 | glob_t globbuf = { }; | |
283 | char **fd_path; | |
284 | int err; | |
285 | ||
286 | err = glob("/proc/[0-9]*/fd/[0-9]*", GLOB_NOSORT, | |
287 | NULL, &globbuf); | |
288 | if (err) | |
289 | return; | |
290 | ||
291 | fd_path = globbuf.gl_pathv; | |
292 | while (*fd_path) { | |
293 | const char *dev_net_tun = "/dev/net/tun"; | |
294 | const size_t linkbuf_len = strlen(dev_net_tun) + 2; | |
295 | char linkbuf[linkbuf_len], *fdinfo; | |
296 | int pid, fd; | |
297 | FILE *f; | |
298 | ||
299 | if (sscanf(*fd_path, "/proc/%d/fd/%d", &pid, &fd) != 2) | |
300 | goto next; | |
301 | ||
302 | if (pid == getpid()) | |
303 | goto next; | |
304 | ||
305 | err = readlink(*fd_path, linkbuf, linkbuf_len - 1); | |
306 | if (err < 0) { | |
307 | perror("readlink"); | |
308 | goto next; | |
309 | } | |
310 | linkbuf[err] = '\0'; | |
311 | if (strcmp(dev_net_tun, linkbuf)) | |
312 | goto next; | |
313 | ||
314 | if (asprintf(&fdinfo, "/proc/%d/fdinfo/%d", pid, fd) < 0) | |
315 | goto next; | |
316 | ||
317 | f = fopen(fdinfo, "r"); | |
318 | free(fdinfo); | |
319 | if (!f) { | |
320 | perror("fopen"); | |
321 | goto next; | |
322 | } | |
323 | ||
324 | while (!feof(f)) { | |
325 | char *key = NULL, *value = NULL; | |
326 | ||
327 | err = fscanf(f, "%m[^:]: %ms\n", &key, &value); | |
328 | if (err == EOF) { | |
329 | if (ferror(f)) | |
330 | perror("fscanf"); | |
331 | break; | |
332 | } else if (err == 2 && | |
cc28aad1 SH |
333 | !strcmp("iff", key) && |
334 | !strcmp(name, value)) { | |
567e6960 | 335 | char *pname = pid_name(pid); |
cc28aad1 SH |
336 | |
337 | printf(" %s(%d)", pname ? : "<NULL>", pid); | |
567e6960 HFS |
338 | free(pname); |
339 | } | |
340 | ||
341 | free(key); | |
342 | free(value); | |
343 | } | |
344 | if (fclose(f)) | |
345 | perror("fclose"); | |
346 | ||
347 | next: | |
348 | ++fd_path; | |
349 | } | |
350 | ||
351 | globfree(&globbuf); | |
567e6960 HFS |
352 | } |
353 | ||
8960d45f SP |
354 | static int tuntap_filter_req(struct nlmsghdr *nlh, int reqlen) |
355 | { | |
356 | struct rtattr *linkinfo; | |
357 | int err; | |
567e6960 | 358 | |
8960d45f SP |
359 | linkinfo = addattr_nest(nlh, reqlen, IFLA_LINKINFO); |
360 | ||
361 | err = addattr_l(nlh, reqlen, IFLA_INFO_KIND, | |
362 | drv_name, sizeof(drv_name) - 1); | |
363 | if (err) | |
364 | return err; | |
365 | ||
366 | addattr_nest_end(nlh, linkinfo); | |
367 | ||
368 | return 0; | |
369 | } | |
370 | ||
371 | static int print_tuntap(const struct sockaddr_nl *who, | |
372 | struct nlmsghdr *n, void *arg) | |
580fbd88 | 373 | { |
8960d45f SP |
374 | struct ifinfomsg *ifi = NLMSG_DATA(n); |
375 | struct rtattr *tb[IFLA_MAX+1]; | |
376 | struct rtattr *linkinfo[IFLA_INFO_MAX+1]; | |
377 | const char *name, *kind; | |
580fbd88 DW |
378 | long flags, owner = -1, group = -1; |
379 | ||
8960d45f SP |
380 | if (n->nlmsg_type != RTM_NEWLINK && n->nlmsg_type != RTM_DELLINK) |
381 | return 0; | |
382 | ||
383 | if (n->nlmsg_len < NLMSG_LENGTH(sizeof(*ifi))) | |
580fbd88 | 384 | return -1; |
8960d45f SP |
385 | |
386 | switch (ifi->ifi_type) { | |
387 | case ARPHRD_NONE: | |
388 | case ARPHRD_ETHER: | |
389 | break; | |
390 | default: | |
391 | return 0; | |
580fbd88 | 392 | } |
8960d45f SP |
393 | |
394 | parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), IFLA_PAYLOAD(n)); | |
395 | ||
396 | if (!tb[IFLA_IFNAME]) | |
397 | return 0; | |
398 | ||
399 | if (!tb[IFLA_LINKINFO]) | |
400 | return 0; | |
401 | ||
402 | parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb[IFLA_LINKINFO]); | |
403 | ||
404 | if (!linkinfo[IFLA_INFO_KIND]) | |
405 | return 0; | |
406 | ||
407 | kind = rta_getattr_str(linkinfo[IFLA_INFO_KIND]); | |
408 | if (strcmp(kind, drv_name)) | |
409 | return 0; | |
410 | ||
411 | name = rta_getattr_str(tb[IFLA_IFNAME]); | |
412 | ||
413 | if (read_prop(name, "tun_flags", &flags)) | |
414 | return 0; | |
415 | if (read_prop(name, "owner", &owner)) | |
416 | return 0; | |
417 | if (read_prop(name, "group", &group)) | |
418 | return 0; | |
419 | ||
420 | printf("%s:", name); | |
421 | print_flags(flags); | |
422 | if (owner != -1) | |
423 | printf(" user %ld", owner); | |
424 | if (group != -1) | |
425 | printf(" group %ld", group); | |
426 | fputc('\n', stdout); | |
427 | if (show_details) { | |
428 | printf("\tAttached to processes:"); | |
429 | show_processes(name); | |
430 | fputc('\n', stdout); | |
580fbd88 | 431 | } |
8960d45f SP |
432 | |
433 | return 0; | |
434 | } | |
435 | ||
436 | static int do_show(int argc, char **argv) | |
437 | { | |
438 | if (rtnl_wilddump_req_filter_fn(&rth, AF_UNSPEC, RTM_GETLINK, | |
439 | tuntap_filter_req) < 0) { | |
440 | perror("Cannot send dump request\n"); | |
441 | return -1; | |
442 | } | |
443 | ||
444 | if (rtnl_dump_filter(&rth, print_tuntap, NULL) < 0) { | |
445 | fprintf(stderr, "Dump terminated\n"); | |
446 | return -1; | |
447 | } | |
448 | ||
580fbd88 DW |
449 | return 0; |
450 | } | |
451 | ||
452 | int do_iptuntap(int argc, char **argv) | |
453 | { | |
454 | if (argc > 0) { | |
455 | if (matches(*argv, "add") == 0) | |
456 | return do_add(argc-1, argv+1); | |
6e30461e | 457 | if (matches(*argv, "delete") == 0) |
580fbd88 DW |
458 | return do_del(argc-1, argv+1); |
459 | if (matches(*argv, "show") == 0 || | |
56f5daac SH |
460 | matches(*argv, "lst") == 0 || |
461 | matches(*argv, "list") == 0) | |
462 | return do_show(argc-1, argv+1); | |
580fbd88 DW |
463 | if (matches(*argv, "help") == 0) |
464 | usage(); | |
465 | } else | |
466 | return do_show(0, NULL); | |
467 | ||
468 | fprintf(stderr, "Command \"%s\" is unknown, try \"ip tuntap help\".\n", | |
469 | *argv); | |
470 | exit(-1); | |
471 | } | |
118eda77 SD |
472 | |
473 | static void print_owner(FILE *f, uid_t uid) | |
474 | { | |
475 | struct passwd *pw = getpwuid(uid); | |
476 | ||
477 | if (pw) | |
7ba0a77b | 478 | print_string(PRINT_ANY, "user", "user %s ", pw->pw_name); |
118eda77 | 479 | else |
7ba0a77b | 480 | print_uint(PRINT_ANY, "user", "user %u ", uid); |
118eda77 SD |
481 | } |
482 | ||
483 | static void print_group(FILE *f, gid_t gid) | |
484 | { | |
485 | struct group *group = getgrgid(gid); | |
486 | ||
487 | if (group) | |
7ba0a77b | 488 | print_string(PRINT_ANY, "group", "group %s ", group->gr_name); |
118eda77 | 489 | else |
7ba0a77b | 490 | print_uint(PRINT_ANY, "group", "group %u ", gid); |
118eda77 SD |
491 | } |
492 | ||
493 | static void print_mq(FILE *f, struct rtattr *tb[]) | |
494 | { | |
495 | if (!tb[IFLA_TUN_MULTI_QUEUE] || | |
7ba0a77b SD |
496 | !rta_getattr_u8(tb[IFLA_TUN_MULTI_QUEUE])) { |
497 | if (is_json_context()) | |
498 | print_bool(PRINT_JSON, "multi_queue", NULL, false); | |
118eda77 | 499 | return; |
7ba0a77b | 500 | } |
118eda77 | 501 | |
7ba0a77b | 502 | print_bool(PRINT_ANY, "multi_queue", "multi_queue ", true); |
118eda77 SD |
503 | |
504 | if (tb[IFLA_TUN_NUM_QUEUES]) { | |
7ba0a77b SD |
505 | print_uint(PRINT_ANY, "numqueues", "numqueues %u ", |
506 | rta_getattr_u32(tb[IFLA_TUN_NUM_QUEUES])); | |
118eda77 SD |
507 | } |
508 | ||
509 | if (tb[IFLA_TUN_NUM_DISABLED_QUEUES]) { | |
7ba0a77b SD |
510 | print_uint(PRINT_ANY, "numdisabled", "numdisabled %u ", |
511 | rta_getattr_u32(tb[IFLA_TUN_NUM_DISABLED_QUEUES])); | |
118eda77 SD |
512 | } |
513 | } | |
514 | ||
515 | static void print_onoff(FILE *f, const char *flag, __u8 val) | |
516 | { | |
7ba0a77b SD |
517 | if (is_json_context()) |
518 | print_bool(PRINT_JSON, flag, NULL, !!val); | |
519 | else | |
520 | fprintf(f, "%s %s ", flag, val ? "on" : "off"); | |
521 | } | |
522 | ||
523 | static void print_type(FILE *f, __u8 type) | |
524 | { | |
525 | SPRINT_BUF(buf); | |
526 | const char *str = buf; | |
527 | ||
528 | if (type == IFF_TUN) | |
529 | str = "tun"; | |
530 | else if (type == IFF_TAP) | |
531 | str = "tap"; | |
532 | else | |
533 | snprintf(buf, sizeof(buf), "UNKNOWN:%hhu", type); | |
534 | ||
535 | print_string(PRINT_ANY, "type", "type %s ", str); | |
118eda77 SD |
536 | } |
537 | ||
538 | static void tun_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) | |
539 | { | |
540 | if (!tb) | |
541 | return; | |
542 | ||
7ba0a77b SD |
543 | if (tb[IFLA_TUN_TYPE]) |
544 | print_type(f, rta_getattr_u8(tb[IFLA_TUN_TYPE])); | |
118eda77 SD |
545 | |
546 | if (tb[IFLA_TUN_PI]) | |
547 | print_onoff(f, "pi", rta_getattr_u8(tb[IFLA_TUN_PI])); | |
548 | ||
549 | if (tb[IFLA_TUN_VNET_HDR]) { | |
550 | print_onoff(f, "vnet_hdr", | |
551 | rta_getattr_u8(tb[IFLA_TUN_VNET_HDR])); | |
552 | } | |
553 | ||
554 | print_mq(f, tb); | |
555 | ||
556 | if (tb[IFLA_TUN_PERSIST]) | |
557 | print_onoff(f, "persist", rta_getattr_u8(tb[IFLA_TUN_PERSIST])); | |
558 | ||
559 | if (tb[IFLA_TUN_OWNER]) | |
560 | print_owner(f, rta_getattr_u32(tb[IFLA_TUN_OWNER])); | |
561 | ||
562 | if (tb[IFLA_TUN_GROUP]) | |
563 | print_group(f, rta_getattr_u32(tb[IFLA_TUN_GROUP])); | |
564 | } | |
565 | ||
566 | struct link_util tun_link_util = { | |
567 | .id = "tun", | |
568 | .maxattr = IFLA_TUN_MAX, | |
569 | .print_opt = tun_print_opt, | |
570 | }; |