├── tapUtils.h ├── .gitignore ├── ExampleVPN ├── README ├── IPSpaceManager │ └── ipSpaceHandler.go ├── network.go └── main.go ├── clienttest └── main.go ├── LICENSE ├── servertest └── main.go ├── README.md ├── tap.go └── tapUtils.c /tapUtils.h: -------------------------------------------------------------------------------- 1 | #ifndef _TAPUTILS_H_ 2 | #define _TAPUTILS_H_ 3 | 4 | int StartTap(char *name); 5 | int StopTap(int sock, char* name); 6 | int AddTapToBridge(char* bridge, char* tap); 7 | int RemoveTapFromBridge(char* bridge, char* tap); 8 | int CreateBridge(char* bridge); 9 | int DeleteBridge(char* bridge); 10 | int CheckBridge(char* bridge); 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects) 2 | *.o 3 | *.a 4 | *.so 5 | 6 | # Folders 7 | _obj 8 | _test 9 | 10 | # Architecture specific extensions/prefixes 11 | *.[568vq] 12 | [568vq].out 13 | 14 | *.cgo1.go 15 | *.cgo2.c 16 | _cgo_defun.c 17 | _cgo_gotypes.go 18 | _cgo_export.* 19 | 20 | _testmain.go 21 | 22 | *.exe 23 | *.test 24 | *.prof 25 | -------------------------------------------------------------------------------- /ExampleVPN/README: -------------------------------------------------------------------------------- 1 | ***IMPORTANT*** ***IMPORTANT*** ***IMPORTANT*** 2 | ***IMPORTANT*** ***IMPORTANT*** ***IMPORTANT*** 3 | 4 | THIS IS NOT A SECURE VPN SOLUTION. DO NOT USE THIS FOR MISSION CRITICAL ANYTHING!!!! 5 | 6 | Secure network comms is hard. Secure authentication is even harder. 7 | Crypto implementation is really damn hard. None of this has been vetted. 8 | 9 | For example use of the TunTap system ONLY. 10 | -------------------------------------------------------------------------------- /clienttest/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "log" 7 | "net" 8 | tap "github.com/traetox/goTunTap" 9 | ) 10 | 11 | var ( 12 | br = flag.String("br", "br0", "bridge to create and drop taps into") 13 | tp = flag.String("tp", "tap0", "Tap to create for link") 14 | remote = flag.String("s", "10.0.0.1:9999", "String for server") 15 | ) 16 | 17 | func init() { 18 | flag.Parse() 19 | if *br == "" || *tp == "" || *remote == "" { 20 | log.Fatal("Invalid parameters") 21 | } 22 | } 23 | 24 | func main() { 25 | conn, err := net.Dial("tcp", *remote) 26 | if err != nil { 27 | log.Fatal("Failed to dial server:", err) 28 | } 29 | defer conn.Close() 30 | if err := tap.CreateBridge(*br); err != nil { 31 | log.Fatal("Failed to create bridge", err) 32 | } 33 | t, err := tap.CreateTap(*tp) 34 | if err != nil { 35 | log.Fatal("Failed to create tap manager") 36 | } 37 | if err := t.AddToBridge(*br); err != nil { 38 | log.Fatal("Failed to add tap to bridge", err) 39 | } 40 | if err := t.Relay(conn); err != nil { 41 | log.Fatal("Failed to relay tap connection") 42 | } 43 | fmt.Printf("DONE\n") 44 | } 45 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 traetox 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /ExampleVPN/IPSpaceManager/ipSpaceHandler.go: -------------------------------------------------------------------------------- 1 | package IPSpaceManager 2 | 3 | import ( 4 | "net" 5 | ) 6 | 7 | type IPManager struct { 8 | network net.IPNet 9 | gateway net.IP 10 | dnsA net.IP 11 | dnsB net.IP 12 | allocatedIPs []net.IP 13 | } 14 | 15 | func New(cidr string) (*IPManager) { 16 | x := new(IPManager) 17 | if(x.claimIP(x.GetGateway()) == false) { 18 | return nil 19 | } 20 | return x 21 | } 22 | 23 | func (x* IPManager) SetGateway(gw string) bool { 24 | 25 | return true 26 | } 27 | 28 | func (x* IPManager) SetDNS(a, b string) bool { 29 | 30 | } 31 | 32 | func (x* IPManager) GetGateway() net.IP { 33 | return "" 34 | } 35 | 36 | func (x* IPManager) getFreeIP() (net.IP, error) { 37 | 38 | } 39 | 40 | func (x* IPManager) claimIP(ip net.IP) bool { 41 | 42 | } 43 | 44 | func (x* IPManager) AllocateIP() (net.IP, error) { 45 | var ip net.IP 46 | ipx, err := x.getFreeIP() 47 | if err != nil { 48 | return ip, errors.New("No free IPs") 49 | } 50 | if(x.claimIP(ipx) == false) { 51 | return ip, errors.New("Failed to allocate IP") 52 | } 53 | x.allocatedIPs = append(x.allocatedIPs, ip) 54 | return ip, nil 55 | } 56 | 57 | func (x* IPManager) FreeIP(ip net.IP) bool { 58 | return true 59 | } 60 | -------------------------------------------------------------------------------- /servertest/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "log" 7 | "net" 8 | tap "github.com/traetox/goTunTap" 9 | ) 10 | 11 | var ( 12 | br = flag.String("br", "br0", "bridge to create and drop taps into") 13 | tp = flag.String("tp", "tap0", "Tap to create for link") 14 | port = flag.Int("p", 9999, "listening port") 15 | ) 16 | 17 | func init() { 18 | flag.Parse() 19 | if *br == "" || *tp == "" { 20 | log.Fatal("Invalid parameters") 21 | } 22 | if *port >= 0xffff || *port <= 1024 { 23 | log.Fatal("Invalid listen port") 24 | } 25 | } 26 | 27 | func main() { 28 | if err := tap.CreateBridge(*br); err != nil { 29 | log.Fatal("Failed to create bridge", err) 30 | } 31 | t, err := tap.CreateTap(*tp) 32 | if err != nil { 33 | log.Fatal("Failed to create tap manager") 34 | } 35 | if err := t.AddToBridge(*br); err != nil { 36 | log.Fatal("Failed to add tap to bridge", err) 37 | } 38 | conn, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", *port)) 39 | if err != nil { 40 | log.Fatal("Failed to dial server:", err) 41 | } 42 | defer conn.Close() 43 | 44 | for { 45 | c, err := conn.Accept() 46 | if err != nil { 47 | fmt.Printf("Failed to accept connection: %v\n", err) 48 | continue 49 | } 50 | if err := t.Relay(c); err != nil { 51 | log.Fatal("Failed to relay tap connection") 52 | } 53 | c.Close() 54 | } 55 | fmt.Printf("DONE\n") 56 | } 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # goTunTap 2 | Golang libary for creating, deleting, reading, and writing linux Taps. 3 | 4 | The library also allows for creating and managing bridges. THe goal is 5 | to provide a nice wrapper for creating bridges. 6 | 7 | For example, a layer two tunnel can be created as simply as: 8 | 9 | ## Server side 10 | ```go 11 | if err := tap.CreateBridge(bridge_name); err != nil { 12 | log.Fatal("Failed to create bridge", err) 13 | } 14 | t, err := tap.CreateTap(tap_name) 15 | if err != nil { 16 | log.Fatal("Failed to create tap manager") 17 | } 18 | if err := t.AddToBridge(bridge_name); err != nil { 19 | log.Fatal("Failed to add tap to bridge", err) 20 | } 21 | conn, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%d", *port)) 22 | if err != nil { 23 | log.Fatal("Failed to dial server:", err) 24 | } 25 | defer conn.Close() 26 | 27 | for { 28 | c, err := conn.Accept() 29 | if err != nil { 30 | fmt.Printf("Failed to accept connection: %v\n", err) 31 | continue 32 | } 33 | if err := t.Relay(c); err != nil { 34 | log.Fatal("Failed to relay tap connection") 35 | } 36 | c.Close() 37 | } 38 | ``` 39 | 40 | 41 | ## Client side 42 | ```go 43 | conn, err := net.Dial("tcp", remote_server) 44 | if err != nil { 45 | log.Fatal("Failed to dial server:", err) 46 | } 47 | defer conn.Close() 48 | if err := tap.CreateBridge(bridge_name); err != nil { 49 | log.Fatal("Failed to create bridge", err) 50 | } 51 | t, err := tap.CreateTap(tap_name) 52 | if err != nil { 53 | log.Fatal("Failed to create tap manager") 54 | } 55 | if err := t.AddToBridge(bridge_name); err != nil { 56 | log.Fatal("Failed to add tap to bridge", err) 57 | } 58 | if err := t.Relay(conn); err != nil { 59 | log.Fatal("Failed to relay tap connection") 60 | } 61 | 62 | ``` 63 | -------------------------------------------------------------------------------- /ExampleVPN/network.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "math/rand" 7 | "time" 8 | "crypto/sha512" 9 | ) 10 | 11 | var ( 12 | rnd *rand.Rand 13 | ) 14 | 15 | func init() { 16 | rnd = rand.New(rand.NewSource(time.Now().UnixNano())) 17 | } 18 | 19 | type ClientHandler func(bridge string, sock net.Conn) 20 | 21 | func ListenAndServe(ipPort, auth, bridge string, ch ClientHandler) error { 22 | listener, err := net.Listen("tcp", ipPort) 23 | if err != nil { 24 | return err 25 | } 26 | 27 | for { 28 | conn, err := listener.Accept() 29 | if err != nil { 30 | fmt.Printf("Failed to accept: %s\n", err) 31 | continue 32 | } 33 | go handleNewClient(conn, bridge, auth, ch) 34 | } 35 | } 36 | 37 | func genSalt() []byte { 38 | salt := make([]byte, 16) 39 | var i int 40 | for i = 0; i < 15; i++ { 41 | salt[i] = byte((rnd.Uint32()%93)+0x21) 42 | } 43 | salt[15] = 0 44 | return salt 45 | } 46 | 47 | func handleNewClient(conn net.Conn, bridge, auth string, ch ClientHandler) { 48 | var buffer []byte 49 | 50 | salt := genSalt() 51 | /* do some shit to verify the client */ 52 | //send salt 53 | conn.Write(salt) 54 | //receive response 55 | b, err := conn.Read(buffer) 56 | if err != nil && b != 64 { 57 | conn.Close() 58 | return 59 | } 60 | 61 | //sha512 hsh (salt + auth) and compare 62 | if(!compareHash(genHash(salt, []byte(auth)), buffer)) { 63 | conn.Close() 64 | return 65 | } 66 | //inform client if its a go 67 | conn.Write([]byte("NinerNiner")) 68 | 69 | /* tell the client what their IP and subnet should be */ 70 | 71 | 72 | /* launch the handler */ 73 | //ch(bridge, conn) 74 | conn.Close() 75 | } 76 | 77 | func compareHash(a, b []byte) bool { 78 | if(len(a) != len(b)) { 79 | return false 80 | } 81 | for i := 0; i < len(a); i++ { 82 | if(a[i] != b[i]) { 83 | return false 84 | } 85 | } 86 | return true 87 | } 88 | 89 | func genHash(salt, auth []byte) []byte { 90 | hasher := sha512.New() 91 | hasher.Write(salt) 92 | hasher.Write(auth) 93 | return hasher.Sum(nil) 94 | } 95 | -------------------------------------------------------------------------------- /ExampleVPN/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "flag" 7 | "net" 8 | tap "github.com/traetox/goTunTap" 9 | ) 10 | 11 | var ( 12 | br = flag.String("br", "br0", "Bridge in charge of taps") 13 | brIP = flag.String("br-ip", "172.19.0.1", "IP to set bridge") 14 | gw = flag.String("gw", "172.19.0.1", "Gateway for network") 15 | cidr = flag.String("cidr", "172.19.0.0/24", "CIDR for network virtual network") 16 | listen = flag.String("s", ":5150", "IP Port to serve clients on") 17 | authString string 18 | nwk *net.IPNet 19 | tapNames chan string 20 | ) 21 | 22 | func init() { 23 | var err error 24 | flag.Parse() 25 | //Check all the values to ensure they are legit 26 | _, nwk, err = net.ParseCIDR(*cidr) 27 | if(err != nil) { 28 | fmt.Printf("%s is an invalid CIDR\n", *cidr) 29 | os.Exit(-1) 30 | } 31 | brip := net.ParseIP(*brIP) 32 | if(brip == nil) { 33 | fmt.Printf("%s is an invalid IP for the bridge\n", *brIP) 34 | os.Exit(-1) 35 | } 36 | gwip := net.ParseIP(*gw) 37 | if(gwip == nil) { 38 | fmt.Printf("%s is an invalid IP for the gateway\n", *gw) 39 | os.Exit(-1) 40 | } 41 | if(!nwk.Contains(gwip)) { 42 | fmt.Printf("%s is not part of the %s subnet\n", *gw, *cidr) 43 | os.Exit(-1) 44 | } 45 | if(!nwk.Contains(brip)) { 46 | fmt.Printf("WARNING: bridge IP %s is not part of the network %s\n", *brIP, cidr) 47 | 48 | } 49 | _, _, err = net.SplitHostPort(*listen) 50 | if(err != nil) { 51 | fmt.Printf("%s is an invalid listen parameter\n", *listen) 52 | os.Exit(-1) 53 | } 54 | } 55 | 56 | func main() { 57 | fmt.Printf("Enter authorization string: ") 58 | fmt.Scanf("%s", authString) 59 | err := tap.CreateBridge(*br) 60 | if(err != nil) { 61 | fmt.Printf("ERROR: %s\n", err) 62 | os.Exit(-1) 63 | } 64 | tapNames = make(chan string, 2) 65 | go tapNamer(tapNames) 66 | err = ListenAndServe(*listen, *br, authString, handleClient) 67 | if(err != nil) { 68 | fmt.Printf("ERROR starting up server: %s\n", err) 69 | os.Exit(-1) 70 | } 71 | } 72 | 73 | func handleClient(bridge string, conn net.Conn) { 74 | var tapName string 75 | if tap.CheckBridge(bridge) != nil { 76 | fmt.Printf("Bridge is down or could not be created") 77 | return 78 | } 79 | tapName = <-tapNames 80 | tuntap, err := tap.CreateTap(tapName) 81 | if err != nil { 82 | fmt.Printf("Failed to create tap: %s\n", err) 83 | return 84 | } 85 | 86 | err = tuntap.Start() 87 | if err != nil { 88 | fmt.Printf("Failed to create tap: %s\n", err) 89 | return 90 | } 91 | 92 | err = tap.AddTapToBridge(bridge, tapName) 93 | if err != nil { 94 | fmt.Printf("Failed to add %s to bridge %s\n", tapName, bridge) 95 | err = tuntap.Stop() 96 | if err != nil { 97 | fmt.Printf("Failed to destroy tap: %s\n", err) 98 | return 99 | } 100 | } 101 | 102 | for { 103 | //do some reading and writing and shit until connection breaks down 104 | } 105 | 106 | tap.RemoveTapFromBridge(bridge, tapName) 107 | if err != nil { 108 | fmt.Printf("Failed to remove %s from bridge %s\n", tapName, bridge) 109 | return 110 | } 111 | 112 | err = tuntap.Stop() 113 | if err != nil { 114 | fmt.Printf("Failed to destroy tap: %s\n", err) 115 | return 116 | } 117 | } 118 | 119 | func tapExists(tapname string) bool { 120 | fi, err := os.Stat(fmt.Sprintf("/sys/class/net/%s/", tapname)) 121 | if(err != nil) { 122 | return false 123 | } 124 | if(fi.IsDir()) { 125 | return false 126 | } 127 | return true 128 | } 129 | 130 | func tapNamer(nameChan chan string) { 131 | var tapName string 132 | i := uint32(0) 133 | for { 134 | for { 135 | tapName = fmt.Sprintf("tSrv%x", i) 136 | i++ 137 | if(tapExists(tapName)) { 138 | continue 139 | } 140 | break 141 | } 142 | nameChan <- tapName 143 | } 144 | } 145 | -------------------------------------------------------------------------------- /tap.go: -------------------------------------------------------------------------------- 1 | package goTunTap 2 | 3 | /* 4 | #include"tapUtils.h" 5 | */ 6 | import "C" 7 | import ( 8 | "os" 9 | "errors" 10 | "syscall" 11 | "sync" 12 | "io" 13 | ) 14 | 15 | type TapManager struct { 16 | sock C.int 17 | name string 18 | up bool 19 | } 20 | 21 | func CheckBridge(bridge string) error { 22 | if(C.CheckBridge(C.CString(bridge)) < 0) { 23 | return errors.New("Bridge does not exist") 24 | } 25 | return nil 26 | } 27 | 28 | func CreateBridge(name string) error { 29 | if CheckBridge(name) == nil { 30 | return nil 31 | } 32 | if(C.CreateBridge(C.CString(name)) < 0) { 33 | return errors.New("Failed to create bridge") 34 | } 35 | return nil 36 | } 37 | 38 | func DeleteBridge(name string) error { 39 | if(C.DeleteBridge(C.CString(name)) < 0) { 40 | return errors.New("Failed to delete bridge") 41 | } 42 | return nil 43 | } 44 | 45 | func AddTapToBridge(bridge, tap string) error { 46 | if(C.AddTapToBridge(C.CString(bridge), C.CString(tap)) < 0) { 47 | return errors.New("Failed to add tap to bridge") 48 | } 49 | return nil 50 | } 51 | 52 | func RemoveTapFromBridge(bridge, tap string) error { 53 | if(C.RemoveTapFromBridge(C.CString(bridge), C.CString(tap)) < 0) { 54 | return errors.New("Failed to remove tap from bridge") 55 | } 56 | return nil 57 | } 58 | 59 | func CreateTap(name string) (*TapManager, error) { 60 | tap := &TapManager{0, name, false}; 61 | if os.Geteuid() != 0 { 62 | return nil, errors.New("Must execute as ROOT") 63 | } 64 | return tap, tap.Start() 65 | } 66 | 67 | func (t *TapManager) Start() error { 68 | sock := C.StartTap(C.CString(t.name)) 69 | if sock <= 0 { 70 | return errors.New("Failed to create tap") 71 | } 72 | t.sock = sock 73 | return nil 74 | } 75 | 76 | func (t *TapManager) Stop() error { 77 | if C.StopTap(t.sock, C.CString(t.name)) != 0 { 78 | return errors.New("Failed to destroy tap") 79 | } 80 | return nil 81 | } 82 | 83 | func (t *TapManager) Read(b []byte) (int, error) { 84 | var n int 85 | var err error 86 | if t == nil { 87 | return 0, os.ErrInvalid 88 | } 89 | if len(b) > 0 { 90 | n, err = syscall.Read(int(t.sock), b) 91 | if n == 0 && err == nil { 92 | return n, io.EOF 93 | } 94 | if err != nil { 95 | return 0, err 96 | } 97 | } 98 | return n, err 99 | } 100 | 101 | 102 | func (t *TapManager) Write(b []byte) (int, error) { 103 | var n int 104 | var err error 105 | if t == nil { 106 | return 0, os.ErrInvalid 107 | } 108 | if len(b) > 0 { 109 | n, err = syscall.Write(int(t.sock), b) 110 | if n == 0 && err == nil { 111 | return n, io.EOF 112 | } 113 | if err != nil { 114 | return 0, err 115 | } 116 | } 117 | return n, err 118 | } 119 | 120 | //Relay relays data from a reader/Writer. Like a net.Conn 121 | //to and from the tap 122 | func (t* TapManager) Relay(c io.ReadWriter) error { 123 | wg := sync.WaitGroup{} 124 | wg.Add(2) 125 | 126 | //relay from outside conn to the tap 127 | go func(rdr io.Reader, wtr io.Writer, wg *sync.WaitGroup) { 128 | defer wg.Done() 129 | io.Copy(wtr, rdr) 130 | 131 | }(c, t, &wg) 132 | 133 | //relay from tap to outside 134 | go func(rdr io.Reader, wtr io.Writer, wg *sync.WaitGroup) { 135 | defer wg.Done() 136 | io.Copy(wtr, rdr) 137 | }(t, c, &wg) 138 | wg.Wait() 139 | return nil 140 | } 141 | 142 | func (t* TapManager) AddToBridge(bridge string) error { 143 | err := CheckBridge(bridge) 144 | if err != nil { 145 | if C.CreateBridge(C.CString(bridge)) != 0 { 146 | return errors.New("Failed to create bridge") 147 | } 148 | } 149 | if C.AddTapToBridge(C.CString(bridge), C.CString(t.name)) != 0 { 150 | return errors.New("Failed to add tap to bridge") 151 | } 152 | return nil 153 | } 154 | 155 | func (t* TapManager) RemoveFromBridge(bridge string) error { 156 | if C.RemoveTapFromBridge(C.CString(bridge), C.CString(t.name)) != 0 { 157 | return errors.New("Failed to add tap to bridge") 158 | } 159 | return nil 160 | } 161 | -------------------------------------------------------------------------------- /tapUtils.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | /* some manual defines because our libc is so damn old */ 15 | #ifndef SIOCBRADDBR 16 | #define SIOCBRADDBR 0x89a0 17 | #endif 18 | #ifndef SIOCBRDELBR 19 | #define SIOCBRDELBR 0x89a1 20 | #endif 21 | #ifndef SIOCBRADDIF 22 | #define SIOCBRADDIF 0x89a2 23 | #endif 24 | #ifndef SIOCBRDELIF 25 | #define SIOCBRDELIF 0x89a3 26 | #endif 27 | 28 | int setClearIfReqFlags(char* dev, int flags, int set) { 29 | struct ifreq ifr; 30 | int sock; 31 | memset(&ifr, 0, sizeof(ifr)); 32 | strncpy(ifr.ifr_name, dev, sizeof(ifr.ifr_name)); 33 | sock = socket(PF_INET, SOCK_DGRAM, 0); 34 | if(sock < 0) { 35 | return -1; 36 | } 37 | 38 | if(ioctl(sock, SIOCGIFFLAGS, &ifr) < 0) { 39 | close(sock); 40 | return -1; 41 | } 42 | 43 | if(set) { 44 | ifr.ifr_flags |= flags; 45 | } else { 46 | ifr.ifr_flags &= (~flags); 47 | } 48 | if(ioctl(sock, SIOCSIFFLAGS, &ifr) < 0) { 49 | close(sock); 50 | return -1; 51 | } 52 | close(sock); 53 | return 0; 54 | } 55 | 56 | int ifup(char *dev) { 57 | int flags = (IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST); 58 | return setClearIfReqFlags(dev, flags, 1); 59 | } 60 | 61 | int ifdown(char *dev) { 62 | int flags = (IFF_UP|IFF_RUNNING); 63 | return setClearIfReqFlags(dev, flags, 0); 64 | } 65 | 66 | int tun_alloc(char *dev) { 67 | struct ifreq ifr; 68 | int fd, err; 69 | 70 | if( (fd = open("/dev/net/tun", O_RDWR)) < 0 ) 71 | return -1; 72 | 73 | memset(&ifr, 0, sizeof(ifr)); 74 | 75 | /* Flags: IFF_TUN - TUN device (no Ethernet headers) 76 | * IFF_TAP - TAP device 77 | * 78 | * IFF_NO_PI - Do not provide packet information 79 | */ 80 | ifr.ifr_flags = IFF_TAP; 81 | if( *dev ) 82 | strncpy(ifr.ifr_name, dev, IFNAMSIZ); 83 | 84 | if( (err = ioctl(fd, TUNSETIFF, (void *) &ifr)) < 0 ){ 85 | close(fd); 86 | return err; 87 | } 88 | return fd; 89 | } 90 | 91 | int tun_dealloc(int tapfd) { 92 | int r = ioctl(tapfd, TUNSETPERSIST, 0); 93 | close(tapfd); 94 | return r; 95 | } 96 | 97 | int StartTap(char *name) { 98 | int tapfd; 99 | if((tapfd = tun_alloc(name)) <= 0) { 100 | printf("Failed to allocate tap %s\n", name); 101 | return -1; 102 | } 103 | if(ifup(name) != 0) { 104 | printf("Failed to bring up interface %s\n", name); 105 | return -1; 106 | } 107 | return tapfd; 108 | } 109 | 110 | int StopTap(int sock, char* name) { 111 | if(ifdown(name) != 0) { 112 | printf("Failed to bring down interface %s\n", name); 113 | return -1; 114 | } 115 | if(tun_dealloc(sock) != 0) { 116 | printf("Failed to dealloc tap %s\n", name); 117 | return -1; 118 | } 119 | return 0; 120 | } 121 | 122 | int CheckBridge(char* bridge) { 123 | char buff[256]; 124 | struct stat s; 125 | snprintf(buff, sizeof(buff), "/sys/class/net/%s/bridge", bridge); 126 | 127 | if(stat(buff, &s) != 0) { 128 | return -1; 129 | } 130 | if(!S_ISDIR(s.st_mode)) { 131 | return -1; 132 | } else { 133 | return ifup(bridge); 134 | } 135 | } 136 | 137 | int CreateBridge(char* bridge) { 138 | int sock = socket(AF_LOCAL, SOCK_STREAM, 0); 139 | int br = -1; 140 | if(sock <= 0) { 141 | return -1; 142 | } 143 | br = ioctl(sock, SIOCBRADDBR, bridge); 144 | close(sock); 145 | if(br < 0 ) { 146 | return -1; 147 | } 148 | return ifup(bridge); 149 | } 150 | 151 | int DeleteBridge(char* bridge) { 152 | int sock = -1; 153 | int br = -1; 154 | /* if it doesn't exist then its deleted! */ 155 | if(CheckBridge(bridge) < 0) { 156 | return 0; 157 | } 158 | 159 | sock = socket(AF_LOCAL, SOCK_STREAM, 0); 160 | if(sock <= 0) { 161 | return -1; 162 | } 163 | if(ifdown(bridge) != 0) { 164 | return -1; 165 | } 166 | br = ioctl(sock, SIOCBRDELBR, bridge); 167 | close(sock); 168 | return br < 0 ? -1 : 0; 169 | } 170 | 171 | int RemoveTapFromBridge(char* bridge, char* tap) { 172 | struct ifreq ir; 173 | int err; 174 | int sock; 175 | int ifindex = if_nametoindex(tap); 176 | if(ifindex == 0) { 177 | return -1; 178 | } 179 | 180 | if(CheckBridge(bridge) != 0) { 181 | return -1; 182 | } 183 | 184 | sock = socket(AF_LOCAL, SOCK_STREAM, 0); 185 | if(sock <= 0) { 186 | return -1; 187 | } 188 | 189 | strncpy(ir.ifr_name, bridge, IFNAMSIZ); 190 | ir.ifr_ifindex = ifindex; 191 | if(ioctl(sock, SIOCBRDELIF, &ir) < 0) { 192 | close(sock); 193 | return -1; 194 | } 195 | close(sock); 196 | return 0; 197 | } 198 | 199 | int AddTapToBridge(char* bridge, char* tap) { 200 | struct ifreq ir; 201 | int err; 202 | int sock; 203 | int ifindex = if_nametoindex(tap); 204 | if(ifindex == 0) { 205 | return -1; 206 | } 207 | 208 | if(CheckBridge(bridge) != 0) { 209 | return -1; 210 | } 211 | 212 | sock = socket(AF_LOCAL, SOCK_STREAM, 0); 213 | if(sock <= 0) { 214 | return -1; 215 | } 216 | 217 | strncpy(ir.ifr_name, bridge, IFNAMSIZ); 218 | ir.ifr_ifindex = ifindex; 219 | if(ioctl(sock, SIOCBRADDIF, &ir) < 0) { 220 | close(sock); 221 | return -1; 222 | } 223 | close(sock); 224 | return 0; 225 | } 226 | --------------------------------------------------------------------------------